Privacy Policy
Last updated: 15 July 2026
This Privacy Policy explains how ConfirmDesk ("ConfirmDesk", "we", "us") handles personal data when we provide outbound appointment-confirmation voice calls on behalf of our business customers (clinics, salons, coaching institutes and similar). It is drafted with reference to India's Digital Personal Data Protection Act, 2023 ("DPDP Act").
1. Our role: Data Processor
For personal data about your customers (the people we call), our business customer is the Data Fiduciary and ConfirmDesk acts as a Data Processor, processing that data only on documented instructions to deliver the confirmation-call service. For data about our business customers' own accounts and staff, ConfirmDesk acts as the Data Fiduciary.
2. What data we process
- Customer name, phone number, appointment time and preferred language, supplied by our business customer.
- Call audio and recordings, transcripts, and the classified call outcome (confirmed, rescheduled, cancelled, no-answer).
- Account and contact details for business customers and their staff users.
- Basic technical logs needed to operate and secure the service.
3. Purpose and lawful basis
We process personal data solely to place service/transactional appointment-confirmation calls tied to an existing appointment, to report outcomes back to the business customer, and to operate, secure and improve the service. We do not use this data for advertising and do not sell it.
4. Data retention
Call recordings and associated transcripts are retained for 90 days by default and then deleted, unless a business customer configures a different retention window or a longer period is required by law. Customer contact details are retained only as long as needed to provide the service and are then deleted or de-identified.
5. Deletion and data-principal rights
We honour delete-on-request. Individuals may ask the business that scheduled their appointment to have their data deleted, and business customers can instruct us to delete specific records or an entire dataset. Subject to applicable law, we will action verified deletion requests promptly. Data principals also have rights to access and correct their data and to grievance redressal.
6. Sharing and sub-processors
We share personal data with vetted sub-processors strictly to deliver the service (for example, telephony and cloud-infrastructure providers). We require them to protect the data under contractual terms consistent with this policy and the DPDP Act.
7. Security
We use reasonable technical and organisational safeguards — including encryption in transit, access controls and audit logging — to protect personal data against unauthorised access, loss or misuse.
8. Grievance officer & contact
For privacy questions or to exercise your rights, contact our grievance officer at privacy@confirmdesk.example. We will respond within the timelines required by applicable law.
9. Changes
We may update this policy from time to time. Material changes will be notified to business customers. Continued use of the service after an update constitutes acceptance of the revised policy.
Placeholder contact details and dates are illustrative and must be replaced before publication.