iTechSarathi Subprocessor List

Effective Date: 11 July 2026 | Last Updated: 11 July 2026

1. Introduction

iTechSarathi Private Limited uses selected third-party service providers to operate, secure, support and deliver its AI-powered ERP, CRM, automation, communication and AI-agent platform.

A subprocessor is a third party that may process Customer Data or personal data on behalf of iTechSarathi while providing infrastructure, communication, integration, AI, security or related technical services.

The actual providers and data categories involved depend on the modules and integrations enabled by a customer.

2. Our Approach to Subprocessors

Where appropriate, iTechSarathi evaluates a subprocessor based on factors including:

  • the nature of the service;
  • the type and sensitivity of information processed;
  • security and access controls;
  • confidentiality commitments;
  • data-processing terms;
  • retention and deletion procedures;
  • incident-notification commitments;
  • business-continuity arrangements;
  • processing locations; and
  • applicable legal requirements.

Where applicable, subprocessors are expected to:

  • process information only for authorized purposes;
  • maintain appropriate confidentiality safeguards;
  • limit access to personnel who require it;
  • maintain reasonable technical and organizational protections;
  • notify iTechSarathi of relevant security incidents;
  • assist with deletion, return or restriction of information where applicable; and
  • comply with relevant contractual and legal obligations.

3. Current Subprocessors

3.1 Meta and WhatsApp

ProviderMeta Platforms and the applicable WhatsApp contracting entities
ServicesWhatsApp Business Platform, Cloud API, Meta Embedded Signup, WhatsApp Business Account onboarding, phone-number registration, template management, message delivery, media processing and webhook notifications
Information that may be processedMeta Business Portfolio IDs, WhatsApp Business Account IDs, Phone Number IDs, business profile information, contact phone numbers, customer profile names, messages, media, templates, timestamps, delivery statuses, webhook events and account-quality information
PurposeTo allow authorized businesses to connect their WhatsApp Business Accounts, send and receive messages, manage templates, receive status updates and use WhatsApp communication features through iTechSarathi
Processing locationMeta and WhatsApp infrastructure and locations applicable to the relevant service and customer account
When usedWhen a customer enables or connects WhatsApp Business Platform functionality

Meta and WhatsApp may independently process information under their own terms, privacy policies and business-service agreements. iTechSarathi does not control Meta’s independent account decisions, infrastructure, quality ratings, template approvals, restrictions or service availability.

3.2 Google

ProviderGoogle LLC and applicable Google affiliates
ServicesGoogle Cloud and Gemini or related AI APIs, Google OAuth, Google Calendar and other customer-authorized Google integrations supported by iTechSarathi
Information that may be processedPrompts, relevant business context, messages, documents, images, audio, extracted text, generated outputs, account identifiers, authorization information, calendar events, appointment information, integration metadata and technical logs
PurposeTo provide AI-assisted replies, extraction, summarization, classification, document and image analysis, knowledge-base responses, calendar connectivity, appointment management and other customer-enabled functionality
Processing locationGoogle infrastructure and locations applicable to the selected service, customer configuration and provider terms
When usedWhen a customer enables an AI-powered feature or connects a supported Google integration

The categories of information sent to Google depend on the feature and permission scope. iTechSarathi aims to limit information to what is reasonably necessary for the requested function.

Where available and applicable to the selected service, iTechSarathi seeks to use enterprise or API configurations intended to restrict Customer Data from being used for unrelated general-purpose model training.

3.3 Amazon Web Services

ProviderAmazon Web Services, Inc., Amazon Web Services India Private Limited and applicable AWS affiliates
ServicesCloud hosting, computing, networking, database infrastructure, object and media storage, backup, security, monitoring and disaster recovery
Information that may be processedCustomer Data stored or processed through iTechSarathi, account information, ERP, CRM and HRMS records, WhatsApp message copies, media, uploaded files, AI-related records, application and security logs, backups and technical metadata
PurposeTo host, operate, secure, monitor, back up and maintain the iTechSarathi platform and associated services
Processing locationAWS regions selected and configured by iTechSarathi, together with any limited support, security or operational processing applicable under AWS terms
When usedAs part of the core infrastructure used to provide the iTechSarathi platform

AWS provides cloud infrastructure to iTechSarathi. iTechSarathi remains responsible for configuring its applications, permissions, security controls and retention settings within its AWS environment.

