Doupple
Legal

Privacy Policy

Last updated: April 12, 2026

Doupple is committed to protecting your privacy. This policy explains exactly what data we collect, why we collect it, and how you can control it.

1.

Introduction

Doupple ("we", "our", or "us") operates an AI agent builder platform designed to help businesses, founders, and agencies create and deploy AI-powered chat experiences on their websites. We are based in India and primarily serve businesses operating in India.

This Privacy Policy describes how we collect, use, store, share, and protect your personal information when you use our website at doupple.com and all associated services (collectively, the "Platform").

By creating an account or using Doupple, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please do not use the Platform.

2.

Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information received from your agent visitors.

2.1 Account Information

When you register for Doupple, we collect:

  • Email address
  • Full name (optional, if provided)
  • Password — stored in hashed (encrypted) form; we never see your raw password
  • OAuth identity data if you sign up via Google or another provider (name, email, profile picture)

2.2 Agent & Configuration Data

When you build agents on Doupple, we store all configuration you provide, including:

  • Agent names, descriptions, and status settings
  • System prompts and first messages
  • Widget appearance settings (colours, fonts, layout, avatar)
  • Knowledge base documents you upload (PDFs, text, website content)
  • Workflow configurations and node structures
  • CTA button settings (WhatsApp, phone, Instagram)
  • Terms & Conditions text you configure for your agent

2.3 Conversation Data

Doupple processes chat messages in real time to generate AI responses. Regarding storage:

  • Chat messages are NOT stored permanently in our database
  • Conversation context exists only temporarily in memory during an active session
  • No long-term transcript storage — conversations are ephemeral by design
  • Message content is sent to our AI provider for processing only and is not retained by us after the response is generated

2.4 Lead Data

When you enable Lead Capture on an agent, our system automatically detects and saves:

  • Email addresses shared by agent visitors
  • Phone numbers (exactly 10 digits) shared by agent visitors
  • Timestamp of when the lead was captured
  • Which agent captured the lead

This data is stored under your account. You are the data controller for leads captured via your agent — your visitors' data is processed on your behalf. You are responsible for having appropriate consent from your visitors before enabling lead capture.

2.5 Analytics Data

We store anonymised, aggregated analytics only:

  • Total messages sent per agent per day
  • Total leads captured (email / phone) per agent per day
  • AI credit consumption per agent
  • Aggregate usage trends (weekly / monthly totals)

Analytics never contain individual chat message content or personally identifiable information from visitors beyond what you have captured as leads.

2.6 Payment Information

Payments on Doupple are processed by Razorpay, a PCI-DSS compliant payment gateway. We do not store credit card numbers, CVV codes, or full payment details on our servers. We only store:

  • Subscription ID and plan type
  • Subscription status (active, cancelled)
  • Billing cycle dates

2.7 Technical & Usage Data

When you use the Platform, we automatically collect standard technical information:

  • IP address and approximate location (country/city level only)
  • Browser type and version
  • Device type and operating system
  • Pages visited on doupple.com and time spent
  • Referring URLs
  • Error logs for debugging purposes
3.

How We Use Your Information

We use the information we collect to:

  • Create and manage your account and authenticate your identity
  • Provide the Doupple platform and all its features (agents, knowledge base, workflows, analytics, leads)
  • Generate AI-powered agent responses using your configured agents and knowledge base
  • Process your subscription, billing, and renewal via Razorpay
  • Display usage analytics and credit consumption in your dashboard
  • Send important service emails — account verification, password reset, subscription receipts
  • Respond to your support requests and questions
  • Debug issues, maintain security, and improve platform reliability
  • Comply with applicable laws and regulations in India

We do not use your data to send marketing emails without your explicit consent, sell your data to third parties, or train public AI models.

4.

AI & Automated Processing

Doupple uses third-party AI language model providers to generate agent responses. When a visitor sends a message to your chatbot:

  • The message and relevant context from your knowledge base is sent to the AI provider's API
  • The AI provider processes the message and returns a response
  • We display that response in the chat widget
  • The message content is not retained by us or (under our agreements) by the AI provider after processing

We use OpenRouter as our AI routing layer, which connects to models from providers such as OpenAI, Anthropic, and others. Each provider has their own data processing terms, and our use of these services is governed by their API usage policies which include no-training-on-API-data commitments.

