Privacy Policy

Last updated: May 2026

Welcome to Verbixo ("we," "our," or "us"). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you use our website (verbixo.com) and our automation platform.

1. Information We Collect

We collect information to provide, maintain, and improve our services. The types of data we collect include:

  • Account Information: When you register via Google or Email, we collect your name, email address, and profile picture for authentication and account management.
  • Third-Party Integration Data (OAuth): When you connect external platforms (like Meta/Facebook, Google Workspace, Shopify, Vapi.ai) to Verbixo, we request authorization to access specific data via secure Access Tokens. We do not store your passwords for these third-party services.
  • Automation Data: Information processed through our platform to execute your configured workflows (e.g., order details, messages). This data is processed temporarily in memory or stored securely if required for the specific automation history log.
  • Usage Data: Anonymous metrics such as feature usage, API call volume, and error logs to improve platform stability.
  • Payment Data: When you subscribe to Verbixo, payment transactions are processed entirely by Razorpay. We receive only a transaction ID, payment status, and plan details from Razorpay. We never store your credit card numbers, UPI IDs, or banking credentials on our servers.

2. Specific API Compliance & Third-Party Platforms

Meta (Facebook, Instagram, WhatsApp) Integration

When you connect your Facebook Pages, Instagram Business, or WhatsApp Business accounts to Verbixo, we request specific permissions (e.g., whatsapp_business_messaging, instagram_manage_messages) via Facebook Login for Business. We only use these permissions to send and read messages strictly on your behalf, as dictated by the automations you configure. We do not sell your Meta data, we do not share it with unauthorized third parties, and we do not use your customers' messaging data for our own advertising purposes.

Google API Limited Use Disclosure

Verbixo's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data accessed via Google integrations (such as Google Sheets and YouTube) is used exclusively to provide the automation functionality you configure and is never used to serve targeted advertisements.

By using our YouTube automation features, you acknowledge that Verbixo uses YouTube API Services. You are agreeing to be bound by the YouTube Terms of Service and the Google Privacy Policy. You can manage your Google security settings or revoke access at any time via the Google Security Settings page.

Vapi.ai (Voice AI) Integration

When you use Verbixo's Voice AI automations powered by Vapi.ai, we transmit your configured business context (such as business name, service details, and call scripts) to Vapi.ai's API to enable AI-powered voice calls. Call audio and transcripts are processed by Vapi.ai in accordance with their privacy policy. Verbixo does not store raw call audio. Call metadata (duration, status, summary) may be stored in your automation logs.

Tally ERP / Accounting Software Integration

Automations that interact with Tally ERP or similar accounting platforms use data you provide (such as invoice numbers, client names, and GST details) solely to execute the configured workflow. This data is transmitted directly from your connected Google Sheet or database to the target system and is not retained by Verbixo beyond the automation log entry.

Google Data Storage & Retention

Data accessed via Google integrations (Google Sheets, YouTube) is stored on secure, encrypted servers hosted by Supabase (AWS infrastructure, regions: US-East, Singapore). OAuth access tokens and refresh tokens are encrypted using AES-256-GCM before storage. Google user data processed during automation execution is retained in automation logs for a maximum of 90 days and is then automatically purged. Upon account deletion, all Google-related tokens and data are permanently deleted within 14 days.

3. AI Processing & Model Training

Verbixo utilizes large language models (LLMs) via enterprise APIs (such as OpenAI, Groq, or OpenRouter) to provide intelligent automation features. We have strict data processing agreements in place ensuring that the data you process through Verbixo is NOT used to train the base models of these AI providers.

4. Data Security

We implement industry-standard security measures, including HTTPS/TLS encryption for data in transit, and AES-256 encryption for sensitive data at rest (such as third-party API keys and OAuth tokens). Our infrastructure is protected by Cloudflare edge security, strict Content Security Policies (CSP), and automated threat detection.

5. Data Retention and Deletion (User Rights)

You have the right to access, update, or delete your personal data. We retain your data only for as long as your account is active or as needed to provide you services.

How to Request Data Deletion or Revoke Access:

  1. Account Deletion: You can request complete deletion of your account and all associated data by emailing privacy@verbixo.com. We will process your request within 14 days.
  2. Revoking Third-Party Access: You can disconnect any integration directly from the "Integrations" tab in your Verbixo Dashboard. For Meta/Facebook, you can also revoke Verbixo's access directly from your Facebook Business Integrations settings. Doing so instantly invalidates our access tokens.

6. Third-Party Service Providers

We use trusted third-party services to operate our platform. These providers are bound by strict confidentiality agreements:

  • Supabase & Firebase — Database hosting and Authentication (Servers: US-East, Singapore)
  • Cloudflare & Vercel — Hosting, CDN, and Edge computing
  • Razorpay / Paddle — Secure payment processing (We do not store your credit card or UPI information. All payment data is handled directly by Razorpay in accordance with PCI-DSS standards.)
  • OpenAI / Groq / OpenRouter — AI inference processing
  • Vapi.ai — Voice AI call processing
  • Meta (Facebook / WhatsApp / Instagram) — Messaging API services

7. Cookies & Tracking Technologies

Verbixo uses the following cookies and similar technologies:

  • Essential Cookies: Session cookies required for authentication (NextAuth session token) and CSRF protection during OAuth flows. These are strictly necessary and cannot be disabled.
  • OAuth State Cookies: Short-lived (10-minute) httpOnly cookies used to verify the integrity of OAuth authorization flows with Google and Meta. These are deleted automatically after use.
  • Preference Cookies: We may store your dashboard layout or theme preference locally in your browser's localStorage. This data never leaves your device.

Verbixo does not use third-party advertising cookies, tracking pixels, or analytics SDKs that profile individual users. We do not serve targeted advertisements.

8. Children's Privacy

Verbixo is a B2B automation platform designed for business use. Our Service is not directed at individuals under the age of 18. We do not knowingly collect or process personal information from children. If we discover that a user is under 18, we will promptly delete their account and all associated data. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@verbixo.com.

9. International Data Transfers & Regulatory Compliance

Verbixo operates from India and serves users across 120+ countries. We are committed to complying with applicable data protection regulations:

  • India — Digital Personal Data Protection (DPDP) Act, 2023: As a data fiduciary, we process personal data only for the purposes consented to by the Data Principal (you). You have the right to access, correct, and erase your personal data at any time.
  • EU/EEA — General Data Protection Regulation (GDPR): If you are located in the EU/EEA, your data is processed under the lawful basis of contract performance (to provide the automation services you configure) and legitimate interest (platform security and improvement). You have rights under Articles 15–22 of the GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.
  • California — CCPA/CPRA: If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of your personal information. Verbixo does not sell your personal information to any third party.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. We will notify you of any significant changes via email or an in-app notification.

11. Contact Us

If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Email: privacy@verbixo.com

Entity: Verbixo

Registered Address: B-4/55, Ground Floor, Paschim Vihar, New Delhi-110063, India