logo

Legal

Privacy Policy

Version Date: April 2026

This Privacy Policy (“Privacy Policy”) applies to the products and services offered, and the websites operated by Talisma Corporation Private Limited (“Talisma”, “Company”, “we”, “our”, or “us”), including https://talisma.com and https://talisma.ai, together with related domains, subdomains, hosted applications, AI interfaces, digital engagement tools, customer support channels, and associated products and services (collectively, the “Offerings”).

Talisma Corporation Private Limited is a company incorporated under the Companies Act, 1956, with its registered office at Ground Floor, “Phoenix” – Magnificia, Vijanapura, Mahadevapura Ward, Old Madras Road, Dooravaninagar, Bangalore – 560 016, Karnataka, India.

This Privacy Policy explains how personal data is collected, used, stored, disclosed, transferred, protected, and otherwise processed when a person visits, accesses, uses, evaluates, subscribes to, or interacts with the Offerings. It also describes the rights and choices available to data subjects under applicable law, including India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and applicable rules, the GDPR and UK GDPR where relevant, and the California Consumer Privacy Act where applicable.

By accessing or using any of the Offerings, or by otherwise providing personal data to Talisma, the user acknowledges that they have read and understood this Privacy Policy and agree to the collection and processing of personal data in accordance with it, to the extent permitted by applicable law.

1. Objective and Scope

Talisma is committed to protecting privacy, applying reasonable security safeguards, and processing personal data in a fair, lawful, transparent, and proportionate manner. This Privacy Policy is intended to provide a clear statement of Talisma's privacy practices relating to the personal data of website visitors, prospective customers, customer personnel, end users, business partners, job applicants, and other individuals whose data may be processed through the Offerings.

This Privacy Policy applies to personal data processed by Talisma in one or more of the following capacities:

  • as a provider of its own websites, demos, forms, sales channels, and marketing activities; and
  • as a provider of enterprise software, AI-enabled engagement tools, and support services to business customers.

In some cases, Talisma may act as a "data fiduciary," "controller," or equivalent primary decision-maker for personal data. In other cases, particularly where enterprise customers use Talisma's Offerings to manage their own customer, student, patient, citizen, employee, or prospect interactions, Talisma may act as a "data processor," "service provider," or equivalent processor acting on documented instructions from the relevant customer.

Where a customer or partner controls the purpose and means of processing carried out using the Offerings, that customer's privacy notice may also apply to the end user interaction. In such cases, questions about the relevant customer-controlled processing may need to be directed to that customer in the first instance.

2. Categories of Data Collected

Talisma may collect personal data directly from the individual, automatically through the Offerings, from customers and affiliates, from third-party business sources, and from publicly available sources, depending on the context of the interaction.

The categories of personal data collected may include:

  • identity data, such as first name, last name, username, employer name, job title, department, and professional profile details;
  • contact data, such as business or personal email address, mobile number, telephone number, correspondence address, city, state, country, and postal code;
  • account and authentication data, such as login credentials, account identifiers, role information, password hashes, single sign-on attributes, and multi-factor authentication data where applicable;
  • transaction and relationship data, such as customer account details, subscription details, purchase history, contract details, service history, billing contacts, and support records;
  • communications data, such as emails, chat messages, call recordings where notified, meeting notes, support tickets, forms, survey responses, and user feedback;
  • device and technical data, such as IP address, browser type, operating system, device identifiers, language settings, access timestamps, clickstream data, and diagnostic logs;
  • location data, such as approximate location inferred from IP address or more precise location where explicitly enabled through device permissions;
  • usage data, such as pages viewed, links clicked, session duration, features accessed, workflow events, channel activity, and product interaction history;
  • AI interaction data, such as prompts, instructions, uploaded content, chat transcripts, model outputs, feedback labels, ratings, escalation history, and automation outcomes generated through Talisma.ai or other AI-enabled Offerings; and
  • compliance or verification data, such as records needed to establish legal compliance, investigate security incidents, prevent abuse, or respond to lawful requests.

Where device-level permissions are requested in a mobile or browser experience, Talisma may access camera, microphone, files, media, location, or similar device capabilities solely to the extent needed for a relevant feature and subject to the permissions granted by the user. Such permissions may generally be withdrawn through device settings, though doing so may limit the operation of certain features.

