PRIVACY POLICY

We, M/s. TREEWALKER DIGITAL PRIVATE LIMITED, a Private Limited Company, incorporated under the Companies Act, 2013, having its registered office at “1567, 2nd Floor, 27th Main Rd, 1st Sector, HSR Layout, Bengaluru, Karnataka 560102”, represented by its members, hereinafter referred to as the “Company” (where such expression shall, unless repugnant to the context thereof, be deemed to include its respective legal heirs, representatives, administrators, permitted successors and assigns.) The creator of this Privacy Policy ensures a steady commitment to Your privacy with regard to the protection of your invaluable information.

This privacy policy contains information about the Website galla.app, and the corresponding Mobile Application “Galla” (hereinafter referred to as the “Platform”).

In order to provide You with Our uninterrupted use of services, We may collect and, in some circumstances, disclose information about you with your permission. To ensure better protection of Your privacy, We provide this notice explaining Our information collection and disclosure policies, and the choices You make about the way Your information is collected and used.

This Privacy Policy shall be in compliance with the General Data Protection Regulation (GDPR) in effect from May 25, 2019, and any and all provisions that may read to the contrary shall be deemed to be void and unenforceable as of that date. If you do not agree with the terms and conditions of our Privacy Policy, including in relation to the manner
of collection or use of your information, please do not use or access the Site. If you have any questions or concerns regarding this Privacy Policy, you should contact our Customer Support Desk at support@galla.app.

ANY CAPITALIZED WORDS USED HENCEFORTH SHALL HAVE THE MEANING ACCORDED TO THEM UNDER THIS AGREEMENT. FURTHER, ALL HEADING USED HEREIN ARE ONLY FOR THE PURPOSE OF ARRANGING THE VARIOUS PROVISIONS OF THE AGREEMENT IN ANY MANNER. NEITHER THE USER NOR THE CREATORS OF THIS PRIVACY POLICY MAY USE THE HEADING TO INTERPRET THE PROVISIONS CONTAINED WITHIN IT IN ANY MANNER.

1. DEFINITIONS 

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below: 

“We,” “Our,” “Us,” and “Company” shall mean and refer to Treewalker Digital Private Limited and the Galla Platform operated by the Company. 

“You,” “Your,” “User,” and “Customer” shall mean and refer to natural and legal persons who use the Platform and who are competent to enter into binding contracts as per applicable laws. 

“Platform” refers to the Galla website (galla.app), mobile applications, and all associated services, including but not limited to GallaPOS, GallaWMS, and Galla WhatsApp Marketing. 

“Services” refer to the business management solutions provided through the Platform, including point of sale transactions, inventory management, warehouse management, customer relationship management, business analytics, and customer communication through WhatsApp Business API integration. 

“Personal Information” shall mean any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, including but not limited to name, email address, phone number, business information, and transaction data. 

“Third Parties” refer to any application, company, or individual apart from the User and the Company, including service providers, technology partners, and platform providers such as Meta Platforms, Inc.

2. INFORMATION WE COLLECT

We are committed to respecting your privacy and collecting only the information necessary to provide our Services effectively. The type and extent of information we collect depends on which Galla products you use. We collect information in the following categories: 

2.1 Account and Profile Information 

When you register for a Galla account, we collect basic information necessary to create and manage your account, including your name, email address, mobile phone number, password (stored in encrypted form), business name, business address, business type, and business registration details. This information is collected across all Galla products as it forms the foundation of your Platform account. 

2.2 GallaPOS (Point of Sale) Data 

If you use GallaPOS, we collect and process information related to your point of sale operations, including transaction records showing date, time, items sold, quantities, and prices; payment information including payment method, transaction amount, and payment status (note that actual credit card or bank account numbers are processed by our payment gateway partners and are not stored in our systems); customer information that you choose to collect at point of sale, such as customer name, phone number, or email address for receipts and loyalty programs; inventory data including product names, descriptions, SKUs, stock levels, purchase prices, and selling prices; employee information including staff names, roles, login credentials, and transaction histories for audit purposes; and sales analytics data including revenue totals, product performance, peak sales times, and customer purchasing patterns. 