Important: Your agent visitors' messages are processed by third-party AI infrastructure. If your agent handles sensitive personal data, ensure your visitors are informed of this in your own privacy notice.

5.

Data Sharing & Third-Party Services

We do not sell your personal data. We share data only with the following trusted service providers, and only to the extent necessary to operate the Platform:

ServicePurposeData shared
SupabaseDatabase, authentication, file storage, vector searchAccount data, agent configs, knowledge files, leads, analytics
OpenRouter / AI ProvidersAI response generationChat messages and context (not stored after processing)
HuggingFaceText embedding generation for knowledge baseKnowledge base text chunks
RazorpayPayment processingSubscription details (no card data stored by us)
Upstash RedisCaching and rate limitingAgent configuration (cached), session rate limit counters
VercelApplication hosting and CDNAll traffic passes through Vercel infrastructure

We may also disclose your information if required by law, court order, or governmental authority in India, or to protect the safety and security of our users or the Platform.

6.

Data Retention

We retain different types of data for different periods:

Data typeRetention period
Chat messagesNot stored — ephemeral only
Account dataUntil you delete your account
Agent configurationsUntil you delete the agent or your account
Knowledge base documentsUntil you delete the document or your account
Lead dataUntil you delete the lead or your account
Analytics dataAggregated daily data retained for 12 months
Payment recordsAs required by Indian financial regulations (typically 7 years)
Server / error logsUp to 30 days for debugging purposes

When you delete your account, all associated data (agents, knowledge base, leads, analytics) is permanently and irreversibly deleted. This action cannot be undone. Please export any data you need before deleting your account.

7.

Cookies & Tracking

Doupple uses cookies and similar technologies to operate the Platform:

Essential cookies (always active)

  • Session cookies — keep you logged in during your visit
  • Authentication tokens — stored in secure, HTTP-only cookies managed by Supabase
  • CSRF protection tokens — prevent cross-site request forgery attacks

Analytics cookies (optional)

  • Vercel Analytics — anonymous page view tracking with no personal data
  • No third-party advertising cookies or cross-site tracking

You can control cookies through your browser settings. Disabling essential cookies will prevent you from logging in to Doupple. Disabling analytics cookies has no impact on platform functionality.

The Doupple embeddable widget (widget.js) sets a local storage value on your visitor's browser to maintain a consistent customer ID across sessions. This does not contain personally identifiable information.

8.

Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Passwords are hashed using bcrypt — we never store or transmit plain-text passwords
  • API access is authenticated and rate-limited to prevent abuse
  • Database access is restricted via row-level security (Supabase RLS policies) — users can only access their own data
  • Secrets and API keys are stored as environment variables and never exposed in client-side code
  • Prompt injection attempts are filtered before being passed to AI models
  • Uploaded files are scanned for valid MIME types before processing
  • UUID validation on all resource endpoints prevents access via guessable IDs

While we take security seriously and implement reasonable precautions, no system is 100% secure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

9.

Your Rights

As a user of Doupple, you have the following rights regarding your personal data, in accordance with applicable Indian data protection law (including the Digital Personal Data Protection Act, 2023, as applicable):

  • Right to access — request a copy of the personal data we hold about you
  • Right to correction — ask us to correct inaccurate or incomplete personal data
  • Right to erasure — request deletion of your personal data; you can also delete your account directly from Dashboard → Settings
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time (this will not affect lawfulness of prior processing)
  • Right to grievance redressal — you may raise a privacy concern and receive a response within a reasonable time

To exercise any of these rights, please contact us at support@gmail.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling your request.

The fastest way to delete all your data is to go to Dashboard → Settings → Delete Account. This is immediate and permanent.

10.

Children's Privacy

Doupple is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a child under 18 has provided us with personal data without verified parental consent, we will delete such data promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@gmail.com.

11.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to your registered email address for significant changes
  • Display a notice in the Doupple dashboard for a reasonable period after the update

Your continued use of Doupple after a policy update constitutes acceptance of the revised policy. We encourage you to review this page periodically.

12.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out to us:

Response time

We aim to respond within 3 business days.

Terms & ConditionsContact Us