Cualify.
OutboundInboundBookingCollectionsPricingSecurityBlog
Sign inStart a pilot

Cualify Field Notes

Building India's AI calling stack — in public.

One short essay every other Friday on voice AI, Indian SMB GTM, and what we ship. No spam. Unsubscribe in one click.

Cualify.

AI calling agency for Indian SMBs. Multilingual voice agents, INR billing, DPDP-ready from day one.

Built in Mumbai · Stored in Mumbai

Product

  • Outbound sales
  • Inbound support
  • Appointment booking
  • Collections
  • Voice library
  • Docs

Company

  • Pricing
  • Cualify vs Bolna
  • Changelog
  • Security
  • Blog
  • About
  • Contact

Legal

  • Terms of service
  • Privacy policy
  • Data Processing
  • Acceptable Use
  • 15-day refund

Compliance

  • DPDP Act 2023
  • TRAI / DLT
  • 99.5% SLA
  • Sub-processors
  • Customer KYC
  • Contact DPO

© 2026 Cualify Technologies. All rights reserved.

[email protected]·[email protected]·+91 80 0000 0000

Security · trust

Compliance is a feature, not a footnote.

We're built India-first. DPDP, DLT, calling-window enforcement, AI disclosure, and data residency are wired into the platform — not legal language we hope you skim.

  • DPDP Act 2023
  • TRAI / DLT compliance
  • Data residency
  • SLA & status
  • Sub-processors
  • Customer KYC

DPDP Act 2023

  • Every outbound campaign captures explicit consent before dialling, versioned and stored in our consent registry.
  • DPDP data-subject requests (access, erasure, portability, consent withdrawal) are fulfilled within 30 days through the in-app inbox.
  • Voice recordings and transcripts are stored in Mumbai (ap-south-1). Default retention is 90 days; configurable per organisation up to 365 days.
  • PII (Aadhaar, PAN, card numbers) is auto-redacted in stored recordings via the post-call PII redaction worker before long-term storage.
  • Our DPO can be reached at [email protected] for any data-protection question.

TRAI / DLT compliance

  • Cualify is bring-your-own-carrier (BYOC). You connect your existing telephony provider (Exotel, Plivo, Twilio, or others) and your DLT registration stays under your entity — Cualify never originates a call from our own number.
  • Our platform enforces the rules on top of your telephony: every campaign respects TRAI's 09:00–21:00 IST calling window (configurable per state), every dispatch refuses to fire if your DLT template ID isn't attached, and the AI disclosure clip plays in the first 5 seconds of every outbound call in the conversation language.
  • Every contact list is scrubbed against the TRAI NCPR feed within 24 hours of any outbound dispatch — handled by Cualify regardless of which carrier you use.
  • We provide the audit trail (consent capture, template-id-on-dispatch, calling-window enforcement, disclosure-played logs) that your DPDP / TRAI auditor needs. You stay the Principal Entity; we give you the receipts.

Data residency

  • Postgres runs on Supabase ap-south-1 (Mumbai). Read replicas in ap-south-1.
  • Recordings, transcripts, and exports live in Cloudflare R2 with the bucket pinned to Asia jurisdiction.
  • PostHog product analytics is hosted in EU (eu.i.posthog.com) with cookie-less ingestion.
  • No PII leaves Indian soil without an executed DPA and your written instruction.

SLA & status

  • Pilot 99.0% · Starter 99.0% · Growth 99.5% · Scale 99.9%.
  • Status page lives at /status, refreshed daily.
  • Credits are issued automatically against the next month's invoice if we miss our SLA in any 30-day window.

Sub-processors

Every third-party that processes customer or end-recipient data on our behalf. We notify org owners by email 30 days before adding or replacing any entry below — your objection right is documented in our DPA, §4.

Last updated 2026-05-06

  • Bolna AI

    Multi-region (US, EU); India routing for outbound IN dial

    End-recipient data

    Conversational voice-agent runtime — orchestrates STT, LLM, TTS during the call

    Accesses: Voice audio, Transcripts

    Website ↗Privacy ↗
  • Sarvam AI

    India (ap-south-1)

    End-recipient data

    Indic neural TTS + STT models

    Accesses: Voice audio (synthesised + recognised)

    Website ↗Privacy ↗
  • AiSensy

    India

    End-recipient data

    WhatsApp Business BSP — post-call recap templates

    Accesses: Phone numbers, Template variables (name, link)

    Website ↗Privacy ↗
  • Razorpay

    India

    Payment processing (credit packs, subscriptions)

    Accesses: Customer billing details (no card data on our servers)

