Legal

Privacy Policy

What we collect, why, how long we keep it, and the choices you have — in plain language.

Effective 12 June 2026

Unhold (“Unhold”, “we”, “us”) is an AI customer-support product operated by Broadifi Tech Private Limited (“Broadifi Technologies”). This policy explains what personal data we collect, why we collect it, how long we keep it, and the choices you have. It is written to be read, not skimmed past — if anything is unclear, write to privacy@unhold.chat and a person will answer.

This policy applies to the unhold.chat website, the Unhold dashboard, the Unhold mobile apps for Android and iOS, and the Unhold chat widget that our customers install on their own websites.

1. Who we are

Unhold is operated by Broadifi Tech Private Limited (CIN U72900WB2021PTC246456), an Indian company doing business as Broadifi Technologies.

  • Registered office: Jhorehat East LP JH1, Howrah 711302, West Bengal, India
  • Corporate office: BN 4, Webel IT Park, Tower I, Module 206, Salt Lake, Sector V, Kolkata 700091, West Bengal, India
  • Privacy contact: privacy@unhold.chat
  • General support: support@unhold.chat

2. Who this policy covers

Three different groups of people interact with Unhold, and our role differs for each:

  • Visitors and waitlist signups — people browsing unhold.chat or joining the waitlist. We are the data fiduciary / controller for this data.
  • Account holders — people who create an Unhold account to put the chat widget on their website and manage their AI agent through the dashboard or the mobile apps. We are the controller for account data.
  • End users — people who chat with an Unhold widget on a customer’s website. For their conversations we act as a data processor on the website owner’s instructions. The website owner is the controller: if you chatted with a widget on someone’s site, your first point of contact for privacy requests is that website owner. We help them respond — see our Data Processing Addendum.

3. Information we collect

Information you give us

  • Waitlist: your first name, work email, deployment preference (hosted, self-hosted, or custom agent), and — if you choose to share them — your company name and use case.
  • Account: your name, email address, organization name, and authentication credentials. When paid plans launch, billing details are handled by a payment provider; we do not store full card numbers.
  • Content you upload: the documents, images, voice notes, spreadsheets, and website URLs you feed your agent, and every edit you make to its knowledge base.
  • Messages: replies you write to your end users during human handoff, and any correspondence with our support team.

Collected automatically

  • Usage and device data: IP address, browser and device type, operating system, access times, referring URLs, and the pages or screens you interact with.
  • Server logs: standard request logs used for security, debugging, and abuse prevention, kept on a short rotation.
  • Approximate location: a country or region inferred from your IP address. We do not collect precise GPS location.

From the mobile apps

  • Push notification tokens so we can tell you a customer needs a human, delivered through Google Firebase Cloud Messaging (Android) and Apple Push Notification service (iOS).
  • Device information: device model, OS version, app version, language, and crash diagnostics that help us fix bugs.
  • Camera and photo library: only when you grant the OS permission, and only to let you upload documents or images to your knowledge base. We never scan your library in the background.

End-user conversation data (processed for our customers)

When someone chats with an Unhold widget, we process the conversation — messages, attachments, any contact details the person volunteers, and the sentiment and intent signals our models derive from it — on behalf of the website owner who installed the widget. What the website owner collects through the widget, and how long they keep it, is governed by their own privacy policy together with our DPA.

4. How we use information

  • Provide and operate the service: answer end users from the knowledge base you built, hand conversations to humans, and show you what your agent learned.
  • Generate the sales and sentiment signals the product exists for — buying intent, urgency, frustration — for the customer whose widget the conversation happened on.
  • Send service communications: waitlist confirmations, early-access invitations, onboarding help, security notices, and changes to terms or pricing. Marketing email is opt-in and every message has an unsubscribe link.
  • Keep the service safe: detect fraud, abuse, and unauthorized access.
  • Comply with law: respond to lawful requests and meet our legal obligations.
  • Improve the product using aggregated, de-identified usage statistics — never the content of your documents or conversations.

5. How AI processing works

Unhold uses large language models to read the documents you upload and generate answers for your end users. On hosted plans this processing runs on our infrastructure and vetted inference providers under contract (see subprocessors). On self-hosted deployments, the models, the knowledge base, and every conversation run inside your own infrastructure and nothing is transmitted to us.

We do not train models on your documents or your conversations. Your content is used to answer your customers, and for nothing else.

AI-generated answers can be wrong. Account holders are responsible for reviewing what their agent learned and for the answers it gives — see our Terms of Service.

