Legal

Privacy Policy

Effective Date: April 21, 2026Last Updated: April 21, 2026Governed by: Laws of India
This Privacy Policy explains how QuickAuth, a product of CodeLamda Technologies Pvt. Ltd., collects, uses, discloses, and protects information when you use our API as a developer or business ("Developer"), or when you are an end user whose contact information is submitted to our Service by a Developer. Please read this Policy carefully. By using the Service, you agree to the practices described herein.
Section 01

Who We Are

QuickAuth is a developer API product operated by CodeLamda Technologies Pvt. Ltd., a private limited company incorporated under the Companies Act, 2013, with its registered office at:

7th Floor, APMC, Krushi Bazaar, 704 Sahara Darwaja, Begampura,
Surat, Gujarat 395003, India

The Service provides OTP delivery via SMS, WhatsApp, and voice; WhatsApp OTP (passwordless authentication); and marketing broadcast campaigns through a unified, developer-facing API.

References to "we", "us", "our", or "QuickAuth" in this Policy refer to CodeLamda Technologies Pvt. Ltd.


Section 02

Data We Collect

From Developers (API Customers)
  • Account information: Name, email address, company name, and phone number provided during registration.
  • API usage data: Request logs, endpoint usage, error rates, and message delivery statistics.
  • Technical data: IP addresses, API call timestamps, and delivery status records.
  • Billing information: Invoicing and payment details. We do not store payment card data directly — this is handled by our payment processors.
From End Users (via Developer API Calls)

When a Developer makes an API call to send an OTP or message, they submit their end user's contact information to us. We receive and process only:

  • Phone number — for SMS, WhatsApp, or voice delivery.
  • Email address — where applicable and submitted by the Developer.
We do not collect end users' names, passwords, financial information, location data, or any other personal data beyond what is strictly required to deliver the requested message.

Section 03

How We Use Data

Developer Account Data
  • To provision, manage, and secure API access.
  • To send account-related communications and service notifications.
  • To monitor usage, detect abuse, and enforce our Terms of Service.
  • To provide technical support.
  • To generate aggregate, anonymised analytics to improve the Service.
  • To comply with legal obligations under applicable Indian law and any other applicable jurisdiction.
End User Data (Phone Number / Email)

End user contact information is used solely to deliver the OTP or message requested by the Developer's API call. We do not use this data for profiling, advertising, marketing to end users, or any purpose beyond fulfilling the Developer's instruction.


Section 04

How We Share Data

We do not sell your data. We do not share data for advertising. We share information only in the following limited circumstances:

Messaging Carriers & Platform Providers

To deliver OTPs and messages, we transmit end user phone numbers or emails to the relevant delivery infrastructure. This may include:

  • Telecom carriers — for SMS and voice OTP delivery.
  • Meta Platforms, Inc. — for WhatsApp message delivery, subject to Meta's privacy policy.

These providers act as sub-processors and are bound by their own data processing agreements and privacy policies.

Legal & Regulatory Disclosure

We may disclose data when required by law, court order, or a government or regulatory authority, including under the Information Technology Act 2000, the Digital Personal Data Protection Act 2023, or any other applicable legislation.

Business Transfer

In the event of a merger, acquisition, restructuring, or sale of assets involving CodeLamda Technologies Pvt. Ltd., data may be transferred as part of that transaction. We will provide reasonable notice before data becomes subject to a materially different privacy policy.


Section 05

Data Retention

Data TypeRetention Period
End user phone numbers / emails submitted via API30 days from the date of message delivery, then securely deleted
Message delivery logs (status, timestamps)30 days, then deleted or anonymised
Developer account dataDuration of active account + 3 years after closure (for compliance)
Aggregate / anonymised usage metricsUp to 12 months
Data subject to legal hold or regulatory requestAs required by applicable law

After the applicable retention period, data is securely and irreversibly deleted or anonymised.


Section 06

Developer Obligations

Under applicable data protection law, including India's Digital Personal Data Protection Act 2023 (DPDP Act):

  • QuickAuth acts as a Data Processor when processing end user data on the Developer's instruction.
  • Each Developer is the Data Fiduciary / Data Controller for their end users and is solely responsible for the lawful basis on which they collect and share end user data with us.
Developers must obtain valid, informed consent from each end user before submitting their phone number or email to the QuickAuth API. Developers must also maintain their own privacy policy that discloses the use of third-party OTP and messaging services.

By using the QuickAuth API, Developers represent and warrant that they have obtained all necessary consents and authorisations required to share end user data with QuickAuth for the purpose of message delivery.


Section 07

Security

We implement industry-standard technical and organisational measures to protect your data, including:

  • TLS 1.2+ encryption for all data in transit.
  • API key authentication with rate limiting and anomaly detection.
  • OTP values are not stored in plaintext after delivery.
  • Access controls limiting internal access to data on a need-to-know basis.
  • Regular security reviews and vulnerability assessments.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to rights and freedoms, we will notify affected parties as required by applicable law.


Section 08

Children's Privacy

QuickAuth is a developer API intended exclusively for use by businesses and developers. The Service is not directed to, and should not be used in connection with, individuals under the age of 16 years.

We do not knowingly collect or process personal data from children under 16. If a Developer uses the QuickAuth API in a manner that involves end users under the age of 16, the Developer bears full responsibility for obtaining any additional consents required under applicable law (including parental consent where required).

If we become aware that we have inadvertently collected personal data from an individual under 16, we will take prompt steps to delete such data from our systems.


Section 09

Your Rights

Under the DPDP Act 2023 (Indian Residents)
  • Right to access — Request a summary of personal data we hold about you.
  • Right to correction — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of data no longer necessary for the purpose it was collected.
  • Right to grievance redressal — Lodge a complaint with our Grievance Officer (see Section 11).
  • Right of nomination — Nominate another individual to exercise these rights on your behalf in the event of death or incapacity.
Under the GDPR (EEA / UK Residents)
  • Rights of access, rectification, erasure, restriction of processing, data portability, and objection.
  • Right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, please contact us at contact@quickauth.in. We will respond within 30 days.


Section 10

International Data Transfers

Our infrastructure is primarily operated from India. If you access the Service from outside India, your data may be transferred to, stored, and processed in India. By using the Service, you consent to this transfer.

Where we transfer data internationally — for example, to messaging carriers or cloud infrastructure providers located outside India — we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms recognised under applicable law.


Section 11

Grievance Officer

In accordance with the Information Technology Act 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and the Digital Personal Data Protection Act 2023, we have designated a Grievance Officer to address complaints and queries regarding the processing of personal data.

OrganisationCodeLamda Technologies Pvt. Ltd.
RoleGrievance Officer — QuickAuth
Emailcontact@quickauth.in
Postal Address7th Floor, APMC, Krushi Bazaar, 704 Sahara Darwaja, Begampura, Surat, Gujarat 395003, India
AcknowledgementWithin 48 hours of receipt
ResolutionWithin 30 days of acknowledgement

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Policy at quickauth.in/privacy-policy with a revised effective date.
  • Send an email notification to registered Developer accounts at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of those changes. If you do not agree to the updated Policy, you must discontinue use of the Service before the effective date.


Section 13

Contact Us

For any privacy-related questions, requests, or concerns, please contact us:

CodeLamda Technologies Pvt. Ltd.

7th Floor, APMC, Krushi Bazaar, 704 Sahara Darwaja, Begampura, Surat, Gujarat 395003, IndiaEmail: contact@quickauth.inPhone: +91-95749-80048