Talisma does not knowingly collect or store contact-book or address-book information from a user's device unless an Offering specifically requires such functionality and the user or customer administrator expressly enables it through a documented feature flow. Talisma's baseline privacy position is that contact-list data is not collected by default.

Talisma does not sell personal data to third parties.

3. Sensitive Data and Data Minimization

Talisma seeks to collect only the personal data that is reasonably necessary for the stated purpose, contractual requirement, feature requested, security need, or legal obligation involved. Data minimization is especially important in the context of AI systems, analytics, and automated workflows.

Users, customers, and customer administrators should avoid submitting highly sensitive personal data into free-text fields, AI prompts, or chatbot conversations unless such submission is clearly necessary for the intended business use and is supported by appropriate legal basis, access controls, and contractual coverage.

Where sensitive personal data, special-category data, children's data, financial account data, health-related information, official identifiers, or other regulated classes of information may be processed through a specific Offering, Talisma may provide additional notices, contract terms, technical controls, or product restrictions as appropriate to the context.

4. Purposes of Processing

Talisma may process personal data for one or more of the following purposes:

  • to provide access to the websites, applications, portals, and enterprise Offerings;
  • to enable account creation, user authentication, provisioning, access control, and system administration;
  • to respond to enquiries, demos, support requests, grievances, and other communications;
  • to provide, configure, host, support, maintain, and improve the Offerings;
  • to personalize content, journeys, and engagement flows based on preferences, profile information, or prior interactions;
  • to operate AI-powered chatbots, virtual assistants, copilots, routing engines, recommendation systems, analytics engines, and workflow automations;
  • to analyze usage patterns, feature performance, service quality, and customer engagement metrics;
  • to carry out billing, invoicing, collections, procurement, and contract administration;
  • to send service communications, transactional notices, support updates, and legally required messages;
  • to send marketing and promotional communications where permitted by law and subject to available opt-out rights;
  • to detect, prevent, investigate, and respond to fraud, abuse, misuse, cyber incidents, security threats, and other harmful or unlawful activity;
  • to enforce legal rights, protect property, maintain records, and defend against claims;
  • to comply with applicable laws, court orders, regulatory requests, audits, and lawful government directions; and
  • to support internal business operations, including quality assurance, reporting, business continuity, training, and corporate governance.

In relation to AI-enabled Offerings, Talisma may process personal data to generate responses, summaries, classifications, recommendations, or workflow actions; improve reliability, safety, monitoring, and operational performance of AI features; measure latency, quality, escalation patterns, resolution rates, and other service performance indicators; detect prompt abuse, security anomalies, malicious input, data leakage risk, or policy violations; and maintain logs necessary for debugging, legal compliance, and product support.

Where feasible and appropriate, Talisma may use anonymized, aggregated, or de-identified data to improve products, benchmark system performance, generate analytics, and support business intelligence. Talisma will not use personal data for materially unrelated purposes without an appropriate legal basis and, where required, additional notice or consent.

6. Cookies and Similar Technologies

Talisma's websites and digital properties may use cookies, SDKs, web beacons, tags, pixels, local storage objects, session identifiers, log technologies, and similar tools to recognize users, remember preferences, measure usage, support security, maintain sessions, and improve site performance.

These technologies may be used for the following purposes:

  • essential website and application functionality;
  • authentication and session management;
  • load balancing, security monitoring, and abuse prevention;
  • analytics and usage measurement;
  • form retention and user preference storage; and
  • campaign attribution or marketing optimization, where permitted.

Users can typically control cookies through browser settings, cookie banners, consent-management tools, or device settings. Disabling some cookies may reduce site functionality or affect the performance of certain AI demos, chat experiences, or account features.

7. AI-Specific Privacy Commitments

Talisma recognizes that AI-enabled systems can create enhanced privacy, security, fairness, and governance risks if not properly designed and managed. For that reason, Talisma aims to implement reasonable safeguards for AI-related data flows, including access control, monitoring, logging, minimization, output review, and misuse prevention appropriate to the nature of the Offering.

