Data Usage
What we do with the data you and your customers share with us
Last updated: 16 May 2026
Last updated: 16 May 2026
here's what we actually do with the data you and your customers share with us — in plain english. for the legally-binding versions, see our privacy policy and terms of service.
what data you and your customers share
when popkorn picks up a call, replies to a whatsapp, drafts an email, or chats on your site, we touch a few different things:
- voice calls — the audio of the call, a turn-by-turn transcript, and (when recording is on) a saved recording of the conversation.
- whatsapp — the message text, any photos, voice notes, or files your customer sends, and the phone number on the other end.
- email — the subject, body, and any attachments on emails sent to addresses you've connected.
- web chat, instagram, sms, rcs — same idea: whatever the customer types or sends.
- integration data — when your agent needs to look up an order, check a calendar, or pull an invoice, it asks the tool you've connected (shopify, google calendar, zoho, outlook). that result flows into the conversation.
- knowledge base — whatever pdfs, docs, sheets, slides, or web pages you've uploaded to teach the agent.
- support tickets — when a conversation turns into a ticket, the message history, attachments, and any notes your team adds.
- basic context — phone numbers, email addresses, names, addresses, order references — whatever the conversation surfaces.
we also keep the obvious stuff to run the platform: your team's login info, the agents you've built, the phone numbers you've claimed, the campaigns you've run, billing records.
why we have it
four reasons, roughly:
- to run the conversation — the agent can't reply without seeing what was just said.
- so your team can see what happened — transcripts, recordings, and tickets are how you review calls, train the agent, and help customers who escalate.
- to integrate with the tools you've connected — calendar lookups, order checks, invoice statuses.
- to bill you accurately — call usage, message counts, credit ledger.
where it lives
most of your data sits in india. the database, the call recordings, the ticket attachments, the knowledge-base embeddings — all hosted in the mumbai region.
some processing — specifically the ai models that listen, think, and speak — happens at providers whose servers may be located outside india. when a conversation is happening live, audio and text can briefly leave the country while the model figures out what to say back. we're honest about this because it's how the current generation of large ai models works.
we work with a small set of provider categories to make popkorn run:
- cloud infrastructure providers (hosting, networking, storage)
- ai/ml model providers (speech, language, embeddings)
- telephony and sip providers (phone calls in and out)
- real-time webrtc providers (the live audio pipe)
- messaging providers (whatsapp business, instagram, and similar)
- payment processors (for subscriptions and top-ups — we never see your card details)
- email delivery providers (for transactional emails like invitations)
- oauth aggregators (for the integrations you connect)
- object storage providers (recordings, attachments)
each one gets only the data it needs to do its job. if you're at an enterprise and want the named list, write to legal@popkorn.tech.
who can see it
three groups, in this order:
- you and your team — based on the roles you've set up (owner, admin, agent, member). owners and admins see everything in the org; agents see what's assigned to them; members see what they need to do their work.
- popkorn engineering — only when you ask us to help debug something specific, and only with the access you grant. we don't browse customer data for fun.
- the sub-processors above — strictly for the processing they perform on your behalf. they're contractually bound to handle the data only the way we instruct.
we never sell your data. we never share it with advertisers. we don't build profiles of your customers to sell to other businesses.
how long we keep it
simple rule: we keep your data as long as your account is active. when you close your account, we delete it within 30 days.
two exceptions:
- opt-out records — if a customer has asked to stop receiving messages, we keep that record permanently so we don't accidentally message them again.
- billing and audit logs — we hold these as long as indian law requires (currently a one-year minimum under dpdp rules 2025), in case of a tax or regulatory question.
if you want specific data deleted before account closure, ask at privacy@popkorn.tech. we respond within 15 days.
we never train our models on your data
not now, not later, not by default. the ai models that run your conversations are operated by our model providers under enterprise terms that prohibit training on the prompts and outputs we send. popkorn itself doesn't train or fine-tune any model on your content, your customers' content, or your knowledge base.
if we ever change this, it will be opt-in, in writing, with you choosing — and it will never be the default.
recording
when call recording is on, the voice agent announces the recording at the start of the call (a short message or a beep). this is the industry-standard two-party-with-announcement model, and it's how we recommend you run recording.
you can turn recording off per agent if you don't need it. either way, you're responsible for following the recording-disclosure rules in the place where your customer is located. we give you the tooling; you make the call.
what happens when you leave
if you decide to leave popkorn:
- export anything you want to keep (transcripts, recordings, ticket history) — we'll help if the export tooling doesn't cover something.
- close the account.
- we delete your data within 30 days, except for the opt-out records and audit logs noted above.
your rights
under the dpdp act 2023 and related indian law, you can ask us to:
- show you what we have on you (the person with the popkorn account)
- correct anything wrong
- delete your account data
- nominate someone to handle these rights on your behalf if you're incapacitated
email privacy@popkorn.tech and we'll handle it within 15 days.
for your end-customers' data (the people your agent talks to), popkorn acts on your instructions — so requests from those individuals should go to you, the business they actually have a relationship with. we'll support you in fulfilling those requests.
grievance officer
if something has gone wrong and a complaint about your data is the right escalation:
grievance officer: ashok kumar
email: grievance@popkorn.tech
address: yv labs llp, mumbai, indiawe acknowledge complaints within 24 hours and respond within 15 days, in line with it rules 2021. for dpdp-specific grievances, a full response is provided within 90 days under dpdp rules 2025. if you're not satisfied with our response, you can approach the data protection board of india.
if you want the legal version
this page is the friendly walkthrough. the legally-binding versions are at:
- privacy policy — the formal description of how we handle personal data
- terms of service — the contract between you and yv labs llp
- cookie policy — what we set in your browser (almost nothing on the marketing site)
- acceptable use policy — what's not okay to do on popkorn
contact
- data questions: privacy@popkorn.tech
- product help: support@popkorn.tech
- complaints: grievance@popkorn.tech
that's it. if anything here isn't clear, just write to us. we'd rather you ask than guess.
questions? email hello@popkorn.tech.