2.3 GallaWMS (Warehouse Management) Data 

If you use GallaWMS, we collect and process information related to your warehouse and inventory management operations, including warehouse location details and facility information; inventory records including product information, quantities, locations within warehouse, batch numbers, expiry dates, and stock movement histories; supplier information including supplier names, contact details, and transaction histories; purchase order data including order details, quantities ordered, expected delivery dates, and order status; receiving and shipping records including goods received notes, dispatch records, and carrier information; stock adjustment records documenting inventory audits, wastage, damages, and corrections; and warehouse operation metrics including picking efficiency, storage utilization, and fulfillment times. 

2.4 Galla WhatsApp Marketing Platform Data 

If you use our Galla WhatsApp Marketing features, we collect and process information specifically related to WhatsApp business communications. This data collection is necessary to facilitate message delivery through WhatsApp Business API and includes the following categories: 

Customer Phone Numbers: We collect and store the phone numbers of your customers that you upload, import, or manually enter into our platform for WhatsApp messaging purposes. These phone numbers are stored securely in our database and are used exclusively to facilitate message delivery through WhatsApp Business API. We maintain these phone numbers for as long as you maintain an active WhatsApp Marketing subscription. 

Message Content and Templates: We collect and store the message content, templates, and media files that you create for your WhatsApp campaigns. This includes text messages, images, videos, documents, and interactive message templates. We store both draft messages and sent messages to enable campaign management, message history review, and template reuse. 

Conversation Data: When your customers reply to WhatsApp messages sent through our platform, we collect and store these responses and the resulting conversation history. This includes incoming messages, timestamps, media files received, and conversation threads. This data enables you to manage customer relationships, respond to inquiries, and maintain communication context across multiple interactions. 

Message Delivery and Engagement Data: We collect information from WhatsApp Business API about message delivery status, delivery timestamps, read receipts, message open rates, click-through rates for links in messages, and customer response rates. This data is used to provide you with campaign analytics, delivery reports, and engagement metrics. 

WhatsApp Business Account Information: We collect and store your WhatsApp Business phone number, business display name, business profile information, business verification status, and account settings configured through our platform. 

Consent and Opt-Out Records: While you are responsible for obtaining proper consent from customers before messaging them, our platform provides tools to record and manage consent status, opt-in dates, opt-in sources, opt-out requests, and opt-out dates. We maintain these records to help you comply with anti-spam regulations and honor customer preferences. 

2.5 Technical and Usage Information 

Regardless of which Galla products you use, we automatically collect certain technical information when you access our Platform, including IP address of your device; device type, model, and operating system; browser type and version; unique device identifiers; pages viewed and features accessed within the Platform; time spent on different sections; click patterns and navigation paths; date and time of access; referring website or source; and error logs and crash reports. This information is collected through cookies, log files, and similar technologies and is used to maintain Platform security, improve user experience, troubleshoot technical issues, and analyze usage patterns. 

2.6 Payment Information 

When you subscribe to paid features of the Platform, we collect billing information including billing address, company tax identification number if applicable, and payment method type. However, actual credit card numbers, CVV codes, and bank account details are collected and processed directly by our payment gateway partners (such as Razorpay, Stripe, or similar services) and are never stored on our servers. We only receive transaction confirmation and payment status information from these payment processors. 

2.7 Communication Data 

When you communicate with us through customer support, feedback forms, or other channels, we collect the content of your communications, your name and contact information, the nature of your inquiry or issue, correspondence history, and any attachments or files you provide. This information is used solely to respond to your inquiries, provide customer support, and improve our Services. 

3. OUR USE OF YOUR INFORMATION

We use the information we collect for the following purposes, depending on which Galla products and features you use: 

3.1 Service Delivery and Operations 

We use your information to provide, maintain, and improve our Services. For GallaPOS users, this includes processing sales transactions, managing inventory, generating receipts and invoices, tracking product performance, and providing sales analytics. For GallaWMS users, this includes managing warehouse inventory, tracking stock movements, processing purchase orders, managing supplier relationships, and optimizing warehouse operations. For Galla WhatsApp Marketing users, this includes facilitating message delivery through WhatsApp Business API, managing customer contact lists, tracking campaign performance, enabling customer conversations, and providing engagement analytics. 

