Skip to content
Srileo.
How it worksPricingPartnersAbout
đź’¬ Try Elily live on WhatsApp
Srileo.
How it worksPricingPartnersAbout
💬 Try Elily live on WhatsApp Book a 15-min call ↗

LEGAL · PLAIN ENGLISH

Privacy Policy

Effective 16 July 2026 · Last updated 16 July 2026

Questions about how your business data would be handled? Book a 15-min call ↗

Draft notice: This is a plain-English operational template and should be reviewed by Indian privacy counsel before production use.

SRILEO TECHNOLOGIES (OPC) PRIVATE LIMITED, referred to as “Srileo”, “we”, “us” or “our”, provides Elily, an AI receptionist for businesses on WhatsApp. This policy explains how we handle personal data when you visit srileo.com, contact us, try the Elily demonstration, use Elily for your business, or message a business that uses Elily.

This policy does not replace the privacy notice of the business you are messaging or the privacy policies of WhatsApp, Meta, your calendar provider or another connected service.

1. Who is responsible for your data

When you visit our website, contact Srileo or message Srileo's own demonstration number, Srileo decides why and how that data is used and acts as the data fiduciary for that processing.

When you message a clinic, salon, wellness centre or other business that uses Elily, that business normally decides why your information is collected and how it is used. The business is the data fiduciary. Srileo processes the information on its instructions as a data processor or service provider.

Srileo may separately be responsible for limited processing required to secure, bill, maintain and legally operate the service. If your question concerns a conversation with a business using Elily, contact that business first. You may also contact us and we will direct the request to the relevant business.

2. Personal data we collect

Website and enquiry information

  • Your name, business name, email address and phone number.
  • The content of messages or enquiries you send us.
  • Meeting requests and related scheduling details.
  • Basic server logs such as IP address, browser type, request time and security events.

WhatsApp conversation information

  • Your WhatsApp phone number and display name.
  • Message content, language, timestamps and delivery status.
  • Images, documents, audio or other attachments you choose to send, if that feature is enabled.
  • Opt-in, opt-out and consent records.
  • Information used to hand a conversation to a human.

Booking information

  • Customer or patient name and contact number.
  • Requested service, branch, staff member or doctor, date and time.
  • Booking status, reminder status and calendar event identifiers.
  • Notes that you or the business choose to include.

Messages to wellness or healthcare businesses may reveal health-related information. Elily is not intended to hold a complete medical record. Do not send information that is not needed to answer your question or arrange your appointment.

Business client and billing information

  • Business contacts, billing details, GST details, invoices, payment status and transaction references.
  • Services, prices, branches, working hours, staff and appointment rules.
  • Authorised administrator details and configuration instructions.
  • WhatsApp Business Account and calendar integration identifiers.
  • Support requests, service logs and usage records.

If a payment provider processes a card, bank or UPI payment, that provider handles the payment credentials under its own privacy terms. Srileo does not need to store full card details.

3. How we use personal data

We use personal data only for specific service and legal purposes, including to:

  • answer customer questions through Elily;
  • create, change, confirm and remind customers about appointments;
  • route a conversation to an authorised human with relevant context;
  • configure Elily using information supplied by a business;
  • connect with WhatsApp, calendars and other requested integrations;
  • provide onboarding, support and client-specific service reports;
  • authenticate administrators and protect business accounts;
  • troubleshoot errors and prevent misuse, spam or security incidents;
  • issue invoices and maintain business records;
  • comply with law and respond to valid legal requests; and
  • improve reliability using non-content operational data and feedback.

Where required, we process personal data with consent. We may also process data voluntarily provided for a clear purpose, to carry out our agreement with a client, and for other uses permitted or required by law. We do not use WhatsApp conversation content for advertising.

4. How AI is used

Elily uses language models to understand messages and prepare replies. Relevant message content and business instructions may be sent to an approved AI service provider so Elily can respond.

We require AI providers and other service providers to process client data only to provide the contracted service. We do not permit WhatsApp Business Solution Data to be used to create, train or improve shared or general-purpose AI models.

Automated replies can be incomplete or incorrect. Elily is designed to hand a conversation to a human when she cannot answer safely or confidently. A client may review conversations for support, quality or compliance where the client has a lawful reason to do so.

Elily does not diagnose medical conditions, prescribe treatment, or make medical, employment, credit, insurance or other high-impact decisions.

5. When we share personal data

We share personal data only where reasonably needed for the service, including with:

  • the business whose WhatsApp number you contacted;
  • Meta and WhatsApp, which operate the WhatsApp Business Platform;
  • language model providers used to generate replies;
  • cloud hosting, database, monitoring and security providers;
  • calendar providers selected by the client;
  • payment, accounting and professional advisers;
  • government authorities or courts where disclosure is lawfully required; and
  • a successor in a merger, acquisition, financing or sale, subject to appropriate safeguards.

