1. About this policy
This Privacy Policy explains how Barium In. (“Barium,” “we,” “us,” “our”) collects, uses, and shares information when you (or your business) use Babot — our WhatsApp AI receptionist — and the related services we provide through this website at babot.barium.in.
Two groups of people are covered by this policy:
- Subscribers — business owners and their staff who purchase a Babot subscription, set it up, and manage it through our website or admin tools.
- End-users — customers of those businesses who interact with Babot by sending messages on WhatsApp.
If you’re a subscriber, you’re our direct customer and you accept this policy when you sign up. If you’re an end-user, the subscriber (the business you’re messaging) is the controller of your relationship with their AI receptionist; Barium processes your messages on their behalf and handles them as described here.
2. Who we are
Barium In. is a company based in India. Babot is one of our products.
Contact: support@barium.in
Grievance Officer: Satvikk Nischal — reachable at support@barium.in
If you have a question, complaint, or want to exercise a right under Indian data-protection law (the Digital Personal Data Protection Act, 2023), please reach out at the contact above. We’ll respond within 30 days.
3. What data we collect
From subscribers
When you sign up for Babot, we collect:
- Business identity: your business name, type (spa, salon, clinic, etc.), city, website (if you have one).
- Owner / contact details: your name, email, phone number.
- WhatsApp Business number: the number Babot will run on.
- Services and pricing: the catalog Babot reads from to answer customer questions.
- Operational context: opening hours, days closed, languages your customers commonly speak, escalation contact for difficult chats.
- Brand voice preferences: how you want Babot to sound when it represents you.
- Premium-tier subscribers only: calendar email address for booking integration, appointment durations, cancellation policy.
- Payment information: handled by our payment processor (Razorpay). We never see or store your full card or bank-account details.
From end-users (your customers)
When an end-user sends a message to a business using Babot, we process:
- Their WhatsApp phone number.
- The contents of their messages and the replies Babot sends back.
- Booking details if the conversation leads to an appointment.
- Conversation history, stored so Babot can remember context and the business owner can review past chats.
Automatically, from the website
- Basic request logs (IP address, browser, pages visited, timestamps) — used for security and performance.
- We don’t use third-party advertising or behavioural-analytics cookies.
4. How we use this data
We use the data we collect to:
- Run the Babot service — answer customer messages, book appointments, send reminders, escalate to your staff when needed.
- Configure Babot’s responses to your specific catalog, prices, hours, and tone. Configuration is per-business; we don’t pool customer data to train shared models.
- Send you account-related emails (receipts, renewal notices, service updates, security notices).
- Provide customer support and respond to your requests.
- Improve our product — track aggregate, anonymised usage to find bugs and prioritise features.
- Comply with legal obligations — tax, accounting, lawful requests from authorities.
We do not:
- Sell your data or end-users’ data to anyone.
- Use end-user messages to train external AI models or share them with third parties for marketing.
- Use your business data to compete with you.
5. The legal grounds we rely on
Under the Digital Personal Data Protection Act, 2023, we process personal data on the following bases:
- Your consent — given when you sign up and accept this policy.
- To perform our contract with you — running Babot is the service you’re paying for.
- Our legitimate interests — securing the service, preventing fraud, improving the product, where these don’t override your rights.
- Legal obligations — tax records, response to lawful authority requests.
End-users’ messages are processed on behalf of the subscriber (the business they’re messaging), under the subscriber’s lawful basis for communicating with their customers.
6. Who we share data with
We use a small number of third-party services to run Babot. Each has its own privacy policy.
| Service | Purpose | What they receive |
|---|---|---|
| Meta (WhatsApp Business Platform) | Messaging delivery and the WhatsApp Business API | Phone numbers, message contents, delivery metadata |
| OpenAI, Anthropic (routed via LiteLLM) | AI model inference for generating responses | The text of the conversation being processed, plus your business’s configured context |
| Google (Calendar, Sheets) | Calendar booking (Premium) and services catalog reading | Calendar event details, catalog content — only with your explicit setup |
| Razorpay | Payment processing | Your payment-related contact details and transaction amounts. Razorpay handles card and bank data directly under their own terms. |
| Zoho | Onboarding form submission, support email, CRM | Information you submit to our onboarding form |
| Cloudflare | Website hosting and edge functions | Request logs, IP addresses |
| Chatwoot | Conversation inbox for your business | Conversation history, contact data |
If you’d like the latest list of sub-processors and links to their privacy notices, email us — we keep this updated.
We may also share information if compelled by lawful authority, court order, or to investigate fraud or abuse. We will tell you when we’re legally permitted to do so.
7. Where your data lives
Babot runs primarily on infrastructure in India, with some sub-processors (notably Meta, OpenAI, Anthropic, Google, Cloudflare) operating internationally. By using Babot you accept that your data may be transferred to and processed in countries outside India. We select sub-processors with industry-standard data-protection commitments.
8. How long we keep things
| Data | Retention |
|---|---|
| Active subscription account data | While your subscription is active |
| Conversation history (your customers’ chats with Babot) | While subscription is active + 90 days after cancellation, then deleted |
| Billing records | 7 years (Indian tax law requirement) |
| Marketing form submissions / Enterprise inquiries | 24 months from last interaction |
| Website request logs | 90 days |
If you ask us to delete your account, we’ll do so within 30 days, except for data we’re legally required to keep (e.g., billing records).
9. Security
We take security seriously, but no system is perfectly secure. We use:
- HTTPS for all website traffic.
- Encrypted connections to all sub-processors.
- HMAC-signed cookies for authentication.
- bcrypt-hashed passwords for proposal access.
- Access controls and audit logging on our infrastructure.
If we ever discover a data breach affecting your information, we’ll tell you within 72 hours of confirming the incident, as required by Indian law.
10. Your rights
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Be informed about what data we process about you.
- Access the data we hold.
- Correct inaccurate data.
- Have your data erased when it’s no longer needed.
- Nominate someone to exercise your rights in case of incapacity or death.
- Lodge a grievance with our Grievance Officer (Section 2) and, if unresolved, with the Data Protection Board of India.
To exercise any of these rights, email support@barium.in. We’ll verify your identity and respond within 30 days.
If you’re an end-user (a customer messaging a business that uses Babot), your direct relationship is with that business. We’ll help that business respond to your request, but the business is the controller of your data.
11. Cookies
We use minimal cookies, only for functional purposes:
- Auth session cookie (
babot_auth_*) — on proposal pages, to remember that you’ve successfully entered the password. Expires after 30 days. - That’s it. No advertising cookies, no third-party behavioural-analytics cookies.
We may add a privacy-friendly analytics tool in the future (one that doesn’t use cookies and doesn’t collect personal data). If we do, we’ll update this section.
12. Children
Babot is built for businesses. We don’t market to anyone under 18 and we don’t knowingly collect data from children. If you believe a child has provided personal information through our service, contact us and we’ll delete it.
13. Changes to this policy
We may update this policy as our service evolves. For material changes, we’ll email registered subscribers and post a notice on this page at least 14 days before the change takes effect. The “Last updated” date at the top of this page always reflects the most recent revision.
14. Contact
For privacy questions, data requests, or complaints:
Grievance Officer: Satvikk Nischal
Email: support@barium.in
General contact: info@barium.in
Postal: Barium In., India