Privacy Policy

Last Updated: April 6, 2026

Preamble

GetRespondly.ai ("Respondly," "we," "our," or "us") is an AI-powered product operated & built by ScaleupAlly. We provide AI-powered inbound enquiry management solutions to businesses globally.

We are committed to protecting the privacy, confidentiality, and security of personal data entrusted to us by our users, customers, and their end users.

This Privacy Policy describes our practices regarding the collection, use, storage, transfer, and disclosure of personal data. It is designed to meet the standards of applicable global data protection frameworks.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy.

1. Applicability and Scope

This Privacy Policy ("Policy") governs the collection, use, storage, processing, disclosure, and transfer of personal data by GetRespondly.ai ("Respondly," "Company," "we," "our," or "us"), an AI-powered inbound enquiry management product operated by ScaleupAlly. This Policy applies to all individuals who access or interact with our website located at https://getrespondly.ai ("Website"), engage with our product or services, or whose personal data is processed by us in the course of providing services to our customers.

This Policy is intended to comply with the requirements of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), and is additionally aligned with the principles of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and the California Consumer Privacy Act, 2018, as amended by the California Privacy Rights Act, 2020 ("CCPA/CPRA"), to the extent applicable.

Continued access to or use of our Website or product following the publication of this Policy constitutes your acknowledgement of and agreement to its terms.

2. Definitions

For the purposes of this Policy, the following terms shall have the meanings ascribed to them below:

"Personal Data" means any information that relates to an identified or identifiable natural person, including data that, when combined with other information, can reasonably be used to identify such a person.

"Data Principal" shall have the meaning ascribed to it under the DPDP Act, 2023, referring to the natural person to whom the personal data relates.

"Data Subject" shall have the meaning ascribed to it under the GDPR, referring to an identified or identifiable natural person whose personal data is processed.

"Data Fiduciary" shall have the meaning ascribed to it under the DPDP Act, 2023, referring to the entity that determines the purpose and means of processing personal data.

"Data Controller" shall have the meaning ascribed to it under the GDPR, referring to the entity that determines the purposes and means of processing personal data.

"Data Processor" means an entity that processes personal data on behalf of a Data Controller or Data Fiduciary, pursuant to their instructions.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.

"Sensitive Personal Data" means categories of personal data accorded heightened protection under applicable law, including but not limited to data pertaining to health, biometric identifiers, financial information, religious or political beliefs, caste, or sexual orientation.

"Consent" means a freely given, specific, informed, and unambiguous indication of agreement by a Data Principal or Data Subject to the processing of their personal data for a specified purpose.

"Customer" means any business entity or individual that accesses or uses the Respondly product pursuant to an agreed set of terms.

"End User" means any natural person whose personal data is collected, received, or otherwise processed through the Respondly product in the course of a Customer's use thereof.

3. Roles and Legal Responsibilities

3.1 Respondly as Data Processor

In circumstances where Respondly processes personal data on behalf of a Customer including but not limited to the processing of inbound communications, enquiry data, and integrated third-party data, Respondly acts solely in the capacity of a Data Processor under the GDPR and in an equivalent intermediary capacity under the DPDP Act. In such circumstances, the Customer constitutes the Data Controller / Data Fiduciary and bears primary responsibility for the lawfulness of the processing, the validity of any consent obtained from End Users, and compliance with applicable data protection obligations.

Respondly shall process such personal data strictly in accordance with the documented instructions of the Customer and shall not process such data for any purpose inconsistent with those instructions, save where required to do so by applicable law.

3.2 Respondly as Data Controller / Data Fiduciary

In circumstances where Respondly processes personal data for its own operational purposes including the management of customer accounts, delivery of marketing communications, product analytics, and internal business operations, Respondly acts as the Data Controller / Data Fiduciary and assumes full responsibility for ensuring that such processing is lawful, fair, and transparent.

4. Personal Data We Collect

4.1 Data Provided Voluntarily

Respondly collects personal data that individuals provide directly, including full name, email address, telephone number, company name, job title, and business address. Such data may be submitted through demo requests, contact forms, support interactions, or direct communications with our team.

4.2 Data Collected Automatically

Upon interaction with our Website, certain data is collected automatically through cookies, server logs, and similar technologies. This includes Internet Protocol (IP) addresses, approximate geolocation at the country or city level, browser type and version, operating system, pages accessed, session duration, clickstream behaviour, and device identifiers.

4.3 Data Processed on Behalf of Customers

In the course of providing our product to Customers, Respondly processes personal data submitted to or received through the product, including inbound email communications, enquiry messages originating from third-party sources such as CRM platforms, advertising integrations and web forms, file attachments, and associated metadata. Such processing is carried out solely on behalf of and pursuant to the instructions of the relevant Customer.

4.4 Sensitive Personal Data

Respondly does not intentionally solicit Sensitive Personal Data through its Website. However, in the course of setting up and training a Customer's AI Agent, Respondly may receive personal data, including data that may be of a sensitive nature, originating from the Customer's own systems and records. Additionally, where a Customer directs Respondly to integrate with external platforms such as customer relationship management systems or other third-party tools, personal data from such platforms may be transmitted to and processed by Respondly as part of that integration.

Any personal data received in the foregoing circumstances is processed solely for the purpose of configuring, training, and operating the AI Agent on behalf of the relevant Customer. Such data is not used for any other purpose, is not shared with any other Customer, and is not used to train any generalised or shared artificial intelligence model. The Customer bears responsibility for ensuring that any data submitted for AI Agent training purposes, including data originating from integrated third-party systems, has been collected and shared in compliance with applicable data protection law and with any necessary consents or authorisations in place.

5. Purposes and Legal Bases for Processing

5.1 General and GDPR Bases

Respondly processes personal data for the following purposes and on the following legal bases:

The provision, operation, and maintenance of our product and Website constitutes processing necessary for the performance of a contract or for the taking of pre-contractual steps at the request of the data subject. The management of customer accounts and the delivery of customer support are similarly grounded in contractual necessity. Processing for the purposes of product improvement, internal analytics, security monitoring, fraud prevention, and the protection of legitimate business interests is carried out on the basis of legitimate interests pursued by Respondly, provided such interests are not overridden by the fundamental rights and freedoms of the data subject. The delivery of marketing communications is carried out on the basis of consent where required, or legitimate interests where a prior relationship exists. Processing required for compliance with a legal obligation is carried out accordingly.

5.2 India - DPDP Act, 2023

In respect of Data Principals located in India, Respondly processes personal data on the basis of consent obtained through a clear and affirmative act prior to processing, and on the basis of legitimate uses as enumerated under Section 7 of the DPDP Act, 2023, including processing necessary for the performance of a contract to which the Data Principal is a party and processing required for compliance with applicable law.

5.3 California - CCPA/CPRA

Respondly does not sell personal information as that term is defined under the CCPA/CPRA, nor does it share personal information for cross-context behavioural advertising without providing the right to opt out. California residents are entitled to exercise the rights enumerated in Section 10.3 of this Policy.

5.4 Use of Data for Service Improvement and AI Development

ScaleupAlly may use data processed through the Respondly product to better its services, improve product functionality, and develop and enhance its artificial intelligence models and capabilities. The specific categories of data used for such purposes, and the legal basis and mechanisms governing such use, will be determined and communicated to Customers prior to any such processing taking effect. This Policy will be updated accordingly to reflect those details at the appropriate time.

6. Artificial Intelligence and Automated Processing

Respondly's product employs artificial intelligence and automated processing technologies to analyse inbound communications, generate or suggest response content, classify and prioritise enquiries, and detect anomalous activity. The following commitments govern such processing:

Respondly shall not use personal data submitted by or on behalf of Customers to train generalised artificial intelligence models or any foundation model, except where the Customer has provided explicit written consent to such use. AI-generated outputs are subject to configuration and control by the Customer. Respondly does not make decisions that produce legal effects or similarly significant consequences with respect to individuals solely by automated means, without providing a mechanism for human review. All third-party providers of artificial intelligence services engaged by Respondly are subject to contractual obligations that prohibit the use of Customer data for such providers' own model training or product development purposes.

7. Cookies and Tracking Technologies

Respondly uses cookies and similar tracking technologies on its Website for purposes including platform functionality and session authentication, measurement of website traffic and user behaviour, and improvement of user experience. Cookies that are not strictly necessary for the operation of the Website are deployed only upon the receipt of valid consent from the user. Users may withdraw or modify their cookie preferences at any time through their browser settings. Withdrawal of consent for non-essential cookies shall not affect the functionality of the core Website.

8. Disclosure and Sharing of Personal Data

8.1 No Sale of Personal Data

Respondly does not sell, rent, lease, or otherwise transfer personal data to third parties for commercial consideration.

8.2 Disclosure to Service Providers

Respondly may disclose personal data to third-party service providers engaged to support the operation of our product and Website, including providers of cloud infrastructure and hosting services, analytics and performance monitoring tools, email delivery and communication platforms, and artificial intelligence processing services. All such service providers are engaged pursuant to contractual terms that impose obligations of confidentiality and data protection commensurate with those assumed by Respondly under this Policy.

8.3 Disclosure Required by Law

Respondly may disclose personal data to governmental authorities, regulatory bodies, or law enforcement agencies where such disclosure is required by applicable law, court order, or legally binding governmental request, or where necessary to protect the rights, property, or safety of Respondly, its Customers, or the public.

8.4 Business Reorganisation

In the event of a merger, acquisition, restructuring, or disposal of all or a material part of Respondly's business or assets, personal data held by Respondly may be transferred to the acquiring or successor entity, subject to that entity assuming obligations of data protection no less stringent than those set out in this Policy. Affected individuals will be notified of such transfer to the extent required by applicable law.

9. International Transfers of Personal Data

Respondly operates with infrastructure and service providers that may be located in jurisdictions outside India or the user's country of residence. Personal data may accordingly be transferred to, stored in, or processed in such jurisdictions. Respondly ensures that all cross-border transfers of personal data are subject to appropriate safeguards, including standard contractual clauses as approved by competent authorities, contractual data protection obligations imposed on recipient entities, and the application of appropriate technical security measures during transit and storage. In respect of transfers of personal data of Indian Data Principals, Respondly complies with the cross-border transfer provisions of the DPDP Act, 2023, as and when such provisions are brought into force by the Government of India.

10. Rights of Data Principals and Data Subjects

10.1 Rights Under the DPDP Act, 2023 (India)

Data Principals located in India are entitled to the following rights in respect of their personal data processed by Respondly: the right to obtain information regarding the personal data held and the manner of its processing; the right to request correction, completion, or updating of inaccurate or incomplete personal data; the right to request erasure of personal data where the purpose for which it was collected has been fulfilled or consent has been withdrawn; the right to withdraw consent to processing at any time, without affecting the lawfulness of processing prior to withdrawal; the right to nominate another individual to exercise these rights on their behalf in the event of death or incapacity; and the right to lodge a grievance with Respondly or, where applicable, with the Data Protection Board of India.

10.2 Rights Under the GDPR (EEA and UK)

Data Subjects located in the European Economic Area or the United Kingdom are entitled to the following rights: the right of access to their personal data and to information regarding its processing; the right to rectification of inaccurate or incomplete data; the right to erasure of personal data in circumstances prescribed by the GDPR; the right to restriction of processing in circumstances prescribed by the GDPR; the right to data portability in a structured, commonly used, and machine-readable format; the right to object to processing carried out on the basis of legitimate interests or for direct marketing purposes; and the right to lodge a complaint with the competent data protection supervisory authority in their jurisdiction.

