security

Security and privacy, built for Bharat.

halloo.ai is built on the assumption that the data your callers share belongs to them — and stays in India.

Hosted in India

All compute and storage runs in Indian data centres (Mumbai region). Call recordings, transcripts, and contact data never leave the India region.

Consent on every call

The agent opens each call with an explicit recording-consent line. If the caller declines, we hang up and mark the contact accordingly. Consent state is recorded against the call row.

DPDP-aligned

Data minimisation, purpose limitation, retention windows, and Right-to-Erasure are all built into the operator console. Tenant data is isolated by tenant_id at the row level.

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest. OAuth tokens for connected vendors stored encrypted; rotated on every refresh.

Full audit trail

Every tool call, calendar booking, WhatsApp send, and email dispatch is recorded in a per-tenant audit log alongside the call recording.

Request access or deletion

DSAR and erasure requests can be submitted to dpo@tryhalloo.in. We acknowledge within 24h and complete within the DPDP-mandated 30 days.

Reach our DPO

For Data Subject Access Requests, erasure requests, or any data-protection inquiry, email dpo@tryhalloo.in. For commercial security questions (SOC 2, ISO 27001 roadmap, custom DPAs), email hello@tryhalloo.in.

Book a demo