AI interaction content submitted through Talisma.ai or related Offerings may be processed to deliver the requested service, maintain performance, troubleshoot errors, and improve system reliability. Talisma uses customer-submitted AI interaction data only for service delivery, security, support, and customer-specific improvement purposes unless otherwise clearly disclosed, contractually permitted, and legally supported.

Enterprise customers using Talisma AI features remain responsible for ensuring that their prompts, uploads, instructions, and downstream uses of outputs comply with applicable law, sector-specific obligations, and their own privacy notices.

AI-generated outputs may not always be accurate, complete, or appropriate for every context. Users and customers should apply human judgment and review where needed, particularly in regulated, high-impact, customer-facing, or legally significant settings.

8. Sharing and Disclosure of Data

Talisma may disclose personal data on a need-to-know basis to the following categories of recipients:

  • affiliates and group entities;
  • cloud hosting providers, including infrastructure environments such as Microsoft Azure where applicable to service delivery;
  • analytics, monitoring, customer support, communication, implementation, payment, and security vendors;
  • professional advisers, auditors, insurers, and legal counsel;
  • business partners, resellers, implementation providers, and channel partners involved in delivering the Offerings;
  • competent courts, regulators, law enforcement agencies, government authorities, or other parties where required by law or necessary to protect legal rights; and
  • potential acquirers, investors, lenders, or transaction counterparties in connection with a corporate transaction, subject to appropriate confidentiality protections.

Third-party processors are expected to process personal data only for authorized purposes, under contractual obligations, and subject to reasonable confidentiality and security requirements appropriate to the services they provide.

Where an Offering integrates with customer-selected third-party applications, APIs, communication platforms, CRMs, identity systems, or productivity tools, the exchange of data may also be governed by the customer's configuration choices, the third party's terms, and the applicable integration design.

Talisma will not rent or sell personal data to third parties.

9. International Transfers

Talisma may process and store personal data in India and in other jurisdictions where Talisma, its affiliates, subprocessors, cloud providers, or service partners operate.

Where personal data is transferred across borders, Talisma will take steps intended to ensure that an appropriate transfer mechanism or legal basis is used, including contractual safeguards such as standard contractual clauses or equivalent lawful mechanisms where required.

Individuals understand that data protection laws in a recipient jurisdiction may differ from those in their home jurisdiction, but Talisma will apply reasonable measures designed to preserve protection of personal data during such transfers.

10. Data Retention

Personal data will be retained only for as long as reasonably necessary for the purposes for which it was collected, for legitimate business needs, for contract performance, for security and dispute-resolution purposes, or as required or permitted by applicable law.

Retention periods may vary based on the type of data, the Offering used, contractual commitments, system architecture, audit requirements, regulatory obligations, litigation holds, and backup-cycle limitations.

Where appropriate, data may be deleted, anonymized, aggregated, suppressed, or otherwise de-identified at the end of the relevant retention period, subject to residual retention in logs, archives, and backups for limited periods consistent with business continuity and legal compliance needs.

11. Data Security

Talisma aims to implement reasonable technical, organizational, physical, and administrative safeguards designed to protect personal data against unauthorized access, disclosure, alteration, destruction, accidental loss, unlawful processing, and misuse. Such safeguards may include encryption in transit, access restrictions, logging, monitoring, segmentation, role-based access, change control, secure development practices, backup procedures, and vulnerability-management measures appropriate to the nature of the systems and data involved.

Personal data stored by Talisma may be maintained in access-controlled environments with restricted logical and physical access. Data transmitted over the internet may be protected through SSL/TLS or equivalent encryption protocols where appropriate.

Although Talisma strives to use commercially reasonable means to protect personal data, no method of transmission over the internet and no method of storage is completely secure. Accordingly, Talisma cannot guarantee absolute security, uninterrupted availability, or complete immunity from evolving threats.

In the event of a known or reasonably suspected security incident affecting personal data, Talisma may investigate, contain, remediate, document, and notify relevant stakeholders or authorities in accordance with applicable law, contractual commitments, and the nature of the incident.

12. Rights and Choices

Subject to applicable law and identity verification, data subjects may have one or more of the following rights:

  • to access or obtain a copy of personal data;
  • to correct, update, or complete inaccurate or outdated personal data;
  • to request deletion or erasure of personal data;
  • to withdraw consent;
  • to object to or restrict certain processing;
  • to opt out of certain marketing communications;
  • to request portability where applicable; and
  • to raise grievances or complaints before Talisma or a competent authority.