7. When we share information

We share personal data only where the service needs it, and never sell it or share it for cross-context behavioral advertising.

  • Subprocessors — vendors who host infrastructure, run model inference, deliver email, and deliver push notifications, each bound by a data-processing contract. The current categories and locations are listed in the DPA.
  • Your customer / the website owner — if you are an end user, the conversation you have with a widget belongs to the website that runs it.
  • Legal requests — when required by law, court order, or a competent authority, after checking the request is valid.
  • Business transfers — if Broadifi Tech Private Limited is involved in a merger, acquisition, or asset sale, data may transfer with notice to you and under this policy’s protections.

8. International transfers

We are based in India and may process data on infrastructure in other countries. Where data protected by the GDPR or similar laws leaves its home jurisdiction, we use recognized safeguards such as the EU Standard Contractual Clauses or rely on adequacy decisions. Self-hosted deployments are unaffected: your data stays wherever you run them.

9. How long we keep data

  • Waitlist data: until the product launches and a reasonable period after, or until you ask to be removed — one email does it.
  • Account data and uploaded content: for the life of your account. After you delete your account, we erase it within 30 days, and it leaves encrypted backups within 90 days.
  • End-user conversations: kept according to the retention settings of the website owner whose widget hosted the conversation.
  • Server logs: rotated on a short schedule, typically within 90 days.
  • Legal records: invoices and records we are legally required to keep are retained for the statutory period.

10. Your rights

Depending on where you live, you have rights over your personal data. To exercise any of them, email privacy@unhold.chat from the address linked to your data; we verify each request and respond within the timeline the applicable law sets.

  • India (DPDP Act, 2023): access a summary of your data and how it is processed, correct or erase it, have grievances addressed, and nominate someone to exercise these rights for you.
  • EEA / UK (GDPR): access, rectification, erasure, restriction, portability, objection, withdrawal of consent, and the right to complain to your supervisory authority.
  • California (CCPA/CPRA): know, correct, and delete; we do not sell or share personal information as those terms are defined, so there is nothing to opt out of.
  • End users: direct your request to the website owner you chatted with; we assist them under the DPA. If you cannot reach them, write to us and we will help route it.

11. Account and data deletion

You can delete your Unhold account — including from the Android and iOS apps — and everything it contains:

  • In the product: Settings → Account → Delete account. This removes your profile, knowledge base, uploaded documents, and the conversations we hold for you.
  • By email: write to privacy@unhold.chat with the subject “Delete my account” from your registered address.
  • Deletion completes within 30 days (90 days for encrypted backups), except for limited records the law requires us to keep. Full details: unhold.chat/delete-account.

12. Children

Unhold is a business tool and is not directed at children. You must be old enough to form a binding contract in your jurisdiction — 18 in India — to hold an account. We do not knowingly collect personal data from children; if you believe a child has provided us data, write to privacy@unhold.chat and we will delete it.

13. Security

Data is encrypted in transit, access is role-based and logged, and customer workloads are isolated from one another. Self-hosting remains the strongest guarantee we offer: your data never leaves your infrastructure at all. Our full posture — including how to report a vulnerability — is described on the security page. No system is perfectly secure; if a breach affects your personal data we will notify you and the relevant authorities as the law requires.

14. Cookies and similar technologies

We keep this minimal and functional:

  • Strictly necessary storage — session and sign-in state for the dashboard, and your preferences.
  • Widget storage — the chat widget uses local storage in the end user’s browser so a conversation survives a page reload.
  • Fonts — unhold.chat loads its fonts from Google Fonts; Google receives the standard technical data of any web request (such as IP address and user agent) when serving them.
  • No third-party advertising or analytics cookies are used on unhold.chat today. If that changes, this policy and a consent banner will say so first.

15. Push notifications and app permissions

The mobile apps ask before sending notifications (for example, “a customer needs a human”). You can withdraw the permission any time in your device settings, and the camera and photo-library permissions work the same way — the app functions without them, you just upload documents another way.

16. Changes to this policy

When we change this policy we will post the new version here and update its effective date. For material changes we will tell account holders directly — by email or in the product — before the change takes effect.

17. Grievance Officer and contact

In accordance with the Information Technology Act, 2000, the rules made under it, and the DPDP Act, 2023, the contact details of our Grievance Officer are:

  • Rajdeep Barman, Grievance Officer, Broadifi Tech Private Limited
  • Email: privacy@unhold.chat
  • Address: Jhorehat East LP JH1, Howrah 711302, West Bengal, India