Privacy policy.

fursat OS is operated by Fursat Farms Private Limited, a company incorporated in India and registered at Siliguri, West Bengal. CIN U55101WB2023PTC266520. GSTIN 19AAFCF7211E1ZU. We are the data fiduciary for personal data of our direct users (chain admins and operators). For guest data flowing through the platform on behalf of a chain customer, we act as the data processor; the chain is the data fiduciary.

Contact for any privacy question or DPDP request: hi@fursat.fun. Our named grievance officer and the response window required under DPDP §13 are in Section 8 below.

Account data: name, email, phone, employer (hospitality chain), authentication identifiers from our sign-in provider, and the role you hold in your organization.

Property and inventory data: property names, room types, rates, photos, amenities, FAQs, descriptions, third-party listing identifiers (Google Place ID, OTA property IDs, social page handles), and content you choose to publish to those platforms.

Operational data passing through: inbound and outbound WhatsApp messages, voice call audio and transcripts, email content (when email channels are connected), reviews and replies (when review sources are connected), and the metadata around these (timestamps, guest phone, channel of origin, sentiment tags, AI-suggested drafts).

Billing data: the payment-method tokens that our payment processors return to us. We never see your full card number or UPI VPA in plain form.

Operational telemetry: server-side request logs, error traces, and aggregate usage counters. We do not rely on third-party advertising trackers.

To deliver the platform: route messages and calls, generate AI drafts, push availability to OTAs, materialize prices, surface reviews.

To bill you and meet our tax obligations: GST invoicing, payment mandate management.

To support you: respond to questions, investigate incidents, fix bugs.

To improve the product: anonymous or aggregated analytics. We do not train AI models on your tenant data without an explicit, written opt-in.

Primary application data sits in our database in Mumbai (ap-south-1). The application itself runs on infrastructure pinned to the Mumbai (bom1) region. Some sub-processor categories listed below operate from outside India (notably voice AI, AI language models, and authentication). Where data leaves India, we rely on contractual safeguards and the cross-border transfer mechanism permitted under the DPDP Act.

We use a small set of vetted third parties to run fursat OS, disclosed here by category and region. The list is current as of the effective date and will be updated as we add or remove vendors.

The named vendor list is available to customers and prospective customers: sign in to view it at /legal/subprocessors, or write to hi@fursat.fun and we will share it for your diligence. Customers with a signed data processing agreement receive advance notice when a vendor is added.

Voice call recordings: ninety days, then automatic deletion, unless you ask us to retain longer or shorter.

WhatsApp / email / review threads: kept for the life of your subscription so your team has history. On termination, exported and deleted within thirty days unless retention is required by law.

GST and billing records: as required under Indian tax law (currently eight years from the end of the financial year).

CCTV event clips (Stage F, when enabled): thirty days by default, configurable per chain within DPDP-compliant limits. Ambient frames never leave the property; only event clips are uploaded.

If you are a user of fursat OS, the DPDP Act gives you the right to:

• Access the personal data we hold about you and a summary of how we have used it.
• Correct, complete, or update inaccurate data.
• Withdraw consent for processing that relies on consent. Withdrawal will not affect lawfulness of processing before withdrawal.
• Request erasure of your personal data, subject to legal retention obligations such as GST records. We will action erasure within seven days unless legally required to retain.
• Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
• Lodge a grievance with our Grievance Officer (Section 8), and if unresolved, escalate to the Data Protection Board of India.

To exercise any of these rights, write to hi@fursat.funwith subject "DPDP Request". To help us identify you in our records, include your registered email, mobile number, or chain account name plus a brief description of the request. We will acknowledge within seven working days.

If you are a guest of one of our chain customers, the chain is the data fiduciary. Send your request to them. We will support the chain in fulfilling it.

We have appointed a named grievance officer who is the single point of contact for any complaint about how your personal data is handled by fursat OS.

Grievance Officer: Yogesh Bansal · hi@fursat.fun · WhatsApp +91 79084 38456.

We will acknowledge any grievance within seven working days and resolve it within thirty days, as required by DPDP §13. If you are not satisfied with the resolution, you can escalate to the Data Protection Board of India.

We encrypt data in transit (TLS 1.2+) and at rest. We isolate every chain's data behind a tenant-scope guard that fails closed on missing context. We rotate secrets, restrict admin access to a minimum set of authorized engineers, log privileged actions, and conduct regular dependency audits. No system is perfect; in the event of a personal data breach affecting your data we will notify you and the Data Protection Board of India within seventy-two hours, as DPDP §8(6) requires.

We use a small number of first-party cookies for authentication and to remember your sidebar preference. We do not use third-party advertising cookies. If we ever add analytics that involves third-party trackers, we will surface a consent banner and update this policy first.

AI features (voice answering, message parsing, review drafting, vision events, pricing suggestions) call the AI sub-processors categorized in Section 5 and named in the customer-facing list. Inputs are sent to the provider for the duration of the call and are subject to that provider's zero-retention or enterprise-retention terms, which we negotiate where available.

We do not use your tenant data to train third-party AI models. We do not permit our sub-processors to use it to train their models without an explicit opt-in from you.

When you connect a Google account to fursat OS, we request only the access needed for the feature you are enabling. Today that is Google Business Profile (scope business.manage), used to read the reviews on the locations you manage and to publish the replies you approve. Where the Gmail connector is enabled, we additionally request read and send access (gmail.readonly, gmail.send) solely to surface guest email in your inbox and to send the replies you author.

fursat OS's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we do not transfer or sell Google user data to third parties for advertising, credit, or any unrelated purpose; we do not use it to train generalized AI models; and no human reads it except where you give consent for support, where it is necessary for security or to comply with applicable law, or where the data has been aggregated and anonymized. We retain Google user data only for as long as the connection is active, and delete it within thirty days of you disconnecting the integration or terminating your subscription.

fursat OS is not intended for use by children. Where a chain customer's guest record relates to a minor, the chain remains responsible for ensuring appropriate consent from parents or guardians as required by DPDP.

We will post changes here. For material changes, we will notify the primary admin on each chain account and the user's registered email address. Continued use after the change date constitutes acceptance.