PRIVACY POLICY

Information Arattai Collects

Information that you provide

Registration Information: When you sign up for Arattai Services, we collect your name and contact number to complete the account registration process.

Feedback and Reviews: When you share your feedback about the Services through Arattai Applications or website, we receive your name and contact information along with your feedback message so that our support team can reach out to you directly to address your concerns or suggestions. We also gather and manage reviews published publicly on App Store, Play Store, and social media platforms, including comments to our posts relating to Arattai. We may publish these public reviews on our website along with the contributor's name and use these feedback and reviews to refine and improve Arattai Services.

Interactions with Us: When you reach out to us for support, grievance redressal, or reporting infringement of your intellectual property rights, we receive your contact information and any additional information that you provide in connection with your request. We process this information to respond to your specific request and to fulfil our legal or support obligations. Additionally, we may maintain and analyze records of these interactions to improve our internal processes and service quality.

Information that Arattai automatically collects

Device and Browser Information: When you access Arattai Services through Arattai Applications, we collect your Internet Protocol (IP) address and your device information (via user agent), including your operating system (OS) version and application version. While we do not collect your precise location, we use your IP address and the country code associated with your phone number to estimate your general location (e.g., city or country). When you access Arattai Services through a web session, we collect standard information that web browsers and servers make available such as your IP address, browser type, language preference, time zone, referring URL, date and time of access, and details of your OS, including its version number ("Web Access Information"). We also use certain essential cookies to maintain your session, manage your account preferences, and ensure a consistent and secure connection with our services.

Essential Service Logs: Most of the core functionalities within Arattai Services require an active connection to our servers to function as intended. These necessary actions are logged on our servers to ensure the service is delivered reliably, securely, and in accordance with our legal obligations. This includes: (i) information regarding your sign-up, sign-in, sign-out, and your online or "last seen" status; (ii) changes you make to your username, profile picture, or "About" information; and (iii) message delivery statuses, call logs, and other technical metrics related to application speed, reliability, and call or media quality.

Diagnostics and Crash Reports: To help us maintain a stable experience, Arattai may collect crash reports and diagnostic data when your app or web session encounter a technical error. These reports are essential for identifying the root cause of service interruptions and may include system-level information (such as your OS and browser version) or application-specific technical events (such as errors in message decryption and cloud data backup). We believe you should have complete control over the diagnostic data your device shares with us. You may manage your preferences and opt-out of sharing diagnostic and crash data at any time through your application or web settings. When disabled, no diagnostic or crash data will be transmitted to Arattai.

Website Visitor Information and Tracking: In addition to the standard Web Access Information that Arattai collects about visitors of Arattai website, Arattai uses cookies, beacons, tags, scripts, and other similar technologies to identify visitors, track website navigation, gather demographic information about visitors, and for targeted visitor engagement by tracking your activities on our websites. We mostly use first-party cookies and do not use third-party cookies or other third-party tracking technologies on our websites for non-essential or intrusive tracking. You can learn more about the cookies used on our websites here.

Information that You Entrust to Arattai

This section outlines how we handle the information you provide us with or grant us access to when using Arattai Services. We consider such information as the information "entrusted" to us, and we do not use this information for any purpose other than to provide Arattai Services and ensure a safe and secure experience.

Messages and Content Shared in End-to-End Encrypted (E2EE) Chats: Arattai does not have access to the content of messages shared within E2EE chats in the ordinary course of service. However, to ensure the safety and integrity of Arattai Services and to honour our legal obligations, Arattai can trace the first originator of specific messages on Arattai Services by identifying the source of a message chain (e.g., the originating account ID). This does not mean that Arattai can read the private, encrypted content of your messages.

Scenarios involving limited access to E2EE content: While your chats are private, certain user actions or technical requirements necessitate limited access as in the following scenarios:

• Abuse Reports: When an abuse report is shared with Arattai from within the Service, Arattai receives the relevant conversation data in an unencrypted form to investigate and take necessary action. Specifically, when a message is reported, the relevant message and a limited number of preceding messages from the conversation are shared with Arattai. When a user is reported, a limited portion of the most recent messages exchanged with that user is shared with Arattai. This process applies regardless of whether you initiate a report or are the subject of one.

• Undelivered Messages: We store undelivered messages on Arattai servers temporarily in an encrypted form until they are delivered to your primary and companion devices. If the messages do not get delivered even after our attempts to deliver them after a certain time period, we will delete these messages from our servers.

• Forwarded Messages: When a user forwards a message that contains a media or a file, we temporarily store the message and the media file within our servers in an encrypted form to ensure efficient delivery of forwards.

• Media Metadata: Arattai has access to the metadata of files or media shared within E2EE chats. This includes attributes such as file type, size, audio/video duration, and image dimensions.

