Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how Tovak ("Tovak", "we", "us", or "our") collects, uses, shares, and protects information when you and your team use our WhatsApp-native manufacturing operations service (the "Service"). We built Tovak for Indian manufacturing businesses, and we handle your data with that responsibility in mind.

Tovak, having its registered office at 6/1, S Street, Shanthinagar, Bangalore 560027, Karnataka, India. For any privacy-related question, write to us at info@tovak.in.

1. Scope of this policy

This policy applies to information we process when a manufacturing business (a "Customer") subscribes to Tovak, and when that Customer's team members, their buyers, and suppliers interact with the Service over WhatsApp or through our web dashboard. It also covers visitors to our website at tovak.in.

For most of the operational data flowing through Tovak (orders, invoices, payment records, and the contact details of a factory's buyers and suppliers), the Customer is the data fiduciary (controller) and Tovak acts as a data processor, handling that data on the Customer's instructions under our service agreement. For account, billing, and website data, we act as the data fiduciary.

2. Information we collect

a. Information you give us

Account and business details: business name, contact person, role, phone number, email address, GSTIN, billing address, and bank or payment reference details used for invoicing.
Onboarding configuration: your product catalog, production stages, team structure, WhatsApp group setup, and pricing or terminology specific to your factory.
Audit information: details you share with us during a Factory Operations Audit or demo.

b. Information generated through use of the Service

WhatsApp messages and content: order messages, confirmations, voice notes, images of registers or documents, and other content sent to or from the Tovak WhatsApp number, including messages in Hindi, Hinglish, and other Indian languages.
Operational records: sales orders, production stage updates, dispatch records, GST invoices, payment status, and payment reminders.
Buyer and supplier contact data: the names and phone numbers of your buyers and suppliers, which we process so that confirmations, dispatch notifications, and reminders can be sent on your behalf.

c. Information collected automatically

Usage and device data: log data, IP address, browser type, pages viewed in the dashboard, and timestamps, used to keep the Service secure and reliable.
Cookies and similar technologies: used in the web dashboard to keep you signed in and to remember preferences. We do not use advertising trackers.

3. How we use information

We use information to:

capture orders from WhatsApp, interpret them (including through automated "smart memory" that recognises repeat orders), and create structured records;
generate GST invoices and prepare Tally-compatible exports that you choose to download;
track production stages, send dispatch notifications, and send payment reminders to your buyers on your instruction;
provide the web dashboard, reports, and performance summaries;
provide support, onboarding, and the customizations included in your plan;
process payments, manage your subscription, and prevent fraud;
maintain, secure, debug, and improve the Service, and comply with legal obligations.

We rely on the following legal bases under India's Digital Personal Data Protection Act, 2023 and applicable law: performance of our contract with you, your consent (where required), our legitimate business interests in operating the Service, and compliance with legal obligations.

4. Automated processing and AI

Tovak uses automated processing, including artificial intelligence, to read incoming WhatsApp messages, extract order details, and suggest repeat orders ("Same as last order?"). These suggestions are designed to be confirmed by a human in your team before action is taken. We do not use your operational data to train third-party AI models for purposes unrelated to providing the Service to you.

5. WhatsApp and third-party services

The Service operates over the WhatsApp Business Platform, which is provided by Meta and delivered through a WhatsApp Business Solution Provider. When you communicate through WhatsApp, your use of WhatsApp is also governed by Meta's and WhatsApp's own privacy terms.

We share information with a limited set of service providers strictly to run the Service, including:

WhatsApp Business Platform / messaging providers: to send and receive messages;
Cloud hosting and database providers: to store and serve your data, with each Customer's data logically isolated;
AI processing providers: to interpret messages and extract order details;
Payment and invoicing providers: to process subscription payments.

These providers are bound to use the data only to provide services to us. We do not sell your personal data, and we do not share it with advertisers.

Tally and other exports. When you export data (for example, a Tally-compatible XML file or an invoice PDF), that file is under your control once downloaded, and its further handling is your responsibility.

6. Data sharing and disclosure

We may disclose information:

to your own authorised team members, according to the roles and permissions you configure;
to your buyers and suppliers, limited to the messages, confirmations, and reminders you instruct us to send;
where required by law, regulation, legal process, or a valid request from a public authority;
to protect the rights, safety, and security of Tovak, our Customers, or the public;
in connection with a merger, acquisition, or sale of assets, with notice to affected Customers.

7. Data storage, location, and retention

We store data on cloud infrastructure and apply per-Customer logical isolation so that one factory's data is not accessible to another. We retain your data for as long as your account is active and as needed to provide the Service. After your account is closed, we retain data only for the period required to meet legal, tax, accounting, or dispute- resolution obligations, after which it is deleted or anonymised. On written request, we will return or delete your operational data subject to these legal retention requirements.

8. Security

We use reasonable technical and organisational measures to protect information, including access controls, encryption in transit, and per-Customer data isolation. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a personal data breach affecting you occurs, we will notify you and the relevant authority as required by law.

9. Your rights

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, you may have the right to:

access the personal data we hold about you;
request correction or updating of inaccurate data;
request erasure of your personal data;
withdraw consent where processing is based on consent;
nominate another person to exercise your rights in certain cases;
raise a grievance about how your data is handled.

Where Tovak processes data on behalf of a Customer (as a processor), requests from that Customer's buyers, suppliers, or staff are generally directed to the Customer, and we will assist the Customer in responding. To exercise any right, contact us at info@tovak.in.

10. Grievance officer

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you may contact our grievance officer for any complaint regarding the processing of your personal data:

[Grievance Officer Name]
Tovak
Email: info@tovak.in
We aim to acknowledge complaints promptly and resolve them within the timelines required by law.

11. Children

Tovak is a business tool intended for use by businesses and is not directed at children. We do not knowingly collect personal data of children.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Service. Continued use of the Service after changes take effect means you accept the revised policy.

13. Contact us

For any question about this Privacy Policy or your data, email us at info@tovak.in.

Home · Terms & Conditions