3.2 Account Management and Authentication 

We use your account information to create and manage your Galla account, authenticate your identity when you log in, verify your access permissions to different features, enable single sign-on across Galla products, process subscription payments and renewals, send service-related notifications about your account status, and maintain account security through monitoring for suspicious activities. 

3.3 WhatsApp Business Communications 

For users of our Galla WhatsApp Marketing platform, we use your information specifically to transmit messages to customer phone numbers you specify through WhatsApp Business API infrastructure operated by Meta Platforms, Inc.; deliver message templates, text content, and media files to WhatsApp for customer delivery; receive and store customer responses to enable two-way conversations; track message delivery status, read receipts, and engagement metrics; generate campaign performance reports and analytics; manage customer opt-in and opt-out preferences; maintain conversation histories for customer relationship management; and ensure compliance with WhatsApp Business Policy requirements. 

Important Note on Customer Consent: You are solely responsible for obtaining proper consent from your customers before adding their phone numbers to our platform and sending them WhatsApp messages. You must have a lawful basis under applicable privacy and anti-spam laws for contacting each customer, such as explicit opt-in consent, an existing business relationship, or another legal ground for communication. You represent and warrant that all phone numbers you provide and all messages you send through our platform comply with applicable laws, WhatsApp Business Policy, and anti-spam regulations. Our platform provides tools to help you document and manage consent, but ultimate responsibility for compliance rests with you. 

3.4 Analytics and Platform Improvement 

We analyze usage data to understand how users interact with our Platform, identify popular features and areas needing improvement, detect and resolve technical issues and bugs, optimize Platform performance and loading times, develop new features and products based on user needs, and conduct research to enhance user experience. This analysis uses aggregated and anonymized data wherever possible. 

3.5 Customer Support and Communication 

We use your contact information to respond to your support requests and inquiries, provide technical assistance and troubleshooting, send important service announcements and updates about the Platform, notify you of changes to our terms, policies, or features, send account-related information such as password resets and security alerts, and communicate about subscription renewals and billing matters. You can control certain types of communications through your account settings. 

3.6 Security and Fraud Prevention 

We use information to detect and prevent fraud, abuse, and unauthorized access to the Platform; monitor for security threats and anomalous activities; verify user identities and prevent account takeovers; enforce our Terms of Service and prevent violations; protect our rights, property, and safety as well as those of our users; investigate and respond to security incidents; and maintain audit logs for compliance and security purposes. 

3.7 Legal Compliance and Obligations 

We use and retain information as necessary to comply with applicable laws, regulations, and legal processes; respond to lawful requests from government authorities, law enforcement, and regulatory bodies; enforce our legal rights and defend against legal claims; comply with tax, accounting, and financial reporting requirements; and fulfill other legal obligations as required by Indian law and international regulations where applicable. 

3.8 Business Operations and Internal Purposes 

We use information for internal business purposes including maintaining internal records and documentation, conducting internal audits and quality assurance, training our staff and improving customer support processes, performing business analysis and strategic planning, and managing vendor relationships and service provider integrations. 

4. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we share information with certain third parties in the limited circumstances described below: 

4.1 Meta Platforms / WhatsApp Business API 

For users of our Galla WhatsApp Marketing platform, we share certain information with Meta Platforms, Inc. (the parent company of WhatsApp) as necessary to facilitate message delivery through WhatsApp Business API. The shared information includes customer phone numbers to whom you send messages, message content including text, images, videos, and documents, message delivery timestamps, your WhatsApp Business Account information, and API usage metrics. 

Meta processes this information according to their own privacy policy, available at https://www.whatsapp.com/legal/privacy-policy, and uses it to operate WhatsApp’s messaging infrastructure, ensure platform security and integrity, prevent spam and abuse, improve WhatsApp services, and comply with their legal obligations. By using our WhatsApp Marketing features, you acknowledge that your messages are transmitted through Meta’s infrastructure and that both our Privacy Policy and WhatsApp’s Privacy Policy apply to this activity. 