    Website ↗Privacy ↗
  • Supabase

    Mumbai (ap-south-1)

    End-recipient data

    Managed Postgres (account, campaigns, ledger)

    Accesses: All Customer + end-recipient data at rest

    Website ↗Privacy ↗
  • Cloudflare R2

    Asia jurisdiction

    End-recipient data

    Object storage — call recordings, transcripts, exports

    Accesses: Voice recordings, Transcripts, Exports

    Website ↗Privacy ↗
  • Vercel

    Global edge; data plane in Mumbai (ap-south-1)

    Application hosting + edge runtime

    Accesses: Request logs, Build artefacts

    Website ↗Privacy ↗
  • Clerk

    US (data plane), EU/IN edge

    Authentication + organisation management

    Accesses: Customer email, name, MFA factors

    Website ↗Privacy ↗
  • Resend

    EU (deliverability), US (control plane)

    Transactional email + newsletter audiences

    Accesses: Customer email, message metadata

    Website ↗Privacy ↗
  • PostHog

    EU (eu.i.posthog.com)

    Product analytics (cookie-less)

    Accesses: Anonymised event telemetry

    Website ↗Privacy ↗
  • Sentry

    EU

    Error monitoring

    Accesses: Error stack traces, user agent, redacted breadcrumbs

    Website ↗Privacy ↗
  • Inngest

    US

    Background job orchestration

    Accesses: Job payloads (call IDs, webhook payloads)

    Website ↗Privacy ↗
  • Pusher

    EU (eu cluster)

    Realtime channels (live call ticker)

    Accesses: Channel events (no payload PII)

    Website ↗Privacy ↗
VendorPurposeRegionData accessed
Bolna AI
Conversational voice-agent runtime — orchestrates STT, LLM, TTS during the callMulti-region (US, EU); India routing for outbound IN dialVoice audio, TranscriptsPrivacy ↗
Sarvam AI
Indic neural TTS + STT modelsIndia (ap-south-1)Voice audio (synthesised + recognised)Privacy ↗
AiSensy
WhatsApp Business BSP — post-call recap templatesIndiaPhone numbers, Template variables (name, link)Privacy ↗
Razorpay
Payment processing (credit packs, subscriptions)IndiaCustomer billing details (no card data on our servers)Privacy ↗
Supabase
Managed Postgres (account, campaigns, ledger)Mumbai (ap-south-1)All Customer + end-recipient data at restPrivacy ↗
Cloudflare R2
Object storage — call recordings, transcripts, exportsAsia jurisdictionVoice recordings, Transcripts, ExportsPrivacy ↗
Vercel
Application hosting + edge runtimeGlobal edge; data plane in Mumbai (ap-south-1)Request logs, Build artefactsPrivacy ↗
Clerk
Authentication + organisation managementUS (data plane), EU/IN edgeCustomer email, name, MFA factorsPrivacy ↗
Resend
Transactional email + newsletter audiencesEU (deliverability), US (control plane)Customer email, message metadataPrivacy ↗
PostHog
Product analytics (cookie-less)EU (eu.i.posthog.com)Anonymised event telemetryPrivacy ↗
Sentry
Error monitoringEUError stack traces, user agent, redacted breadcrumbsPrivacy ↗
Inngest
Background job orchestrationUSJob payloads (call IDs, webhook payloads)Privacy ↗
Pusher
Realtime channels (live call ticker)EU (eu cluster)Channel events (no payload PII)Privacy ↗

Vendors marked with the warning dot process end-recipient personal data (the people your AI agent calls). Vendors without the dot only see Customer (your team) data.

Customer KYC on Cualify

We verify the businesses on our platform so the people your AI agent calls aren't getting dialled by an anonymous shell. Two layers stack:

1. GSTIN verified via registry

Org owners click Verify with GST registry in settings. We hit the official GST registry through Setu, fingerprint the legal name + trade name + state + status, and timestamp the verification. Verified orgs get a green badge across the platform.

2. PAN + GSTIN certificate on file

Customers can upload their PAN card and GSTIN certificate (PDF / JPG / PNG / WebP, max 5 MB). Files are stored in our Mumbai region with unguessable URLs. Useful when procurement teams want to see the actual certificate, not just an API-verified result.

Workspace-email enforcement applies to all paid tiers above Pilot — the org owner must be on a company-domain email (not gmail/yahoo/etc.) before any plan above ₹4,999/mo can be activated. Read the policy.

Have a security question?

Email [email protected] and we'll respond within 2 business days. Custom DPAs are signed with all paid tiers above Pilot.