Privacy Policy
Operated by Swadesh Mobile Private Limited · India · Last updated: 20 June 2026
This Privacy Policy explains how Swadesh Mobile Private Limited, operating the 9278.io platform (“9278.io”, “we”), collects, uses, shares, stores, and protects personal data under the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and the SPDI Rules, 2011. It applies to our website, dashboard, and AI voice-agent services for businesses in India.
OUR TWO ROLES. For data about our business customers, their staff, and website visitors, 9278.io is the Data Fiduciary. For personal data that a business customer’s AI agent collects from the customer’s own callers/contacts, the business customer is the Data Fiduciary and 9278.io is the Data Processor under the Data Processing Addendum — there, the customer’s own notice and consent govern.
Contents
1. NOTICE AND CONSENT (DPDPA s.5–6)
We process personal data on the basis of your consent or another lawful basis permitted by the DPDPA (including “legitimate uses”). Where we rely on consent, we give a clear notice of what data we collect and why, you may withdraw consent at any time, and we will stop processing for that purpose. You may consent or withdraw consent via privacy@9278.io. We may also engage a Consent Manager registered with the Data Protection Board.
2. PERSONAL DATA WE COLLECT
- Account/KYC data — name, business name, work email, phone, GSTIN, and details required to provision numbers under telecom rules.
- Billing data — wallet top-ups and transaction data via our payment processor (we do not store full card details).
- Call data — for calls handled by your AI agent: caller/called numbers, call detail records, recordings, transcripts, language, and conversation metadata (processed as your Data Processor).
- Technical/usage data — device, IP, browser, dashboard logs.
- Support data — content of your communications with us.
3. PURPOSES
We use personal data to: create and run accounts; provision and operate numbers and the AI voice service; record and transcribe calls (as configured by the customer); bill and issue GST invoices; provide support; prevent fraud and secure the platform; meet legal, telecom (TRAI/DoT/DLT), and lawful-request obligations; and, with consent, send service or marketing communications.
4. DATA STORAGE — INDIA
Our servers and primary data storage are located in India. Where any processing involves a service provider outside India, we do so only as permitted by the DPDPA (the Central Government may restrict transfers to notified countries) and applicable law, with appropriate safeguards. See the Sub-Processor List for locations.
5. SHARING
We do not sell personal data. We share it with: processors/sub-processors that help run the Services (hosting, AI/ASR/TTS, payments, communications — see Sub-Processor List); licensed telecom service providers needed to connect calls and deliver numbers; and government/authorities where required by law (including lawful interception under the Telecommunications Act, 2023 and IT Act s.69). Where 9278.io is a Data Processor, we act only on the customer’s instructions.
6. RETENTION
We retain personal data only as long as necessary for the purpose or as required by law (telecom record-keeping, tax). Recordings/transcripts are retained per the customer’s configuration (default 7–30 days); account data for the life of the account plus a limited period; then deleted or anonymised (DPDPA s.8(7)).
7. YOUR RIGHTS AS A DATA PRINCIPAL (DPDPA s.11–14)
You may: access a summary of your personal data and processing; request correction, completion, updating, or erasure; nominate another person to exercise your rights in case of death or incapacity; and seek grievance redressal. To exercise rights, email privacy@9278.io. If unsatisfied, you may use our Grievance Redressal Policy and then approach the Data Protection Board of India.
8. CHILDREN (DPDPA s.9)
The Services are for businesses and are not directed to children. We do not knowingly process the personal data of children (under 18) without verifiable consent of a parent/guardian, and we do not undertake tracking or targeted advertising directed at children.
9. SECURITY AND BREACH
We implement reasonable security safeguards (DPDPA s.8(5); IT Act s.43A/SPDI Rules), including encryption, access controls, and monitoring. In the event of a personal data breach, we will notify the Data Protection Board and affected Data Principals as required by the DPDPA and rules.
10. GRIEVANCES AND CONTACT
Grievance Officer / DPDPA contact: grievance@9278.io. We acknowledge grievances within 24 hours and aim to resolve them within the period prescribed by the IT Rules / DPDPA. Swadesh Mobile Private Limited (9278.io), 1108, Sureshwari Techno IT Park Premises CHS, Link Road, Borivali West, Mumbai, Maharashtra 400092, India.