These rights are not absolute and may be subject to legal exemptions, contractual duties, technical feasibility, the rights of others, and the role in which Talisma processes the relevant data. Where Talisma acts only as a processor for a customer, requests may need to be routed to the relevant customer controller or fiduciary.

Talisma may require reasonable information to verify identity and process a request securely. Disproportionate, repetitive, manifestly unfounded, or technically infeasible requests may be refused or limited to the extent permitted by law.

13. India-Specific Notice

For individuals in India, Talisma intends to process digital personal data in accordance with the DPDP Act and other applicable Indian laws, including by providing notice, collecting consent where required, honoring valid withdrawals of consent, enabling grievance mechanisms, and implementing reasonable security safeguards suitable to the nature of the data processed.

Where Talisma relies on consent, the request for consent should be free, specific, informed, unconditional, unambiguous, and limited to the personal data necessary for the specified purpose, as required by applicable law.

If a parent, lawful guardian, customer administrator, or other authorized representative provides data on behalf of another individual, that person represents that they are duly authorized to do so.

14. EEA and UK Notice

If Talisma processes personal data while an individual is located in the European Economic Area or the United Kingdom, that individual may have rights under the GDPR, UK GDPR, Data Protection Act 2018, or related legislation, including rights of access, rectification, erasure, restriction, objection, and portability, subject to applicable conditions and exceptions.

Where required, Talisma will rely on an applicable legal basis for processing and use suitable transfer safeguards for cross-border transfers.

15. California Notice

If the California Consumer Privacy Act or related California privacy laws apply, California residents may have rights to know, access, delete, and correct certain personal data, subject to statutory exceptions. Because Talisma states that it does not sell personal data, it does not offer an opt-out from sale on that basis; however, applicable rights regarding sharing, sensitive personal information, and service-provider processing may still depend on the facts of the processing activity and applicable law at the relevant time.

16. Children's Privacy

Talisma's general-purpose enterprise Offerings are not directed to children. Talisma does not knowingly collect personal data directly from children in violation of applicable law. If Talisma becomes aware that personal data has been collected from a child contrary to legal requirements or product design, Talisma may take appropriate steps to delete or restrict such data.

Where a customer deploys an Offering in an education or child-related context, the customer is responsible for ensuring that lawful authority, notices, consent mechanisms, and configuration choices are in place as required by applicable law and institutional policy.

17. Third-Party Sites and Services

The Offerings may contain links to third-party websites, platforms, applications, or services. Talisma is not responsible for the privacy, content, or security practices of third parties that operate independently of Talisma. Individuals should review the privacy notices and terms of those third parties before sharing personal data with them.

18. Changes to This Policy

Talisma may revise or update this Privacy Policy from time to time to reflect changes in law, technology, business operations, product features, or risk management practices. Updated versions will become effective upon publication unless a later effective date is specified.

Continued access to or use of the Offerings after an updated policy becomes effective may constitute acceptance of the revised policy to the extent permitted by law. Where required, Talisma may obtain fresh consent or provide additional notice.

19. Grievance Officer and Contact Details

For privacy questions, rights requests, grievances, or complaints, the following contact details may be used:

Talisma may ask for information reasonably necessary to verify identity, authority, and the scope of a request before taking action.

Legal Counsel / Grievance Contact

Talisma Corporation Private Limited

Ground Floor, Phoenix – Magnificia, Vijanapura, Mahadevapura Ward, Old Madras Road, Dooravaninagar, Bangalore – 560 016, Karnataka, India

Telephone: +91 80 69261222

Email: contactus@talisma.com

20. Governing Law and Jurisdiction

This Privacy Policy shall be governed by the laws of India, unless mandatory law in another jurisdiction requires otherwise for a specific data subject or processing activity. Subject to applicable law, courts in Bangalore, India shall have exclusive jurisdiction over disputes arising out of or relating to this Privacy Policy.

21. Google API Data

To the extent Talisma receives or processes information from Google APIs, Talisma's use and transfer of such information to any other app will adhere to the applicable Google API Services User Data Policy, including Limited Use requirements, where such policy applies.