4.2 Service Providers and Technology Partners 

We engage trusted third-party service providers to help us deliver our Services. These providers have access to your information only to perform specific tasks on our behalf and are contractually obligated to protect your information and use it only for the purposes we specify. Our service providers include: 

Cloud Infrastructure Providers: We use cloud hosting services such as Amazon Web Services (AWS) or Google Cloud Platform to store data and operate our Platform infrastructure. 

Payment Processors: We use payment gateway providers such as Razorpay, Stripe, or similar services to process subscription payments. These providers handle payment card information directly and never share complete payment details with us. 

Analytics Services: We use analytics tools such as Google Analytics, Firebase Analytics, or similar services to understand Platform usage patterns and improve user experience. 

Email Service Providers: We use email delivery services such as SendGrid, Amazon SES, or similar services to send transactional emails and service notifications. 

Customer Support Tools: We may use customer support platforms such as Zendesk, Freshdesk, or similar services to manage support tickets and customer communications. 

Security and Monitoring Services: We use security monitoring and threat detection services to protect the Platform and user data from unauthorized access and cyber threats. 

4.3 Business Transfers 

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of such transaction. In such events, we will provide notice before your information is transferred and becomes subject to a different privacy policy. 

4.4 Legal Requirements and Protection of Rights 

We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to comply with legal obligations, court orders, or government requests; enforce our Terms of Service or other agreements; protect our rights, property, or safety, or that of our users or the public; detect, prevent, or address fraud, security issues, or technical problems; investigate violations of our policies or applicable laws; or respond to claims that content violates the rights of third parties. 

4.5 With Your Consent 

We may share your information with third parties when you explicitly consent to such sharing. For example, if you choose to integrate third-party applications with your Galla account or export your data to external services, we will share the necessary information to enable such integrations with your permission. 

4.6 Aggregated and Anonymized Data 

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This may include industry trends, usage statistics, or research insights. Such information is not considered personal information under this Privacy Policy. 

5. DATA RETENTION

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Retention periods vary depending on the type of information and the Galla product you use: 

5.1 Account Information 

We retain your account information (name, email, business details) for as long as your account is active. When you close your account, we retain basic account information for ninety days to allow for account recovery if you change your mind. After ninety days, we permanently delete your account information, except where we are required to retain certain information for legal or regulatory compliance (such as tax records, which we retain for seven years as required by Indian law). 

5.2 Transaction and Business Data 

For GallaPOS and GallaWMS users, we retain transaction records, inventory data, and business analytics for as long as your account is active, plus an additional seven years after account closure to comply with tax, accounting, and regulatory requirements under Indian law. If you request earlier deletion of specific transaction records, we will accommodate such requests where legally permissible, but we may need to retain financial records for the full seven-year period. 

5.3 WhatsApp Marketing Platform Data 

For Galla WhatsApp Marketing users, we retain different types of information for varying periods based on their purpose and legal requirements: 

Customer Phone Numbers: We retain phone numbers for as long as you maintain an active WhatsApp Marketing subscription. When you delete a contact from your contact list within the platform, we remove that phone number from your active database within thirty days. If you cancel your WhatsApp Marketing subscription entirely, we delete all associated phone numbers within ninety days unless you explicitly request earlier deletion. 

Message Content and Conversations: We retain message content, templates, and conversation histories for twelve months from the date of message transmission. This retention period allows you to access historical conversations for customer service purposes and review past campaign content. After twelve months, message content is automatically deleted from our systems. 

Analytics and Delivery Metadata: We retain message delivery statistics, engagement metrics, and aggregated analytics data for twenty-four months to provide you with historical campaign performance analysis and trend reporting. This data includes delivery rates, read rates, response rates, and similar metrics but does not include actual message content. 

Opt-Out and Consent Records: We retain records of customer opt-outs and consent documentation for thirty-six months after the customer opts out or after your WhatsApp Marketing subscription ends, whichever is later. This extended retention period is necessary to honor opt-out requests even if you reactivate your subscription and to maintain compliance audit trails as required by anti-spam regulations and data protection laws. 

5.4 Technical and Usage Data 

We retain technical logs, usage analytics, and system monitoring data for twelve months for security purposes, troubleshooting, and Platform improvement. After twelve months, this data is either deleted or aggregated into anonymized statistical data that cannot identify individual users. 

5.5 Early Deletion Requests 

You may request deletion of your data at any time by contacting us at support@galla.app. We will process deletion requests within thirty days, except where we are legally required to retain certain information for compliance, legal defense, or regulatory purposes. We will inform you if we cannot fully delete your data due to legal retention requirements. 

6. DATA SECURITY

We treat data security as a critical priority and implement multiple layers of protection to safeguard your information against unauthorized access, alteration, disclosure, or destruction. Our security measures include: 

6.1 Encryption 

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher protocols. Sensitive data at rest, including passwords, payment information, and WhatsApp customer phone numbers, is encrypted using industry-standard encryption algorithms (AES-256). Database backups are also encrypted to protect data even in storage. 

6.2 Access Controls 

Access to user data is restricted through role-based access controls, ensuring that only authorized personnel who require access to perform their job functions can view personal information. Multi-factor authentication is required for administrative access to our systems. We maintain detailed audit logs of all access to sensitive data for security monitoring and compliance purposes. 

6.3 Infrastructure Security 

Our Platform is hosted on secure cloud infrastructure provided by reputable providers with robust security certifications (such as ISO 27001, SOC 2). We implement firewalls, intrusion detection systems, and continuous monitoring to detect and prevent unauthorized access attempts. Regular security patches and updates are applied to all systems to address known vulnerabilities. 

6.4 Application Security 

We follow secure coding practices and conduct regular code reviews to identify and fix security vulnerabilities. Our applications undergo periodic security testing including vulnerability assessments and penetration testing. We implement protection against common web application attacks such as SQL injection, cross-site scripting, and cross-site request forgery. 

6.5 WhatsApp Marketing Platform Specific Security 

Given the sensitive nature of customer phone numbers and message content, we implement additional security measures for our WhatsApp Marketing platform. Customer phone numbers are stored in encrypted form and are only decrypted when necessary for message transmission. Access to phone number databases and conversation histories is strictly limited to authorized support personnel responding to specific customer issues. We maintain separate audit logs for all access to WhatsApp-related data. API communications with WhatsApp Business API are encrypted and authenticated to prevent interception or tampering. 

6.6 Employee Training and Policies 

All employees and contractors with access to user data are required to sign confidentiality agreements and undergo security awareness training. We maintain strict data handling policies and procedures that all staff must follow. Regular training updates ensure our team stays current with security best practices and emerging threats. 

6.7 Incident Response 

We maintain an incident response plan to quickly identify, contain, and remediate security incidents. In the event of a data breach that affects your information, we will notify you and relevant authorities as required by applicable law, typically within seventy-two hours of discovering the breach. We will provide information about the nature of the breach, the data affected, and steps we are taking to address the situation. 

6.8 Limitations 

While we implement industry-standard security measures and continuously work to improve our security posture, no method of transmission over the internet or electronic storage is one hundred percent secure. We cannot guarantee absolute security of your information. You also play a role in security by maintaining the confidentiality of your account credentials, using strong passwords, enabling two-factor authentication where available, and promptly notifying us of any suspected unauthorized access to your account. 

7. YOUR RIGHTS

You have certain rights regarding your personal information. The specific rights available to you depend on your location and applicable privacy laws, but generally include the following: 

7.1 Access to Your Information 

You have the right to request a copy of the personal information we hold about you. You can access much of your information directly through your Galla account dashboard. For information not available through the dashboard, you can request a data export by contacting us at support@galla.app. We will provide your data in a commonly used, machine-readable format within thirty days of your request. 

7.2 Correction of Information 

You have the right to correct inaccurate or incomplete personal information. You can update most of your account information, business details, and preferences directly through your account settings. If you are unable to update information through your account or need assistance correcting data in our systems, contact us at support@galla.app and we will make the corrections within fifteen days. 

7.3 Deletion of Information 

You have the right to request deletion of your personal information, subject to certain legal exceptions. You can delete your account entirely through your account settings, which will initiate deletion of your personal information according to our data retention schedule. For specific deletion requests (such as deleting particular transaction records or WhatsApp contacts), contact us at support@galla.app. We will process deletion requests within thirty days, except where we are legally required to retain information for compliance, regulatory, or legal defense purposes. We will inform you if we cannot fully comply with a deletion request due to legal retention requirements. 

