MITR.AI

Privacy Policy

Last Updated: June 3, 2026

At MITR.AI, we take your privacy and data security with absolute seriousness. This Privacy Policy outlines the specific mechanisms, boundaries, and security measures we employ to process, store, and safeguard data when you interact with our website, our corporate platform, or when your customers engage with our communication pipelines.

1. Scope of Data Processing

MITR.AI operates as an Adaptive Proactive Conversational AI Platform and is classified as a **Data Processor** under standard regulatory frameworks. We process customer metadata, phone numbers, email addresses, order histories, fee details, and conversational text turns strictly on behalf of, and under the explicit instructions of, our registered business clients (e.g., schools, merchants, clinics, and enterprises).

2. Information We Collect & Intercept

  • WhatsApp Metadata & Phone Numbers: To deliver real-time support tickets, automated fee notifications, and commerce carts, we parse and process the user's phone number and unique Business-Scoped User IDs (BSUID) as validated by Meta's Cloud APIs.
  • Conversational Ingestion: Chat logs, support queries, leave of absence descriptions, and voice PCM16 audio streams are ingested to train local sandboxed natural language models (APCE) for intent classification and entity slot filling.
  • Platform Administration Data: When prospective merchants register via our Embedded Signup SDK, we securely retrieve WABA ID and company registration scopes.

3. How We Use and Share Data

We strictly **do not sell, rent, or lease** customer database profiles, transaction logs, or chat turns to third parties. All data processing is strictly limited to:

  • Fulfilling automated business workflows (such as synchronizing parent payments to local ERP systems or dispatching leave exceptions to class teachers).
  • Generating transient, secure magic-link JWT tokens to establish passwordless dashboard logins.
  • Executing merchant-initiated notifications and campaigns.

4. Encryption and Storage Boundaries

All collected information is encrypted **both in transit and at rest**. Conversational databases are isolated using strict tenant-level row security constraints in our high-performance PostgreSQL servers. Real-time voice calls use direct, secure WebSockets over port 443 with zero intermediate server disk writing.

5. Your Rights and Compliance

Merchants and individual subscribers retain full rights to request the deletion or retrieval of their historical conversational transcripts and registered contact records. Such inquiries can be formally raised by contacting our data protection officer at contact@mitrai.co.in.