1. Introduction
iTechSarathi Private Limited uses selected third-party service providers to operate, secure, support and deliver its AI-powered ERP, CRM, automation, communication and AI-agent platform.
A subprocessor is a third party that may process Customer Data or personal data on behalf of iTechSarathi while providing infrastructure, communication, integration, AI, security or related technical services.
The actual providers and data categories involved depend on the modules and integrations enabled by a customer.
2. Our Approach to Subprocessors
Where appropriate, iTechSarathi evaluates a subprocessor based on factors including:
- the nature of the service;
- the type and sensitivity of information processed;
- security and access controls;
- confidentiality commitments;
- data-processing terms;
- retention and deletion procedures;
- incident-notification commitments;
- business-continuity arrangements;
- processing locations; and
- applicable legal requirements.
Where applicable, subprocessors are expected to:
- process information only for authorized purposes;
- maintain appropriate confidentiality safeguards;
- limit access to personnel who require it;
- maintain reasonable technical and organizational protections;
- notify iTechSarathi of relevant security incidents;
- assist with deletion, return or restriction of information where applicable; and
- comply with relevant contractual and legal obligations.
3. Current Subprocessors
3.1 Meta and WhatsApp
| Provider | Meta Platforms and the applicable WhatsApp contracting entities |
| Services | WhatsApp Business Platform, Cloud API, Meta Embedded Signup, WhatsApp Business Account onboarding, phone-number registration, template management, message delivery, media processing and webhook notifications |
| Information that may be processed | Meta Business Portfolio IDs, WhatsApp Business Account IDs, Phone Number IDs, business profile information, contact phone numbers, customer profile names, messages, media, templates, timestamps, delivery statuses, webhook events and account-quality information |
| Purpose | To allow authorized businesses to connect their WhatsApp Business Accounts, send and receive messages, manage templates, receive status updates and use WhatsApp communication features through iTechSarathi |
| Processing location | Meta and WhatsApp infrastructure and locations applicable to the relevant service and customer account |
| When used | When a customer enables or connects WhatsApp Business Platform functionality |
Meta and WhatsApp may independently process information under their own terms, privacy policies and business-service agreements. iTechSarathi does not control Meta’s independent account decisions, infrastructure, quality ratings, template approvals, restrictions or service availability.
3.2 Google
| Provider | Google LLC and applicable Google affiliates |
| Services | Google Cloud and Gemini or related AI APIs, Google OAuth, Google Calendar and other customer-authorized Google integrations supported by iTechSarathi |
| Information that may be processed | Prompts, relevant business context, messages, documents, images, audio, extracted text, generated outputs, account identifiers, authorization information, calendar events, appointment information, integration metadata and technical logs |
| Purpose | To provide AI-assisted replies, extraction, summarization, classification, document and image analysis, knowledge-base responses, calendar connectivity, appointment management and other customer-enabled functionality |
| Processing location | Google infrastructure and locations applicable to the selected service, customer configuration and provider terms |
| When used | When a customer enables an AI-powered feature or connects a supported Google integration |
The categories of information sent to Google depend on the feature and permission scope. iTechSarathi aims to limit information to what is reasonably necessary for the requested function.
Where available and applicable to the selected service, iTechSarathi seeks to use enterprise or API configurations intended to restrict Customer Data from being used for unrelated general-purpose model training.
3.3 Amazon Web Services
| Provider | Amazon Web Services, Inc., Amazon Web Services India Private Limited and applicable AWS affiliates |
| Services | Cloud hosting, computing, networking, database infrastructure, object and media storage, backup, security, monitoring and disaster recovery |
| Information that may be processed | Customer Data stored or processed through iTechSarathi, account information, ERP, CRM and HRMS records, WhatsApp message copies, media, uploaded files, AI-related records, application and security logs, backups and technical metadata |
| Purpose | To host, operate, secure, monitor, back up and maintain the iTechSarathi platform and associated services |
| Processing location | AWS regions selected and configured by iTechSarathi, together with any limited support, security or operational processing applicable under AWS terms |
| When used | As part of the core infrastructure used to provide the iTechSarathi platform |
AWS provides cloud infrastructure to iTechSarathi. iTechSarathi remains responsible for configuring its applications, permissions, security controls and retention settings within its AWS environment.
4. Summary
| Subprocessor | Main purpose | Principal data categories |
|---|---|---|
| Meta and WhatsApp | WhatsApp Cloud API, Embedded Signup, templates, messages, media and webhooks | WhatsApp identifiers, contact numbers, messages, media, templates and delivery-status information |
| AI functionality, Google OAuth, Calendar and supported Google integrations | Prompts, files, messages, generated outputs, account identifiers and calendar information | |
| Amazon Web Services | Hosting, storage, databases, networking, security, monitoring and backup | Platform Customer Data, ERP, CRM and HRMS records, files, media, logs and technical information |
5. Customer-Authorized Integrations
A customer may choose to connect a third-party account or service to iTechSarathi. Where a customer independently selects, configures and authorizes a third party, that provider may act as the customer’s own provider rather than solely as an iTechSarathi subprocessor.
The customer is responsible for:
- reviewing the third party’s terms and privacy practices;
- ensuring the integration is appropriate;
- obtaining required authorization and consent;
- managing permissions; and
- disconnecting the integration when it is no longer required.
6. Artificial Intelligence Processing
Some iTechSarathi modules may use Google AI services for:
- suggested replies;
- conversation summaries;
- lead and task detection;
- customer-intent classification;
- document and image extraction;
- knowledge-base responses;
- chatbot and voice-agent assistance;
- appointment assistance;
- business-data analysis; and
- workflow recommendations.
Only information relevant to the requested function is intended to be submitted.
AI outputs may be incomplete, inaccurate or unsuitable. Customers and Authorized Users must review outputs before relying on them for business decisions, particularly medical, legal, financial, employment, safety-critical or other high-impact decisions.
7. Data Processing Locations
Subprocessors may process information in India or other countries depending on:
- the selected cloud region;
- the customer’s configuration;
- the service being used;
- provider infrastructure;
- support and security requirements; and
- the location of the customer or user.
Where information is processed outside India, iTechSarathi takes reasonable steps intended to use reputable providers, apply appropriate contractual protections, limit information to what is necessary, restrict access to authorized purposes and use available security controls.
8. Security and Access Controls
Depending on the nature of the service and current technical implementation, safeguards may include:
- encryption in transit;
- encryption or equivalent protection at rest where appropriate;
- role-based access controls;
- multi-factor authentication for privileged access;
- secure credential and token management;
- tenant and environment separation;
- logging and monitoring;
- network controls;
- backup and recovery procedures;
- employee access restrictions;
- incident response; and
- vulnerability and patch management.
No online or cloud service can guarantee absolute security. Customers remain responsible for protecting passwords, devices, user permissions and integration credentials.
9. Changes to This List
iTechSarathi may add, remove or replace a subprocessor where reasonably necessary to improve functionality, performance, security, compliance or reliability or to respond to a third-party service change.
The latest list will be maintained on this page. For a material change involving a new provider that will process Customer Data, notice may be provided through this page, email, an account notification, release notes, contractual notice or another appropriate method.
Where required by a customer agreement, an enterprise customer may submit a reasonable data-protection objection within the period specified in that agreement. The objection must identify the specific privacy or security concern, and the parties will work in good faith to consider a reasonable solution.
10. Data Deletion and Return
Following account termination, integration disconnection or a valid request, Customer Data will be handled according to the applicable agreement, Data Processing Agreement, customer configuration, Privacy Policy, Data Deletion Instructions and legal requirements.
Deletion instructions are available at:
https://itechsarathi.in/data-deletion
Data deleted from active systems may temporarily remain in protected backups until the applicable backup-retention cycle is completed.
Where information is controlled independently by Meta, WhatsApp or Google, the customer or individual may also need to use the controls provided by that service.
11. Contact Us
Questions about subprocessors, processing locations or data protection may be submitted to:
- Email: admin@itechsarathi.in
- Subject: Subprocessor or Data Processing Enquiry
501 & 502, RM Arcade
Takshashila School Road
Nirant Cross Road
Near Karnavati
Vastral, Ahmedabad
Gujarat – 382415, India
Phone: +91 72038 23823
Grievance Officer: Suraj Tiwari