7.4 Data Portability 

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transfer this information to another service provider. We provide data export functionality within your account dashboard, allowing you to download your data in CSV, JSON, or Excel format. For assistance with data portability, contact us at support@galla.app. 

7.5 Restriction of Processing 

In certain circumstances, you have the right to request that we restrict how we process your personal information. For example, you may request restriction while disputing the accuracy of your data or while evaluating a deletion request. To request processing restrictions, contact us at support@galla.app with details of your request. 

7.6 Objection to Processing 

You have the right to object to certain types of processing of your personal information, particularly processing based on legitimate interests or for direct marketing purposes. While we do not currently engage in direct marketing beyond essential service communications, you can object to any processing by contacting us at support@galla.app. We will evaluate your objection and cease the relevant processing unless we have compelling legitimate grounds to continue. 

7.7 Withdrawal of Consent 

Where we process your information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to withdrawal. To withdraw consent, adjust your settings in your account dashboard or contact us at support@galla.app. Note that withdrawing consent may limit your ability to use certain features or services. 

7.8 Communication Preferences 

You can control the types of communications you receive from us through your account notification settings. You can opt out of non-essential emails by clicking the unsubscribe link in any email we send or by adjusting your preferences in your account. Note that even if you opt out of marketing communications, we will still send you essential service-related notifications such as security alerts, billing notices, and critical Platform updates. 

7.9 Rights for European Users (GDPR) 

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws. These include the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe we have processed your personal information unlawfully. The lead supervisory authority for cross-border complaints would typically be the authority in the EU member state where you reside or work, or where the alleged infringement occurred. You also have the right to object to automated decision-making, though we currently do not use automated decision-making or profiling that produces legal or similarly significant effects. 

7.10 Rights for California Users (CCPA) 

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA). These include the right to know what personal information we collect, use, and disclose; the right to request deletion of your personal information; the right to opt out of the sale of your personal information (note that we do not sell personal information); and the right to non-discrimination for exercising your CCPA rights. To exercise these rights, contact us at support@galla.app. We will verify your identity before processing CCPA requests. 

7.11 Exercising Your Rights 

To exercise any of the rights described above, please contact us at support@galla.app or WhatsApp us at +91 9980007940. Please provide sufficient information to allow us to verify your identity and locate your information in our systems. We will respond to verified requests within the timeframes required by applicable law, typically within thirty days. If we need additional time, we will notify you and explain the reason for the delay

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect information about your interactions with our Platform and to provide certain functionality. Understanding how we use these technologies helps you make informed choices about their use. 

8.1 What Are Cookies 

Cookies are small text files that are stored on your device when you visit a website. They help websites remember information about your visit, such as your preferences and login status. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until deleted or until they expire). 

8.2 Types of Cookies We Use 

Essential Cookies: These cookies are necessary for the Platform to function properly. They enable core functionality such as user authentication, account access, and security features. You cannot opt out of essential cookies if you wish to use the Platform, as it would not function properly without them. Examples include session cookies that keep you logged in and cookies that enable secure transmission of data. 

Functionality Cookies: These cookies remember your preferences and settings to provide a more personalized experience. They store information such as your language preference, dashboard layout preferences, and notification settings. These cookies do not track your browsing activity on other websites. 

Analytics Cookies: We use analytics cookies to understand how users interact with our Platform. These cookies collect aggregated information about page visits, feature usage, error occurrences, and user navigation patterns. We use this data to improve the Platform and optimize user experience. We may use Google Analytics or similar analytics services. These services may collect information such as your IP address, device type, browser type, and pages visited. 

Performance Cookies: These cookies help us monitor Platform performance and identify technical issues. They collect information about page load times, system errors, and resource usage to help us maintain and improve Platform reliability. 

8.3 Third-Party Cookies 

Some cookies are placed by third-party services that appear on our Platform. For example, Google Analytics places cookies to help us analyze usage patterns. We do not control these third-party cookies and recommend reviewing the privacy policies of these services to understand their data practices. Currently, we use the following third-party services that may place cookies: Google Analytics for usage analytics, payment gateway providers for payment processing, and cloud infrastructure providers for Platform operation. 

