Legal

Privacy Policy

Effective date: 4 May 2026

This Privacy Policy explains how Kulp Labs Private Limited (“Kulp Labs”, “Frontel”, “we”, “us”) collects, uses, discloses, and protects personal data in connection with the Frontel AI receptionist platform and the website at frontel.in (the “Service”). It is written to align with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”), the Information Technology Act, 2000, and the rules made under them.

1. Roles: who is responsible for what

Frontel is a multi-tenant platform. The role we play depends on whose personal data is being processed:

  • For account holders (the doctors, owners, and staff who sign up to use Frontel): we are the Data Fiduciary. This Policy tells you what we do with your personal data and how to exercise your rights.
  • For end-callers (the patients, clients, or customers who phone a Frontel-operated number, and whose details are entered, dictated, or inferred during a call): the business operating that number (the “Tenant”) is the Data Fiduciary. Frontel acts as a Data Processor processing that personal data on the Tenant’s instructions. If you are an end-caller and want to exercise rights against your underlying clinic or business, please contact that business directly; we will assist them in responding.

2. The personal data we process

2.1 From account holders (Tenant Owners and Staff)

  • Identity and contact: name, email address, mobile number, the business you represent, your role within it.
  • Authentication signals: Google account identifier (when you sign in with Google), one-time-passcode hashes, IP address at the time the OTP was issued, last-login timestamps.
  • Calendar authorisation: the OAuth refresh token, email address, and selected calendar identifier of any Google Calendar account a doctor connects, plus webhook channel metadata for two-way sync. Refresh tokens are encrypted at the application layer before being written to our database.
  • Configuration: business name, address, hours, services, prices, doctor names and specialties, AI voice and language settings, custom greetings, FAQs, and other settings you enter.

2.2 From end-callers, on the Tenant’s behalf

  • Telephony metadata: caller phone number, called number, call direction, start and end timestamps, duration, and the ID of the underlying telephony session.
  • Call audio: a recording of the conversation with the AI agent, stored in object storage in India.
  • Transcripts: a turn-by-turn text transcript of the call.
  • Caller record: name, phone number, email (where volunteered), age, gender, address, the reason for the call (which may include health-related details such as a complaint, symptom, or preferred doctor).
  • Booking records: appointment time, duration, assigned doctor, service, source call.
  • Summaries: a short AI-generated description of what the caller asked for and what was done.
  • Callback queue items: caller phone number, name, and notes when the AI agent flags a call for human follow-up.

Some of this data may be sensitive — in particular, health-related information about the caller or a person they are calling about. The AI agent is configured to refuse clinical advice and to record only what the caller volunteers, but Tenants should ensure their callers are notified that calls are AI-handled and may be recorded.

2.3 From visitors to our website and product

  • Usage logs: IP address, user-agent, requested URL, referrer, response status, timestamp. We use these to operate and secure the Service.
  • Cookies / local storage: strictly necessary cookies and tokens used to keep you signed in, to remember your selected Tenant, and to remember UI preferences. We do not use third-party advertising or cross-site tracking cookies.

3. Why we process this data (purposes and lawful bases)

We process personal data for the following purposes:

  • To deliver the Service: receiving and routing calls, generating spoken responses, transcribing audio, summarising calls, booking and rescheduling appointments, syncing with Google Calendar, sending notifications, and presenting all of this in a dashboard.
  • To authenticate users and protect accounts: verifying email OTPs, validating Google sign-in, rate-limiting login attempts, detecting unauthorised access.
  • To bill, account, and report: invoicing, tax compliance, fraud and abuse monitoring, statutory record-keeping.
  • To support customers: responding to queries, troubleshooting issues, training our staff using the minimum necessary access.
  • To improve the Service: aggregated and de-identified analysis of usage, latency, and error patterns. We do not use identifiable Customer Data to train general-purpose foundation models.
  • To comply with law: responding to lawful requests from authorities, defending legal claims, enforcing our Terms.

Under the DPDP Act, our processing of account-holder personal data is based principally on the performance of the contract with you (these Terms and your subscription) and on legitimate uses such as compliance with law. For end-caller personal data processed on a Tenant’s behalf, the lawful basis (typically the caller’s consent or a legitimate use under section 7 of the DPDP Act) is the Tenant’s to establish; we process such data on the Tenant’s instructions.

4. How we share personal data

We do not sell personal data. We share it only as follows:

  • With sub-processors: vetted third parties that help us run the Service, listed in section 5 below. They are contractually bound to process personal data only on our instructions and with appropriate safeguards.
  • With your Tenant: if you are an end-caller, the Tenant whose number you called is the Data Fiduciary and can see the call recording, transcript, summary, and caller record.
  • For legal reasons: where disclosure is required by law, court order, or other lawful demand, or where necessary to establish, exercise, or defend legal claims, or to protect the vital interests of a person.
  • In a corporate transaction: in connection with a merger, acquisition, financing, or sale of all or part of our business, subject to standard confidentiality protections and on terms consistent with this Policy.

5. Sub-processors

We currently rely on the following categories of sub-processors:

  • Cloud infrastructure and storage — Amazon Web Services (Mumbai region) for application hosting, the Postgres database, and S3-compatible object storage of call recordings.
  • Telephony — Plivo Communications and equivalent carriers, for inbound and outbound PSTN connectivity and DID provisioning.
  • Real-time voice infrastructure — LiveKit, for carrying the audio session between the carrier and the AI agent.
  • AI models — Google (Gemini family) for speech understanding, conversational responses, and post-call summarisation. Audio and text are processed in transit and are not used by Google to train its general-purpose foundation models on our enterprise / API tiers.
  • Calendar — Google Calendar, when a doctor explicitly connects their account; we use only the scopes needed to read busy blocks and to write appointment events on the calendar the doctor selects.
  • Email — a transactional email provider, for OTPs, invites, and notifications.

We will keep the list above current. Material changes — for example, adding a sub-processor that handles personal data in a new category — will be communicated to Tenants through the dashboard or by email.

6. Where personal data is stored

Customer Data is hosted in the Asia Pacific (Mumbai) region. Limited operational metadata may transit through systems located outside India when calls are routed via international AI inference endpoints or when sub-processors deliver email or webhook traffic. Where such cross-border transfers occur, they are made in accordance with the DPDP Act and applicable government notifications.

7. How long we keep personal data

We retain personal data for as long as needed to provide the Service and to meet legal, accounting, and reporting obligations. As a baseline:

  • Call audio recordings: 90 days from the call, after which they are deleted from object storage.
  • Call transcripts and summaries: 24 months from the call.
  • Caller / patient records, appointments, callbacks: for as long as the Tenant’s subscription is active, plus 30 days after termination, after which we delete or anonymise them unless a longer period is required by law.
  • Account, invoicing, and tax records: up to 8 years, in line with Indian tax and corporate-records requirements.
  • Authentication logs: up to 12 months, longer where needed to investigate a security incident.

A Tenant Owner can request earlier deletion of any caller record from the dashboard or by writing to us; deletion is propagated to the recording and transcript stores within a reasonable time.

8. Your rights

Under the DPDP Act, account-holder Data Principals have the following rights with respect to personal data we hold as Data Fiduciary:

  • Access — to obtain a summary of the personal data we process about you and the identities of recipients with whom it has been shared.
  • Correction and erasure — to correct inaccurate or misleading data, complete incomplete data, update outdated data, and request erasure of personal data that is no longer necessary.
  • Grievance redressal — to raise grievances about our handling of personal data with our Grievance Officer (see section 12).
  • Nominate — to nominate another individual to exercise these rights in the event of your death or incapacity.
  • Withdraw consent — where we rely on consent, to withdraw it at any time, without affecting the lawfulness of processing prior to withdrawal. Withdrawing consent for essential processing may mean we are no longer able to provide parts of the Service.

To exercise these rights, write to us using the contact details in section 12. We may need to verify your identity before responding. End-callers should direct rights requests to the Tenant whose number they called; we will assist that Tenant in fulfilling them.

9. Security

We use reasonable technical and organisational measures to protect personal data, including:

  • encryption in transit (TLS) and encryption at rest;
  • application-layer encryption of high-value secrets (Google Calendar refresh tokens, OAuth credentials);
  • hashed storage of one-time passcodes and invite tokens;
  • tenant-scoped database access and row-level isolation;
  • least-privilege access for our staff, with audit logging;
  • rate-limiting and abuse protections on authentication endpoints.

No system is perfectly secure. If you believe an account has been compromised, write to us immediately at hello@frontel.in. We will notify affected Data Principals and the Data Protection Board of India of any personal-data breach as required by law.

10. Children

The Service is for businesses and is not intended for use by individuals under 18. The Service may, however, be used by a clinic to schedule appointments for paediatric patients, and a parent or guardian may speak to the AI agent on a child’s behalf. In such cases, the clinic is the Data Fiduciary and is responsible for obtaining any consent required under section 9 of the DPDP Act.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified through the dashboard or by email to account Owners at least 14 days before they take effect. The “Effective date” at the top of this page tells you when the current version was published.

12. Contact and Grievance Officer

For any privacy question, request to exercise your rights, or complaint, contact our Grievance Officer:

Ashish Kulkarni
Kulp Labs Private Limited
Runwal Gardens, Kalyan-Shil Road
Dombivli 421204, Maharashtra, India
Email: ashish@kulp.ai
Phone: +91 88791 85675

We will acknowledge grievances within a reasonable time and respond within the periods required by the DPDP Act and the Information Technology Rules. If you are not satisfied with our response, you may approach the Data Protection Board of India.