Each client's operational data is kept in a client-scoped database or logically isolated client environment. We do not share one client's conversations with another client.

We do not sell or rent personal data. We do not share WhatsApp conversation data with data brokers or advertising networks. Third-party platforms may separately process information under their own terms and privacy policies.

6. WhatsApp and Meta

Elily operates through the WhatsApp Business Platform. WhatsApp and Meta receive and process information needed to deliver messages, operate accounts, prevent misuse and provide their platform. Your use of WhatsApp remains subject to WhatsApp's terms and privacy policy. Srileo does not control Meta's systems, platform rules or independent processing.

Messages handled through a business platform may be available to the business, Srileo and authorised service providers as needed to provide the service. Do not assume that a business conversation is visible only on your phone.

7. International processing

Some service providers may process data in India or in other countries where they operate. Those countries may have different data protection laws. Where personal data is processed outside India, we use contractual, technical and organisational safeguards and comply with transfer restrictions notified under Indian law. A client may request information about locations used for its service.

8. How long we keep data

We keep personal data only for as long as needed for the stated purpose, the client's instructions, security or law. Unless a client agreement specifies a different period:

  • client conversation and booking data is kept while the service is active and returned or deleted within 90 days after termination;
  • Elily demonstration conversations are kept for up to 90 days;
  • support records are normally kept for up to two years after the request closes;
  • security and system logs may be kept for at least 180 days where applicable law requires it;
  • billing, tax and company records may be kept for up to eight financial years or longer if law requires; and
  • encrypted backups may take up to 90 additional days to expire after deletion from active systems.

We may keep specific data longer for a legal claim, investigation, security incident or lawful government request. Deletion from active systems does not require us to alter a completed invoice or another record that law requires us to retain.

9. Security

We use safeguards designed for the nature of the data, including encryption in transit and at rest where supported, client-scoped separation, least-privilege access, logging, secure credential management, backups, confidentiality terms and incident response procedures. No online service is completely secure. Clients must also protect their Meta, WhatsApp, calendar and administrator accounts.

If a personal data breach affects you, the responsible data fiduciary will provide notices required by applicable law.

10. Your choices and rights

Depending on applicable law and Srileo's role, you may have the right to ask what data is processed, request access or correction, request erasure, withdraw consent, opt out of future messages, raise a grievance, or nominate another person to exercise applicable rights in specified circumstances.

Withdrawing consent does not affect processing that was lawful before withdrawal. Some data may still be retained where law requires it. For data processed for one of our clients, contact that business first. Srileo will assist the business with verified requests and may ask for information needed to confirm your identity and find the correct conversation.

To stop business messages, reply “STOP” or clearly ask the business not to message you again. You may contact us at contact@srileo.com. We aim to acknowledge privacy grievances within seven working days and provide a final response within 30 days, unless law requires a shorter period.

11. Children

Elily is not directed to children as an independent consumer service. A parent or lawful guardian may use Elily to arrange a service for a child. The client business is responsible for obtaining verifiable guardian consent where required and configuring applicable age restrictions.

If we learn that a child's personal data was collected without valid authority, we will work with the responsible client to restrict or delete it, subject to legal requirements.

12. Healthcare and emergencies

Elily provides administrative assistance such as service information and appointment booking. She is not a doctor, emergency service, diagnostic system or substitute for professional medical advice.

Do not use Elily for an emergency or time-sensitive medical concern. Contact local emergency services or a qualified healthcare professional directly. Clients in healthcare or wellness remain responsible for professional, regulatory, record-keeping, consent and patient-care obligations.

13. Website cookies and links

The public website does not use advertising cookies or third-party advertising trackers. Hosting and security providers may process essential logs needed to deliver and protect the site. Links to WhatsApp, scheduling services, calendars or other websites take you to services governed by their own privacy policies.

14. Changes to this policy

We may update this policy when our service, providers or legal obligations change. We will publish the revised version with a new “Last updated” date. If a change materially affects active client data, we will provide additional notice where required.

15. Contact and grievance details

SRILEO TECHNOLOGIES (OPC) PRIVATE LIMITED
Saravanampatti, Coimbatore, Tamil Nadu, India
contact@srileo.com
+91 63819 35467

Privacy and grievance contact: contact@srileo.com

💬 Try Elily live on WhatsApp Book a 15-min call ↗
Scan to open the live chat
Srileo.

The AI front desk for local business — on WhatsApp. That's all we do.

đź’¬ Try Elily live on WhatsApp Book a 15-min call

Explore

How it works Pricing Partners About

Coimbatore

Saravanampatti, Coimbatore

contact@srileo.com +91 63819 35467

SRILEO TECHNOLOGIES (OPC) PRIVATE LIMITED

Privacy Terms