Privacy Policy

1. Roles

Bow Chat is operated by Bohni Tech Private Limited, Bangalore, Karnataka, India. This Privacy Policy applies to bow.chat, app.bow.chat, panel.bow.chat, panel.boni.one where used for Bow Chat/CPaaS workflows, APIs, integrations, and related services.

Bow Chat usually acts as a processor/Data Processor for customer end-user conversations, campaign recipients, datasource records, and connected-channel data that a customer controls. For Bow Chat account users, admins, website visitors, security records, billing/support records, and Boni-operated administration, we may act as controller/Data Fiduciary.

Customers act as controller/Data Fiduciary for personal data where they decide the purpose and means of processing, including campaigns, imported contacts, connected datasources, and customer-channel conversations. Customers are responsible for their own notices, consents, opt-ins, lawful basis, channel permissions, campaign compliance, and end-user rights where they decide why and how personal data is processed.

2. Personal Data We Process

Bow Chat may process account details, agent/admin details, contact identifiers, phone numbers, email addresses, channel IDs, message content, attachments, conversation notes, campaign metadata, workflow events, call or voice metadata, recordings/transcripts where enabled, datasource connection metadata, query audit logs, support requests, device/browser data, IP addresses, security logs, and backup data.

Customer-connected datasources may contain additional fields selected by the customer. Those fields should be limited to the customer's authorized purpose and governed by customer permissions, field scope, masking, and audit controls.

3. Purposes and Legal Bases

We process personal data to provide conversation management, customer support workflows, messaging channels, campaigns, automation, reporting, integrations, AI-assisted features, security, troubleshooting, billing, compliance, and customer support.

For GDPR, legal bases may include customer instructions under contract, contract performance, legitimate interests, consent, and legal obligation. For DPDP, processing may be based on consent, applicable legitimate uses, legal requirements, or customer-controlled processing instructions depending on the workflow and specified purpose.

4. Channels, Datasources, and Customer Instructions

Bow Chat may connect to WhatsApp, RCS, SMS, email, voice, social channels, customer databases, webhooks, and other systems. Customers must ensure they have the right to connect those systems and process the relevant personal data.

For customer datasource features, customers must authorize the connection and use it only for permitted segmentation, campaign, workflow, or reporting purposes. Bow Chat may record purpose, authorization references, query metadata, access logs, and security events.

Customers must not connect or submit children's data, sensitive/high-risk data, regulated data, or data obtained without required notice, consent, opt-in, or other lawful basis unless a separate written agreement and safeguards are in place.

5. AI and Automation

Bow Chat may use AI-assisted or automated workflows to classify, summarize, draft, route, translate, enrich, or analyze conversations and campaign activity.

We aim to minimize data sent to AI providers, review higher-risk features, and use vendor terms/settings that support customer data protection where available. AI output should be reviewed before use in sensitive, regulated, legal, financial, employment, healthcare, or materially customer-impacting decisions.

6. Cookies and Tracking

Essential cookies and similar technologies may be used for login, security, preferences, and service operation.

Non-essential analytics, marketing, advertising, or tracking technologies should run only after valid consent where required, with a clear reject and change-preferences path.

7. Sharing and Subprocessors

We may share personal data with cloud providers, messaging/channel providers, communications vendors, AI providers, logging/security tools, support tools, payment providers, and other service providers needed to operate Bow Chat.

We may also disclose information when required by law, to protect rights and safety, enforce terms, or complete a corporate transaction. We do not sell personal data as a standalone business.

8. International Transfers

Personal data may be processed in India and other countries where Bow Chat, customers, or service providers operate.

For GDPR-covered data, we use appropriate transfer mechanisms where required. For DPDP-covered data, we monitor Indian restrictions and rules that may apply to transfers.

9. Retention

Customer data is retained according to customer configuration, contract, product settings, legal obligations, security needs, and backup schedules.

Conversation data, attachments, campaign data, datasource query records, logs, exports, and backups may have different retention periods. When data is deleted from active systems, backups may retain copies until expiry, unless legal hold or restore/re-delete procedures apply.

Where processing is based on consent and consent is withdrawn, we will stop or help the responsible customer stop the relevant processing unless continued processing is required or authorized by law, contract, security, fraud-prevention, dispute, or other permitted grounds.

10. Security

We use technical and organizational measures designed to protect personal data, including role-based access, audit logs, encryption in transit where applicable, vendor review, secure development, incident response, and privileged-access controls.

Bow Chat is part of Boni's ISO/IEC 27001-aligned security management work; this Policy is not an ISO certification claim.

11. Your Rights

Depending on applicable law and our role, you may request access, information about processing, correction, completion, update, deletion, restriction, objection, portability, consent withdrawal, grievance review, and nomination.

For DPDP-covered data, Data Principals may contact us for processing questions, correction, erasure, grievance redressal, consent withdrawal, and nomination. If we process data on behalf of a customer, we may direct your request to that customer or help them respond.

12. Children and Updates

Bow Chat is a business communication platform and is not directed to children. Customers must not intentionally process children's personal data unless they have the required notices, consent/guardian controls where applicable, and written approval for that workflow.

We may update this Policy as Bow Chat, laws, vendors, or practices change. The latest version will be posted on this page with its effective date.

13. Contact Us

Privacy requests and grievances can be sent to: