Back to Aria

Privacy Policy

Last updated: 11 February 2026

This Privacy Policy describes how GenLeadAI ("we", "us", "Aria") collects, uses, stores, and shares personal data when you use the Aria platform (app.genleadai.com).

1. Who we are

GenLeadAI operates Aria, an AI-powered WhatsApp Sales PA. We are the Data Processor for personal data uploaded by our customers (workspaces) and the Data Fiduciary for account-holder information you provide to register and use the platform.

2. Data we collect

  • Account data: name, email, password (hashed), workspace name.
  • Lead data uploaded by your workspace: names, phone numbers, email, conversation transcripts, opt-in records.
  • Usage data: IP address, browser type, timestamps of actions.
  • Billing data: processed via Stripe; we never store full card details.

3. How we use your data

  • Operate the Aria platform and deliver contracted services.
  • Send transactional emails (login, password reset, invoices).
  • Improve product reliability and performance.
  • Comply with applicable legal obligations.

4. Lawful basis (DPDP Act 2023)

We process personal data under the lawful bases of contract performance (delivering Aria to you), legitimate interest (security, fraud prevention), and consent (marketing, analytics).

5. Your rights as a Data Principal

  • Right to access, correct or update your data.
  • Right to erasure (delete your account and all associated data).
  • Right to nominate (designate another individual to exercise rights on your behalf).
  • Right to grievance redressal — email meghaagarwal@genleadai.com.

6. Data storage and security

Lead data is stored in encrypted-at-rest MongoDB clusters. All third-party API keys (360dialog, CRM tokens, Stripe) are encrypted with Fernet keys stored separately. We use HTTPS for all traffic, rate limiting on authentication, audit logging for sensitive actions, and DPDP-compliant deletion endpoints.

7. Sub-processors

  • Anthropic Claude — natural language understanding (no data retention beyond the API call).
  • 360dialog — WhatsApp message delivery.
  • Stripe — payment processing.
  • Resend — transactional email.
  • MongoDB Atlas — primary database hosting.

8. Retention

Conversation message content is retained for 365 days. Classification logs for 180 days. API usage logs for 90 days. Resolved failed-message logs for 30 days. Workspace data on the whole is retained for the lifetime of your subscription, plus 30 days after cancellation, after which it is fully deleted.

9. International transfers

Data is primarily processed in India and the EU. Some sub-processors (e.g. Anthropic, Stripe) operate in the United States — adequate contractual safeguards are in place.

10. Contact

Grievance Officer: Megha Agarwal · meghaagarwal@genleadai.com. We will respond within 30 days of receiving a request.

Powered by Aria · GenLeadAI · meghaagarwal@genleadai.com