Privacy Policy

From our clients (businesses we serve):

• Business name, contact information, and billing details
• Twilio account credentials and API keys (used solely to configure your services)
• Business knowledge base content (FAQs, product info, policies) used to train AI agents
• Communication logs and conversation histories processed through configured systems

From end users (your customers, processed on your behalf):

• Phone numbers and contact information provided during communications
• Conversation content across SMS, voice, and WhatsApp channels
• Customer profile data (preferences, history) as configured by the client
• Metadata such as timestamps, channel type, and conversation thread identifiers

From website visitors:

• Name and email address if you submit a contact form
• Usage data and analytics collected via standard web logs
• Cookies and similar tracking technologies (see Section 8)

We use the information we collect to:

• Configure, deliver, and improve our services
• Set up and train AI agents on your behalf
• Process and route communications through Twilio channels
• Maintain customer profiles as configured in your system
• Provide technical support and respond to inquiries
• Send service-related communications (invoices, updates, alerts)
• Comply with legal obligations and enforce our Terms of Service
• Analyze aggregate usage to improve our service offerings

We do not use your customer data for our own marketing purposes, and we do not sell customer data to third parties.

For clients and users in the European Economic Area (EEA) or United Kingdom, our legal bases for processing personal data include:

• Contract performance: Processing necessary to deliver the services outlined in your Service Agreement.
• Legitimate interests: Operating and improving our business, preventing fraud, and ensuring security.
• Legal obligation: Complying with applicable laws and regulations.
• Consent: Where you have provided explicit consent, such as for marketing communications.

We share information only in the following circumstances:

• Twilio:All communication data flows through Twilio's platform per your configured workflows. Twilio processes data as a sub-processor under their own privacy policy.
• AI/LLM providers: Conversation content may be processed by AI model providers (such as OpenAI or Anthropic) to generate agent responses. We enter into data processing agreements with these providers.
• Service providers: We work with vetted vendors for hosting, analytics, and business operations who are bound by confidentiality agreements.
• Legal requirements: We may disclose information when required by law, subpoena, or government request, or to protect the rights, property, or safety of Lakaar, our clients, or others.
• Business transfers: In connection with a merger, acquisition, or sale of assets, data may be transferred to the successor entity.

We do not sell, rent, or trade personal information to third parties for their own marketing purposes.

We retain client and configuration data for the duration of our engagement plus a reasonable period thereafter (typically one year) to handle any post-termination support needs, unless a shorter period is required by law or requested in writing.

Conversation logs and customer profile data are retained according to the configuration of your specific system and the retention policy set in your Service Agreement. Clients may request deletion of data at any time within the scope of applicable law.

We implement industry-standard technical and organizational measures to protect information against unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS) and at rest
• Access controls limiting data access to authorized personnel only
• Regular security reviews of our configurations and integrations
• Secure handling of API credentials and secrets

While we take reasonable precautions, no security system is impenetrable. In the event of a data breach that affects your data, we will notify you as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that inaccurate data be corrected.
• Deletion: Request deletion of your personal data, subject to our legal retention obligations.
• Portability: Request your data in a structured, machine-readable format.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Opt-out of sale: We do not sell personal data, so this right does not apply; however, California residents may contact us to confirm this.

To exercise any of these rights, please contact us at privacy@lakaar.ai. We will respond within thirty (30) days.

Our website uses cookies and similar technologies to enhance your browsing experience and understand how visitors use our site. We use:

• Essential cookies: Necessary for the site to function correctly.
• Analytics cookies: To understand traffic patterns and improve our content (e.g., via privacy-respecting analytics tools).

You may disable cookies through your browser settings, though this may affect site functionality.

Lakaar configures messaging systems on behalf of clients. Clients are solely responsible for ensuring that communications sent through these systems comply with:

• The Telephone Consumer Protection Act (TCPA)
• The CAN-SPAM Act
• CTIA messaging guidelines
• A2P 10DLC registration requirements
• Any other applicable local, state, or federal regulations

Lakaar assists with compliance tooling setup (e.g., Trust Hub, A2P registration) but does not provide legal advice. Clients should consult legal counsel for specific compliance questions.

Our services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

Our services may involve transferring data across international borders, including to the United States. When transferring data from the EEA or UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as required by applicable law.

We may update this Privacy Policy periodically. We will notify clients of material changes via email at least thirty (30) days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of our services after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team: