Bolti AI - Automated Call Agent Platform Logo

Privacy Policy

Last Updated: 17 Feb 2026

Bolti (operated by Kstars Technology LLP) is committed to protecting personal data and processing it responsibly in accordance with applicable Indian law, including the Digital Personal Data Protection Act, 2023 (DPDP Act).

This Privacy Policy describes how we collect, use, process, store, and protect personal data when you access bolti.co.in or use our voice automation platform (“Services”).

1. Legal Entity Information

Entity Name: Kstars Technology LLP
Registered Address:
Unit 703, Baba Sadan CHS, Sector 4 A,
Kopar Khairane, Navi Mumbai – 400709, Maharashtra – 400709, India

Contact Email: [email protected]

For all privacy or data protection requests, please contact us at the above email.

2. Scope

This Policy applies to:

  • Visitors to bolti.co.in
  • Customers using the Bolti platform
  • Individuals whose personal data is processed through customer-configured workflows

3. Data We Collect

A. Website Data

When you visit bolti.co.in, we may collect:

  • Name
  • Email address
  • Phone number
  • Company name
  • IP address
  • Usage analytics via Google Analytics

We do not use advertising cookies or third-party tracking pixels.

B. Data Processed Through the Platform

Bolti acts as a Data Processor on behalf of its customers.

Depending on customer configuration, we may process:

  • Call recordings
  • Call audio files
  • Call transcripts
  • Call summaries
  • Extracted structured data (e.g., resume parsing outputs)
  • CRM data integrated into calls
  • Contact details such as phone numbers and emails

We do not store WhatsApp conversations.

4. Call Recording & Storage

For standard users:

  • Call recordings, transcripts, summaries, and structured outputs are stored in Amazon Web Services (AWS), Mumbai region (ap-south-1).
  • Data is encrypted at rest using AES-256 encryption in Amazon S3.
  • Data is encrypted in transit using TLS 1.2+.
  • Data is retained while the customer account remains active unless deletion is requested.

For enterprise customers:

  • Call recording can be disabled.
  • Storage can be configured to occur on customer-controlled infrastructure.
  • Customers may request deletion at any time by emailing [email protected].

5. Purpose of Processing

We process personal data solely to:

  • Execute customer-configured voice workflows
  • Trigger API actions and business logic
  • Generate transcripts and summaries
  • Provide analytics and reporting
  • Maintain platform functionality and security

We do not sell personal data.

6. AI Processing & Model Usage

Bolti integrates with third-party AI and speech providers, including:

OpenAI
Google Gemini
Anthropic
Groq
ElevenLabs
Cartesia
Sarvam AI
Deepgram
AssemblyAI
Microsoft Azure

Some of these vendors process data on infrastructure located outside India.

By using our Services, customers acknowledge that personal data may be transferred to and processed by these third-party vendors in accordance with their respective privacy policies and security practices.

Bolti does not use customer data to train proprietary AI models unless explicitly agreed in writing.

7. Subprocessors

We use the following subprocessors for service delivery:

Cloud Infrastructure:

  • Amazon Web Services (AWS) – Mumbai (ap-south-1)

Telephony:

  • Elision Technologies
  • Customer-provided Twilio
  • Customer-provided Plivo
  • SIP trunk providers

AI & Speech Providers:

  • OpenAI, Google Gemini, Anthropic, Groq, ElevenLabs, Cartesia, Sarvam AI, Deepgram, AssemblyAI, Microsoft Azure

These subprocessors process data strictly for providing functionality of the Services.

8. Data Retention

Unless otherwise contractually agreed:

  • Website lead data: up to 24 months
  • Call recordings and transcripts: retained while customer account remains active
  • System logs and metadata: up to 12 months
  • Backup data: up to 90 days

Customers may request deletion at any time.

Upon account termination, data may be deleted within 30 days unless retention is required by law.

9. Security Measures

We implement technical and organizational safeguards including:

  • AES-256 encryption at rest in AWS S3
  • TLS 1.2+ encryption in transit
  • Role-based access control (RBAC)
  • Audit logging
  • Virtual Private Cloud (VPC) isolation
  • Restricted production access controls

We are currently on the roadmap toward SOC 2 compliance.

10. Data Roles

For platform data:

  • Customers are Data Controllers
  • Bolti acts as Data Processor
  • We process data only under documented customer instructions

We offer Data Processing Agreements (DPAs) upon request.

11. User Rights

In accordance with applicable law, individuals may:

  • Request access to personal data
  • Request correction
  • Request deletion
  • Withdraw consent

Requests may be submitted to [email protected].

We aim to respond within 30 days.

12. Children’s Privacy

Bolti does not knowingly provide Services to individuals under 18 years of age.

13. International Transfers

While primary infrastructure is located in India, certain AI and speech processing vendors operate infrastructure outside India.

Where such transfers occur, they are made for the purpose of providing the Services and subject to vendor security and privacy safeguards.

14. Updates to This Policy

We may update this Privacy Policy from time to time. The revised version will be posted on bolti.co.in with an updated “Last Updated” date.