• Hyperlink Previews: If you enable this feature, Arattai will generate link previews for the URLs shared in your chats. To facilitate this, the hyperlink is sent to Arattai servers to fetch metadata (such as the page title, description, and thumbnail). Arattai accesses only the URL to fetch metadata and the content of the message will not be accessed by Arattai. These hyperlinks are not stored or logged on our servers once the preview is generated.

Messages and content in non-E2EE surfaces: Messages and content shared in non-E2EE surfaces, such as Stories, Channels, Meetings, and Pockets are stored on Arattai servers. This includes message history, shared files, meeting logs, and meeting recordings. We store and process this data only for the limited purpose of providing these services to you.

Calls: All audio and video calls made through Arattai Services are end-to-end encrypted and Arattai does not have access to the audio or video content of your calls. To provide you with a seamless experience, Arattai displays your call history within the Service, which includes the participants of the call, the call initiation time, and the duration. Additionally, Arattai stores the call logs for support and troubleshooting purposes.

Device Permissions: When you elect to allow it, Arattai Applications have access to certain functionalities on your device such as the camera, microphone, contacts, photo library, and files stored within your device. Our applications require such access to facilitate features like audio and video calling, voice messaging, and file sharing. You retain full control over these permissions and can enable or disable Arattai’s access at any time through your device’s system settings. Any media shared within E2EE chats using these permissions is protected by end-to-end encryption and remains inaccessible to Arattai.

Arattai Contacts: When you choose to sync your device contacts or manually save contacts within the Arattai Application, the contact information is stored on Arattai servers to help you connect with other users. If you disable contact syncing, newly added contacts from your device will no longer be synced with our servers. However, disabling the sync feature does not automatically remove the contacts previously stored on our servers.

Location Data: Arattai allows you to share your current location or live location with other users. By enabling this feature, you grant Arattai permission to access your device’s location services, which may use a combination of GPS, Wi-Fi networks, and cellular tower data to provide accurate positioning. When you share your location in an E2EE chat, the data is protected by end-to-end encryption like any other message sent within that chat ensuring that only the intended recipients can access your location details. You have full control over your location data. You can stop sharing your live location at any time or completely disable Arattai’s access to your device’s location services through your mobile settings.

Optional Profile Information and Account Settings: You may choose to personalize your profile by providing a username, profile picture, "About" information, or a custom caller tune. To ensure a consistent experience across all Arattai Applications, we also store your account configurations, including (i) interaction controls regarding who may initiate chats, Groups, or meeting invitations; (ii) managed lists, such as the users you have blocked; and (iii) visibility preferences for your profile information, stories, and activity indicators like your "last seen" status and message read receipts, , to ensure your choices are consistently applied across all Arattai Applications.

Group and Channel Information: Arattai stores metadata related to the Groups and Channels you join or manage. This includes the basic details such as the name, description, and profile picture of the Group or Channel, as well as the records of participants, followers, and users designated as admins or owners.

Arattai's privacy commitments

We believe that your private conversations belong to you alone. To protect your digital space, we make the following strict commitments regarding your data:

• We will never sell or rent your personal data to anyone.
• We will never share your data with third parties for targeted advertising.
• We will never process your messages or metadata to serve you ads.
• We will never use your private chat history or media to train AI models.
• We will never embed third-party behavioural trackers into our app.
• We will never read your E2EE messages or listen to your calls (unless we receive the messages in unencrypted form as part of abuse reporting process) because we simply don't have the keys.
• We will only use sensitive data, such as your exact location, for the explicit purpose of providing the service you requested (e.g., sharing your live or current location with a friend).

Automated processing of data

To keep Arattai fast, secure, and free of spam, our systems rely on certain automated processing methods. Our automated systems are used only for operational and security purposes such as:

• Service functionality and personalization: To make the app easier to use, our systems automatically process basic interaction metadata (such as the frequency of your communications) to provide convenient features, such as ranking your most frequently contacted friends at the top of your search results or share sheets.

• Spam and bot detection: We use automated algorithms to analyse account behaviour (e.g., account creation velocity, unusually high message volumes, or rapid group-joining) to detect and block spam bots before they can disrupt the platform.

• Account security & authentication: When you log in, our systems automatically process your phone number to generate and send a One-Time Password (OTP). Automated systems also monitor for suspicious, rapid login attempts to prevent unauthorized account takeovers.

• Abuse detection on reported content: When a user explicitly reports another user, a message or a file for violating our Terms of Service or Content and Conduct Policy, our automated systems may scan the content that is submitted as part of the report and match against the reported grounds for abuse detection, and against databases of known malicious links, malware, or illegal imagery (such as Child Sexual Abuse Material) to prioritise the report for review. (Note: Because of encryption, we cannot automatically scan your private chats. This only applies to content you or another user explicitly chooses to report to us).

