GDPR Policy

GDPR Policy

Effective Date: July 3, 2026 | Last Updated: July 3, 2026

SaleZap is a product owned and operated by CodeLab Software LLP ("we", "our", or "us"). This GDPR Policy explains how we comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR when we process the personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland. It supplements our Privacy Policy.

1. Controller and Processor Roles

  • As a Controller: For personal data of our own account holders (your name, email, billing details, usage data), SaleZap acts as the data controller.
  • As a Processor: For the business data you upload and the customer conversations you manage through the platform (across WhatsApp, Instagram, Facebook and web chat), SaleZap acts as a data processor and processes that data only on your documented instructions.

2. Lawful Bases for Processing

We only process personal data where we have a lawful basis under Article 6 of the GDPR:

  • Contract: To provide the Service you have subscribed to.
  • Legitimate Interests: To operate, secure, and improve the Service, prevent fraud, and communicate about your account.
  • Consent: For optional marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation: To comply with applicable laws, tax, and accounting requirements.

3. Your Rights as a Data Subject

If you are located in the EEA, UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten") - see our Data Deletion Instructions.
  • Restrict or object to certain processing.
  • Data portability - receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email support@salezap.ai. We will respond within one month, as required by Article 12(3).

4. International Data Transfers

SaleZap operates primarily from India. Where we transfer personal data outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with supplementary technical and organisational measures.

5. Sub-processors

We engage vetted sub-processors (including hosting, payment, email and analytics providers such as AWS/DigitalOcean, Razorpay/Stripe, SendGrid, Google Analytics and PostHog) under data processing agreements that impose GDPR-consistent obligations. A current list is available on request.

6. Data Retention

We retain personal data only for as long as necessary to provide the Service and meet legal obligations. When you close your account, we delete or anonymise your personal data within a reasonable period, except where retention is required by law.

7. Data Security

We implement encryption in transit, access controls, and regular security reviews to protect personal data against unauthorised access, loss, or disclosure.

8. Contact