8.4 Managing Cookies 

Most web browsers allow you to control cookies through their settings. You can choose to block or delete cookies, though this may impact your ability to use certain features of the Platform. Browser settings vary, but you typically can find cookie controls in your browser’s privacy or security settings. Note that if you block essential cookies, you will not be able to log in to your Galla account or use most Platform features. You can control analytics cookies through your account privacy settings or through browser-based tools such as the Google Analytics Opt-out Browser Add-on. 

8.5 Other Tracking Technologies 

In addition to cookies, we use other tracking technologies such as web beacons (small transparent images embedded in web pages or emails) to track email opens and understand user engagement with our communications; local storage (browser storage for maintaining application state and caching data for performance); and device identifiers in our mobile applications for analytics and crash reporting purposes. 

9. CHILDREN’S PRIVACY

The Galla Platform is designed for use by businesses and is intended for individuals who are at least eighteen years of age. Our Services are not directed at children, and we do not knowingly collect personal information from individuals under the age of eighteen without appropriate parental or guardian consent. If you are under eighteen years old, you should not use our Platform or provide any personal information to us without your parent or guardian’s permission. 

If we become aware that we have collected personal information from a child under eighteen without proper parental consent, we will take steps to delete such information as quickly as possible. If you believe we have inadvertently collected information from a child, please contact us immediately at support@galla.app so we can investigate and take appropriate action. 

10.WHATSAPP BUSINESS INTEGRATION AND COMPLIANCE 

This section contains important information specifically for users of our Galla WhatsApp Marketing platform regarding WhatsApp Business Policy compliance, customer consent requirements, and prohibited uses. 

11.1 Your Responsibilities for WhatsApp Messaging 

When you use our Galla WhatsApp Marketing platform to send messages to customers, you assume full responsibility for compliance with all applicable laws and policies, including WhatsApp Business Policy, anti-spam regulations such as the Telecom Commercial Communications Customer Preference Regulations (TCCCP) in India, data protection laws such as GDPR and India’s Digital Personal Data Protection Act, and industry-specific regulations that may apply to your business. 

You specifically represent and warrant that you have obtained proper consent from each customer before adding their phone number to our platform and sending them WhatsApp messages; you have a lawful basis for contacting each customer, such as explicit opt-in consent, an existing business relationship, or another legal ground permitted by applicable law; you will not send unsolicited messages or spam; you will honor customer opt-out requests immediately and maintain opt-out lists; your messages comply with WhatsApp’s content policies and do not contain prohibited content; and you will not use our platform for any purpose that violates WhatsApp Business Policy or applicable laws. 

11.2 Consent Requirements 

Before sending WhatsApp messages to any customer, you must obtain clear, unambiguous consent that is specific to WhatsApp as a communication channel. Consent must be freely given, meaning customers must have a genuine choice and the ability to refuse without negative consequences. Consent must be informed, meaning customers must understand what they are consenting to, including the types of messages they will receive. Consent must be specific, meaning you cannot use blanket consent for all communications but must obtain separate consent for promotional messages versus transactional messages if both are used. Consent must be documented, and you should maintain records of how and when consent was obtained. 

Valid consent methods include explicit checkbox opt-in on your website or mobile app (not pre-checked), verbal consent during in-person or phone interactions where you clearly explain the WhatsApp communication and document the consent, SMS or email confirmation where the customer actively confirms they wish to receive WhatsApp messages, or QR code scanning or click-to-WhatsApp buttons where the action clearly indicates consent to receive messages. 

Invalid consent methods that are NOT acceptable include pre-checked boxes, implied consent without explicit opt-in action, bundling consent with unrelated terms and conditions, or purchasing contact lists without verified consent history. 

11.3 Opt-Out and Customer Preferences 

You must honor customer opt-out requests immediately and maintain accurate opt-out lists. Our platform provides tools to manage opt-outs, but you are responsible for implementing appropriate processes. You must provide clear opt-out instructions in your messages, such as “Reply STOP to unsubscribe,” process opt-out requests within twenty-four hours, never contact a customer who has opted out unless they explicitly opt back in, and maintain opt-out lists indefinitely or for as long as legally required. 