Human review of automated processing and abuse reports

While machines help us operate at scale, we believe human judgment is essential for complex decisions, fair moderation, and providing quality support. Our trained trust and safety team members, subject to strict confidentiality agreements, may process your data in the following scenarios:

• Reviewing abuse reports: If an account, Group, or Channel is reported for severe violations of our Terms of Service or Content and Conduct Policy (such as harassment, hate speech, or illegal activity), a human moderator will review the specific messages or media included in the report. In the case of end-to-end encrypted chats, our moderators can only see the specific content that was reported to us; they cannot access your broader chat history.

• Profile and Public Content Moderation: If another user flags a specific element of your account that are visible to other users or public (such as your Profile Picture or "About" information), or a public-facing meta data (such as Channel/Group names or descriptions) for violating our guidelines, a human will verify the content and take appropriate action.

• Handling appeals and false positives: If our automated spam-detection and abuse-handling systems restrict or ban your account, you have the right to appeal. A human reviewer will look at the system logs and metadata to verify if the automated decision was correct or if it was a false positive, ensuring fair treatment.

• Customer support and grievance redressal: When you contact our support team, the privacy team or the Grievance Redressal Officer regarding technical issues, account recovery, to exercise your privacy rights, or to report a grievance, our human support agents will verify your identity and review the details of your request to assist you.

Official communication and service updates

• Official Arattai Chat: We use a dedicated, secure system chat to deliver essential service-related messages, including delivering OTPs, notifications regarding new user login, and communicating important information regarding reports raised against your account or enforcement actions related to our Content and Conduct Policy. To deliver these messages directly to your dedicated "Arattai" chat window, we process your basic account information (specifically the contact number you provided during sign-up). Because these communications are critical for account safety and security, you will not be able to opt-out of this chat.

• Announcements and Service Updates: General updates about new features, product enhancements, and community news are shared through the official "Arattai" Channel. Unlike system alerts, you will only receive these updates if you choose to join the Arattai Channel. You have full control over this channel; you may join, leave, or mute notifications at any time through the channel settings.

Who We Share Your Information With

While we do not sell, rent, or trade your personal information to third parties, to operate, secure, and improve our Services, we may share strictly necessary information with the following categories of third parties:

• Service providers: We engage select third-party service providers who act on our behalf to support our operations. We only share the minimum data required for them to perform their specific functions, and they are strictly prohibited from using your data for their own purposes. These include:

  • Telecom and messaging partners: Providers that facilitate the delivery of SMS messages to your phone number for account verification (OTPs) and critical service alerts.

  • Push notification services: To alert you of new messages and calls when the app is in the background, we utilize the native push notification services provided by your device's operating system (specifically, Apple Push Notification service for iOS and Firebase Cloud Messaging for Android). This involves routing a device-specific token and a notification payload through these services to wake up your device and display the alert.

  • Security and integrity partners: We may engage specialized service providers that help us detect, prevent, and mitigate spam, fraud, and platform abuse with whom we may share basic metadata, integrity signals, and any unencrypted data accessible to us under the limited scenarios mentioned in this Privacy Policy.

Group Companies and Affiliates: Arattai may share information with our group companies located in India. We rely on these group entities to provide essential back-end infrastructure, technical support, incident management, and day-to-day operational assistance. All these group companies are bound by the same strict privacy commitments and data protection standards outlined in this Privacy Policy.

Third Parties and Partners for Fulfilling Your Requests: Arattai may offer features that allow you to interact with external businesses, merchants, and independent service providers (such as delivery partners or cab drivers) directly through our platform.

If you explicitly choose to use these features to place an order, make a booking, or request a service, we will share the necessary information, such as your contact details or location, with the relevant third party strictly to fulfil the transaction or service you requested.

Legal and Safety Obligations: As detailed in our Terms of Service, we may share basic user account information, metadata, or unencrypted abuse reports with law enforcement, government authorities, or courts if we believe in good faith that such disclosure is strictly necessary to comply with a valid legal obligation, protect the safety of our users, or prevent severe physical harm or illegal activity.

Core Rights for All Arattai Users

No matter where you are in the world, you enjoy the following privacy guarantees and can exercise the following rights using the settings inside the Arattai app:

• Right to Access & Information: You have the right to know what personal data we collect and how we use it. You can view your profile information, account settings, and the data you’ve shared with us directly within the app.

• Right to Correction: If your information is inaccurate or out of date, you can update your profile details (like your display name or profile picture) at any time through your account settings.

• Right to Withdraw Consent: Where we rely on your consent to use certain features such as accessing your device’s camera, microphone, or contact list, you can withdraw that permission at any time by changing the settings on your device.

• Right to Request Deletion: You can request the deletion of your account and personal data. Please note that local laws may require us to retain certain data for a minimum legally mandated period even after you delete your account.

• Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, and machine-readable format to transfer it to another service.

Additional Rights Based on Your Location

Because data protection laws differ globally, users in certain regions have specific additional rights and responsibilities.