10.3 Rights Under the CCPA/CPRA (California)

California residents are entitled to the following rights: the right to know the categories and specific pieces of personal information collected, the purposes for which it is used, and the categories of third parties with whom it is shared; the right to request deletion of personal information, subject to applicable exceptions; the right to request correction of inaccurate personal information; the right to opt out of the sale or sharing of personal information, including sharing for cross-context behavioural advertising; and the right to non-discriminatory treatment in connection with the exercise of any of the foregoing rights.

10.4 Procedure for Exercising Rights

Requests to exercise any of the rights set out in this Section 10 should be submitted in writing to hello@getrespondly.ai, accompanied by sufficient information to enable Respondly to verify the identity of the requestor. Respondly shall respond to all valid requests within the period prescribed by applicable law. Where Respondly processes personal data solely in its capacity as Data Processor, requests from End Users shall be directed to the relevant Customer, who shall engage Respondly as necessary to fulfil such requests.

11. Data Security

Respondly implements reasonable and appropriate technical and organisational measures designed to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. Notwithstanding the foregoing, no method of electronic transmission or storage is entirely secure, and Respondly does not warrant or guarantee the absolute security of personal data. In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, Respondly shall notify the relevant supervisory authority and, where required, the affected individuals, in accordance with the timeframes and procedures prescribed by applicable law.

12. Retention of Personal Data

Respondly retains personal data for no longer than is necessary for the purposes for which it was collected, or as required by applicable law. Personal data processed on behalf of Customers is retained in accordance with the instructions of the relevant Customer. Upon expiry of the applicable retention period, personal data is securely deleted or rendered permanently anonymous such that it can no longer be attributed to an identifiable individual. Anonymised data may be retained indefinitely for statistical, research, or operational purposes and falls outside the scope of this Policy.

13. Children's Privacy

The Respondly product is intended exclusively for use by business entities and adult individuals. Respondly does not knowingly collect, solicit, or process personal data from individuals below the age of eighteen (18) years. Respondly does not have direct visibility into the identity or characteristics of a Customer's end buyers or the individuals with whom a Customer interacts through the product. Respondly relies entirely on the Customer to disclose any information that may be relevant to the lawful use of the product, including information regarding the nature of their end user base. Customers are accordingly responsible for ensuring that their use of the product does not involve the processing of personal data of minors without appropriate legal authorisation.

In the event that Respondly becomes aware that personal data of a minor has been collected without appropriate authorisation, Respondly shall take prompt steps to delete such data. Respondly does not engage in any activity that violates applicable law, and any use of the product in a manner that facilitates unlawful processing of personal data is strictly prohibited. Individuals who have reason to believe that a minor's personal data has been submitted to Respondly are requested to contact us at hello@getrespondly.ai.

14. Third-Party Services and Integrations

The Respondly product may, at the direction of a Customer, integrate with third-party platforms, tools, and services including but not limited to customer relationship management systems, advertising platforms, and communication tools. Respondly is not responsible for, and makes no representations regarding, the data collection, use, or security practices of any such third party. Customers and End Users are advised to review the privacy policies of any third-party service with which they interact independently of Respondly.

15. Amendments to This Policy

Respondly reserves the right to amend this Policy at any time to reflect changes in applicable law, regulatory guidance, or our data processing practices. The revised Policy will be published on our Website with an updated effective date. Where amendments are material in nature, Respondly will endeavour to provide reasonable advance notice to registered Customers. Continued use of our Website or product following the publication of an amended Policy shall constitute acceptance of the revised terms.

16. Contact and Grievance

All enquiries, complaints, or requests relating to this Policy or to the processing of personal data by Respondly should be directed to:

Privacy Contact: hello@getrespondly.ai | Company: ScaleupAlly

Respondly is committed to addressing all legitimate privacy concerns promptly and in accordance with its obligations under applicable law.