11.4 Prohibited Uses of WhatsApp Marketing 

The following uses of our WhatsApp Marketing platform are strictly prohibited: sending messages to users who have not opted in or provided consent; sending spam, unsolicited bulk messages, or messages to purchased contact lists without verified consent; impersonating another person, business, or entity; sending misleading, deceptive, or false information; sharing content that violates WhatsApp’s content policies, including illegal content, hate speech, harassment, violence, adult content, or intellectual property infringement; using the platform for illegal activities or fraud; circumventing customer opt-outs or ignoring customer preferences; exceeding message rate limits or engaging in abusive messaging practices; and harvesting or scraping phone numbers without authorization. 

11.5 WhatsApp Business Policy Compliance 

Our platform is designed to help you comply with WhatsApp Business Policy, but you remain ultimately responsible for ensuring your use complies with all of WhatsApp’s requirements. We encourage you to familiarize yourself with WhatsApp Business Policy, available at https://www.whatsapp.com/legal/business-policy. Key requirements include sending messages only to customers who have opted in, providing clear identification of your business in all messages, responding to customer inquiries within the timeframe specified by WhatsApp Business Policy, respecting customer privacy and not sharing their information without consent, and not using WhatsApp for financial services, gambling, or other restricted industries without proper authorization. 

11.6 Consequences of Policy Violations 

Violations of WhatsApp Business Policy or misuse of our WhatsApp Marketing platform can have serious consequences. Meta may suspend or terminate your WhatsApp Business Account, limiting or preventing your ability to send messages through their platform. We may suspend or terminate your access to our WhatsApp Marketing features if we determine you are using the platform in violation of policies, as such violations could jeopardize our relationship with Meta and our ability to provide services to other customers. You may face legal action from customers, regulatory bodies, or Meta for sending unsolicited messages or violating data protection laws. We reserve the right to monitor usage patterns and investigate suspected policy violations. If we identify violations, we will notify you and may take immediate action to suspend services to prevent further violations. 

11.7 Message Quality and User Experience 

WhatsApp monitors message quality and user feedback. If customers frequently block your business, report your messages as spam, or delete conversations with your business, this negatively impacts your message quality rating. Poor quality ratings can result in reduced message delivery rates or restrictions on your ability to send messages. To maintain good quality ratings, send relevant, valuable messages to customers who have opted in; personalize messages when appropriate; provide clear value in your communications; respond promptly to customer inquiries; avoid sending excessive messages; and honor customer preferences and opt-outs immediately. 

11. ACCESSING, REVIEWING AND CHANGING YOUR PROFILE

12. CONTROL OF YOUR PASSWORD

You agree not to use the account, username, email address or password of another Member at any time or to disclose your password to any third party. You are responsible for all actions taken with your login information and password, including fees. If you lose control of your password, you may lose substantial control over your personally identifiable information and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately change your password. You agree to notify us immediately if you suspect any consistent unauthorized use of your account or access to your password even after changing it.

13. SECURITY

However, as effective as encryption technology is, no security system is impenetrable. Our Company cannot guarantee the security of our database, nor can we guarantee that information you provide won’t be intercepted while being transmitted to the Company over the Internet. Users are advised to be aware of all information being shared by them.

14. SEVERABILITY

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last Updated” date at the top of this policy. The updated policy will become effective immediately upon posting unless otherwise specified. 

For material changes that significantly affect your rights or how we use your information, we will provide prominent notice through one or more of the following methods: displaying a prominent notice within the Platform when you log in, sending you an email to the address associated with your account at least thirty days before the changes take effect, or posting a notice on our website homepage. 

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Platform after changes become effective constitutes your acceptance of the updated Privacy Policy. If you do not agree with the updated policy, you should discontinue use of the Platform and may close your account by contacting us at support@galla.app. 

16. AUTOMATED DECISION MAKING

17. CONSENT WITHDRAWAL, DATA DOWNLOAD & DATA REMOVAL REQUESTS

18. CONTACT US