Popin Compliance Document
Company: Nowflow Technologies Private Limited
Effective Date: May 1, 2025
Last Updated: May 1, 2025
Introduction
Popin, developed by Nowflow Technologies Private Limited, is a SaaS platform that enables businesses with physical showrooms or service centers to offer live video consultations through secure, real-time WebRTC video communication.
This compliance document outlines Popin’s commitment to legal, ethical, and regulatory standards across key jurisdictions including India, the United States, and the European Union. We are dedicated to ensuring data privacy, platform security, and responsible usage in alignment with relevant laws and industry best practices.
Jurisdictional Compliance
2.1. India Compliance
Information Technology Act, 2000: Popin complies with the IT Act and its associated rules, including intermediary guidelines and due diligence standards
MeitY Advisory Guidelines: We follow the Ministry of Electronics and Information Technology’s advisories related to real-time communication platforms, including guidelines for data storage, encryption, and intermediary responsibilities.
Digital Personal Data Protection Act (DPDPA): All user data is collected, stored, and processed with explicit consent and transparency, in full compliance with DPDPA.
Call Monitoring: Popin does not record video calls by default. However, metadata and call logs (such as duration, participant info, and timestamps) are securely stored in encrypted formats. Businesses are encouraged to monitor agent behavior independently within legal bounds.
2.2. United States Compliance
Children’s Online Privacy Protection Act (COPPA): Popin is not intended for use by children under 13 years of age.
California Consumer Privacy Act (CCPA): California residents may access, update, or request deletion of their personal data. Requests can be made via business dashboards or through support channels.
Federal Communications Compliance: Popin utilizes encrypted WebRTC channels and adheres to FCC and FTC recommendations for secure and transparent digital communication.
2.3. European Union Compliance
General Data Protection Regulation (GDPR): Popin obtains valid consent prior to collecting personal data from EU users. We honor GDPR rights including data access, rectification, and erasure.
Data Minimization: We collect only the data necessary to facilitate video sessions, collect feedback, and enable optional AI-generated summaries.
Data Localization: All data from EU users is processed using GDPR-compliant cloud infrastructure with role-based access and geographic restrictions.
Security Practices
All WebRTC video and audio streams are encrypted using DTLS-SRTP.
Core backend services operate within isolated AWS Virtual Private Clouds (VPCs) for enhanced security.
Access to session metadata and optional recordings is role-restricted and monitored.
We conduct regular penetration testing, code audits, and vulnerability assessments.
All internal and business-facing dashboards are secured with Multi-Factor Authentication (MFA) and encrypted connections.
Data Retention and Privacy
Metadata and AI-generated call summaries are retained for up to 12 months, based on your subscription tier.
Audio and video are stored together only with explicit permission from the user. No separate audio or video files are saved. These recordings, if enabled, are securely stored in encrypted Amazon S3 buckets.
Personally Identifiable Information (PII) is never shared with third parties without explicit user consent.
Customers and end-users may request access to or deletion of their data via the business dashboard or by contacting us at support@popin.to.
Lawful Use of the Platform
Businesses using Popin must not engage in deceptive practices, scams, or misuse of the platform.
Activities such as harassment, impersonation, or unauthorized recording are strictly prohibited.
Nowflow Technologies Private Limited reserves the right to suspend or terminate access to Popin for users or businesses found in violation of these terms.
For further details or legal inquiries, please contact our compliance team at support@popin.to.