4. Summary

SubprocessorMain purposePrincipal data categories
Meta and WhatsAppWhatsApp Cloud API, Embedded Signup, templates, messages, media and webhooksWhatsApp identifiers, contact numbers, messages, media, templates and delivery-status information
GoogleAI functionality, Google OAuth, Calendar and supported Google integrationsPrompts, files, messages, generated outputs, account identifiers and calendar information
Amazon Web ServicesHosting, storage, databases, networking, security, monitoring and backupPlatform Customer Data, ERP, CRM and HRMS records, files, media, logs and technical information

5. Customer-Authorized Integrations

A customer may choose to connect a third-party account or service to iTechSarathi. Where a customer independently selects, configures and authorizes a third party, that provider may act as the customer’s own provider rather than solely as an iTechSarathi subprocessor.

The customer is responsible for:

  • reviewing the third party’s terms and privacy practices;
  • ensuring the integration is appropriate;
  • obtaining required authorization and consent;
  • managing permissions; and
  • disconnecting the integration when it is no longer required.

6. Artificial Intelligence Processing

Some iTechSarathi modules may use Google AI services for:

  • suggested replies;
  • conversation summaries;
  • lead and task detection;
  • customer-intent classification;
  • document and image extraction;
  • knowledge-base responses;
  • chatbot and voice-agent assistance;
  • appointment assistance;
  • business-data analysis; and
  • workflow recommendations.

Only information relevant to the requested function is intended to be submitted.

AI outputs may be incomplete, inaccurate or unsuitable. Customers and Authorized Users must review outputs before relying on them for business decisions, particularly medical, legal, financial, employment, safety-critical or other high-impact decisions.

7. Data Processing Locations

Subprocessors may process information in India or other countries depending on:

  • the selected cloud region;
  • the customer’s configuration;
  • the service being used;
  • provider infrastructure;
  • support and security requirements; and
  • the location of the customer or user.

Where information is processed outside India, iTechSarathi takes reasonable steps intended to use reputable providers, apply appropriate contractual protections, limit information to what is necessary, restrict access to authorized purposes and use available security controls.

8. Security and Access Controls

Depending on the nature of the service and current technical implementation, safeguards may include:

  • encryption in transit;
  • encryption or equivalent protection at rest where appropriate;
  • role-based access controls;
  • multi-factor authentication for privileged access;
  • secure credential and token management;
  • tenant and environment separation;
  • logging and monitoring;
  • network controls;
  • backup and recovery procedures;
  • employee access restrictions;
  • incident response; and
  • vulnerability and patch management.

No online or cloud service can guarantee absolute security. Customers remain responsible for protecting passwords, devices, user permissions and integration credentials.

9. Changes to This List

iTechSarathi may add, remove or replace a subprocessor where reasonably necessary to improve functionality, performance, security, compliance or reliability or to respond to a third-party service change.

The latest list will be maintained on this page. For a material change involving a new provider that will process Customer Data, notice may be provided through this page, email, an account notification, release notes, contractual notice or another appropriate method.

Where required by a customer agreement, an enterprise customer may submit a reasonable data-protection objection within the period specified in that agreement. The objection must identify the specific privacy or security concern, and the parties will work in good faith to consider a reasonable solution.

10. Data Deletion and Return

Following account termination, integration disconnection or a valid request, Customer Data will be handled according to the applicable agreement, Data Processing Agreement, customer configuration, Privacy Policy, Data Deletion Instructions and legal requirements.

Deletion instructions are available at:
https://itechsarathi.in/data-deletion

Data deleted from active systems may temporarily remain in protected backups until the applicable backup-retention cycle is completed.

Where information is controlled independently by Meta, WhatsApp or Google, the customer or individual may also need to use the controls provided by that service.

11. Contact Us

Questions about subprocessors, processing locations or data protection may be submitted to:

iTechSarathi Private Limited
501 & 502, RM Arcade
Takshashila School Road
Nirant Cross Road
Near Karnavati
Vastral, Ahmedabad
Gujarat – 382415, India

Phone: +91 72038 23823
Grievance Officer: Suraj Tiwari

© Copyright 2025 - iTechSarathi Pvt. Ltd.