Privacy Policy

Pleisys ("we", "our", or "us") operates Pleisys Engage, a multi-channel marketing automation platform available at engage.pleisys.com. This Privacy Policy explains how we collect, use, store, and share information when you use our platform as a registered business user ("Tenant") or visit our website.

By creating an account or using Pleisys Engage, you agree to the practices described in this policy. If you do not agree, please discontinue use of the platform.

2.1 Account & Registration Data

When you sign up we collect your name, email address, and password (hashed). If you sign up via Google OAuth we receive your Google profile name and email. We also store your selected plan, billing details (handled by Stripe or Razorpay — we do not store raw card numbers), and organisation/workspace information you provide during onboarding.

2.2 Platform Usage Data

We collect logs of actions taken within the platform (campaigns created, messages sent, contacts imported, API calls made) for billing, analytics, security, and service-improvement purposes.

2.3 Contact Data You Import

As a Tenant, you may import end-user contact lists (names, phone numbers, email addresses, custom attributes). You are the data controller for this data; Pleisys acts as a data processor on your instructions. We do not use your contact data for our own marketing or share it with third parties beyond what is necessary to deliver the service (e.g., routing a WhatsApp message via Meta's Cloud API).

2.4 Cookies & Technical Data

We use session cookies to keep you logged in and functional cookies required for the platform to work. We do not use third-party advertising cookies. Standard server logs capture IP address, browser type, and request metadata for security and diagnostics.

• To create and manage your account and workspace.
• To deliver platform features including campaign sending, inbox management, and analytics.
• To process payments via Stripe (USD) or Razorpay (INR).
• To route messages through WhatsApp (Meta Cloud API), Email (AWS SES / tenant-configured provider), SMS, and Telegram.
• To generate AI-powered content suggestions using Anthropic Claude (prompt data is not retained by Anthropic for training).
• To send transactional emails such as email verification, password reset, and billing receipts.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with applicable legal obligations.

We do not sell your personal data or your contact lists to third parties.

We rely on the following sub-processors to deliver the platform:

Account data is retained for the duration of your subscription and for 90 days after account closure to allow for dispute resolution and legal compliance, after which it is permanently deleted. Imported contact data is deleted within 30 days of workspace deletion or upon a verified erasure request. Audit logs and billing records may be retained for up to 7 years as required by applicable law.

Depending on your jurisdiction, you may have the right to access, correct, export, or erase your personal data. You can submit a data subject access request (DSAR) directly through the platform at engage.pleisys.com/dsar or by emailing privacy@pleisys.com. We will respond within 30 days.

You may also opt out of non-essential communications at any time by unsubscribing via the link in any email we send you, or by contacting us directly.

All data in transit is encrypted via TLS 1.2+. Passwords are hashed using bcrypt. API keys and third-party credentials stored on the platform are encrypted at rest using AES-256. We maintain access controls, audit logging, IP allowlist support, and multi-factor authentication (MFA) options for all accounts.

Pleisys Engage is a business platform intended for users aged 18 and above. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or an in-app banner at least 14 days before the change takes effect. The effective date at the top of this page reflects the most recent revision.

For privacy-related questions or requests: