Privacy Policy

Effective date: July 14, 2026

This Privacy Policy explains how Caspian ("Caspian", "we", "us", or "our") collects, uses, discloses, and safeguards information in connection with the Caspian communication gateway and related websites, APIs, dashboards, SDKs, and integrations (collectively, the "Service"). Caspian provides infrastructure that lets AI agents send and receive messages across communication channels - including email, WhatsApp, Instagram, Facebook Messenger, Discord, Telegram, iMessage, and SMS - on behalf of the developers and organizations that integrate the Service.

For most message content, Caspian acts as a data processor that processes information solely on the instructions of the developer or organization (the "Customer") that operates an agent. The Customer is the data controller for the end-user communications they route through the Service. For account and billing information about the Customer itself, Caspian acts as a data controller. Please read this Policy together with our Terms of Service.

Contents
  1. Definitions
  2. Information We Collect
  3. How We Use Information
  4. Legal Bases for Processing
  5. How We Share Information
  6. Subprocessors & Service Providers
  7. Data Retention
  8. International Data Transfers
  9. Data Security
  10. Your Rights (GDPR/UK GDPR)
  11. California Privacy Rights (CCPA/CPRA)
  12. Cookies & Tracking
  13. Analytics
  14. Children's Privacy
  15. Third-Party Channels & Links
  16. Changes to This Policy
  17. Contact Us

1. Definitions

2. Information We Collect

2.1 Information you provide

When a Customer creates an account or configures the Service, we collect account details such as name, email address, organization name, API keys, and channel-connection settings (for example, bot tokens or OAuth authorizations for connected accounts). Access tokens and channel credentials are stored encrypted at rest.

2.2 Message & Channel Data

To deliver the Service we process the messages routed through the gateway, including message content, sender and recipient identifiers (such as email addresses, phone numbers, or platform handles), thread and conversation identifiers, timestamps, delivery status, and related metadata. We process this data on the Customer's instructions and only to transmit, receive, normalize, and report on those communications.

2.3 Usage Data

We automatically collect technical information such as IP address, request timestamps, API endpoints called, device and browser type, and diagnostic logs. This supports reliability, security, and abuse prevention.

2.4 Information from third parties

When a Customer connects a channel, the relevant provider (for example, Meta, Twilio, or an iMessage relay) may share identifiers and tokens necessary to send and receive messages on the connected account.

3. How We Use Information

We use information to: (a) provide, operate, and maintain the Service; (b) route messages between agents and End Users; (c) authenticate Customers and secure accounts; (d) monitor, troubleshoot, and improve reliability and performance; (e) detect, prevent, and address fraud, abuse, and security incidents; (f) communicate with Customers about the Service, including transactional and, where permitted, product notices; (g) comply with legal obligations; and (h) enforce our agreements. We do not sell Personal Data, and we do not use message content to train machine-learning models or for advertising.

Where the EU/UK General Data Protection Regulation applies, we rely on the following legal bases: performance of a contract (to provide the Service); legitimate interests (to secure, improve, and operate the Service in ways that do not override individuals' rights); compliance with legal obligations; and consent where required. For End-User communications processed on a Customer's behalf, the Customer is responsible for establishing the appropriate legal basis and any required consents.

5. How We Share Information

We share information only as needed to operate the Service:

We do not sell or rent Personal Data to third parties.

6. Subprocessors & Service Providers

We engage subprocessors to provide the Service. These may include, without limitation, communication-channel providers (such as Meta Platforms for WhatsApp, Instagram, and Messenger; Twilio for SMS and WhatsApp; and third-party relays for iMessage), cloud infrastructure and email providers (such as Amazon Web Services), and product-analytics providers. Each subprocessor processes data only to the extent necessary to perform its services and is bound by appropriate data protection obligations. A current list of subprocessors is available on request at rushant@saasden.club.

7. Data Retention

We retain Personal Data only as long as necessary to provide the Service and for the purposes described in this Policy, unless a longer retention period is required or permitted by law (for example, to comply with legal obligations, resolve disputes, or enforce our agreements). Message Data is retained according to the Customer's configuration and instructions; Customers may request deletion as described in Section 10 and in our Data Deletion instructions. When data is no longer needed, we delete or anonymize it.

8. International Data Transfers

Caspian and its subprocessors may process and store information in countries other than the one in which you reside, including the United States. Where we transfer Personal Data across borders, we implement appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, to protect the data consistent with applicable law.

9. Data Security

We maintain administrative, technical, and organizational safeguards designed to protect information, including encryption of channel credentials at rest, transport encryption (TLS), signed and verified inbound webhooks, access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security; you use the Service at your own risk and should protect your API keys and credentials.

10. Your Rights (GDPR/UK GDPR)

If you are located in the EEA, the United Kingdom, or a similar jurisdiction, you may have the right to access, correct, update, or delete your Personal Data; to restrict or object to certain processing; to data portability; and to withdraw consent where processing is based on consent. To exercise these rights, contact us at rushant@saasden.club. Where Caspian processes data on a Customer's behalf, we will refer requests from End Users to the relevant Customer and support the Customer in responding. You also have the right to lodge a complaint with a supervisory authority.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have the right to know what Personal Information we collect and how we use and disclose it, to request deletion or correction, and to be free from discrimination for exercising your rights. Caspian does not sell or share Personal Information as those terms are defined under the CCPA/CPRA. To submit a request, contact rushant@saasden.club. We will verify your request consistent with applicable law.

12. Cookies & Tracking

Our websites and dashboards may use cookies and similar technologies for essential functionality, security, and to remember preferences. The message gateway and APIs are not advertising products and do not use tracking cookies for advertising. You can control cookies through your browser settings; disabling some cookies may affect dashboard functionality.

13. Analytics

We may use privacy-conscious product-analytics tools to understand aggregate usage and improve the Service. These tools process Usage Data under contractual data protection obligations and are not used to profile End Users or serve advertising.

14. Children's Privacy

The Service is intended for businesses and developers and is not directed to individuals under 18. We do not knowingly collect Personal Data from children. If you believe a child has provided us Personal Data, contact us and we will take steps to delete it.

15. Third-Party Channels & Links

The Service interoperates with third-party communication platforms, each with its own terms and privacy practices. We are not responsible for the content or privacy practices of those platforms or of any third-party websites linked from our properties. Your use of a connected channel is also subject to that provider's policies.

16. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Effective date" above and, where appropriate, provide additional notice. Continued use of the Service after an update constitutes acceptance of the revised Policy.

17. Contact Us

For questions or requests regarding this Policy or your Personal Data, contact us at rushant@saasden.club.