Deskfactors Technologies Pvt. Ltd. (India)
Deskfactors Inc. (International)
Effective Date: [17-04-2026]
Version 1.0
This Privacy Policy (“Policy”) is published by Deskfactors Technologies Pvt. Ltd., a company registered under the Registrar of Companies in Bengaluru, Karnataka, India (“Deskfactors India”), and Deskfactors Inc., a Delaware C Corporation, United States of America (“Deskfactors US”), collectively referred to herein as “Murphi.in,” “we,” “us,” or “our.” This Policy governs the collection, use, storage, processing, transfer, and protection of Personal Data in connection with the Murphi.in enterprise secure messaging platform (“Platform”).
This Policy applies to all Subscribers, Admins, Business Admins, Internal Users, External Users, Guest Users, Channel Partners, and visitors to the Murphi.in website. While this Privacy Policy is primarily designed to address the regulatory requirements of Banking, Financial Services, and Insurance (“BFSI”) subscribers, it applies equally to subscribers from all other enterprise segments, including but not limited to manufacturing, retail and e-commerce, legal services, professional services, healthcare administrative functions, logistics and supply chain, real estate, education, consulting, information technology, telecommunications, media, hospitality, energy, pharmaceuticals, government contractors, non-governmental organizations, and any other enterprise. Sector-specific regulatory provisions such as those of the Reserve Bank of India (“RBI”), the Securities and Exchange Board of India (“SEBI”), and the Insurance Regulatory and Development Authority of India (“IRDAI”) apply to BFSI subscribers only; non-BFSI subscribers are subject to regulatory frameworks applicable to their respective sectors.
This Policy does not constitute an Application Licensing Agreement, Platform Licensing Agreement, or any commercial contract. All commercial, financial, and pricing terms are governed exclusively by the separate private Platform Licensing Agreement executed between the Subscriber and Deskfactors India or Deskfactors Inc., as applicable. This Policy should be read in conjunction with the Terms of Use, the AI Terms of Use, and, where applicable, the Data Processing Addendum attached to the Platform Licensing Agreement.
For the purposes of this Policy, the following terms shall have the meanings set forth below. “Subscriber” means the enterprise organization that has entered into a Platform Licensing Agreement to access and use the Murphi.in platform. “Admin” means the Subscriber-designated system administrator with full workspace control. “Business Admin” means the sub-workspace manager with day-to-day operational authority within assigned sub-workspaces. “Internal User” means an employee, contractor, or full-time equivalent of the Subscriber who is authorized to access the Platform. “External User” means a consumer, customer, vendor, partner, or client of the Subscriber who communicates with Internal Users through the Platform or through third-party messaging interoperability. “Guest User” means any user that a Subscriber wishes to add to its workspace, who may be an Internal User, an External User, or any other kind of user, at the sole discretion of the Subscriber. “Channel Partner” means a reseller authorized to distribute the Platform under the Murphi.in brand exclusively, without white-labeling or rebranding rights.
“Workspace” means the top-level organizational container for a Subscriber on the Platform. “Sub-Workspace” means a department, business unit, or team-level container within a Workspace. “User-Generated Content” means all text messages, files, documents, images, audio files, video files, voice and video call data, and any other content created, transmitted, or stored by users through the Platform. “Messaging Data” means metadata associated with communications, including timestamps, delivery status, read receipts, sender and recipient identifiers, and message event logs. “Interoperability Data” means messages, files, and metadata exchanged between the Platform and third-party messaging platforms including WhatsApp, Telegram, Discord, Instagram, Facebook, and similar services. “Business Solution Data” means data obtained from using the WhatsApp Business Solution, as defined in the WhatsApp Business Solution Terms. “Subscriber Metadata” means Subscriber-level information including company name, registered address, Admin and Business Admin contact details, user counts, message volumes, and billing-related statistics. “Usage Data” means login history, feature usage, session duration, device information, IP addresses, browser type, and similar operational data.
“Personal Data” means any data about an individual who is or can be identified by such data, consistent with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the EU General Data Protection Regulation (“GDPR”). “Sensitive Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation, as defined under GDPR Article 9 and applicable provisions of Indian law. “Data Fiduciary” means, under the DPDP Act, the entity that determines the purpose and means of processing Personal Data. “Data Principal” means, under the DPDP Act, the individual to whom the Personal Data relates. “Data Processor” means, under the DPDP Act and GDPR, the entity that processes Personal Data on behalf of the Data Fiduciary or Controller. “Compliance Audit Data” means the immutable audit trail records maintained by the Platform for regulatory compliance purposes. “Application Licensing Agreement” or “Platform Licensing Agreement” means the private commercial contract between the Subscriber and Deskfactors India or Deskfactors Inc. governing commercial terms. “WhatsApp Business Account” or “WABA” means the account provisioned through a WhatsApp Business Solution Provider for Subscriber use. “WhatsApp Business Solution Provider” or “BSP” means the Meta-approved provider through which WhatsApp Business API access is provisioned.
Murphi.in is a technology platform and offers many transaction workflows and AI enabled modules such as enterprise secure messaging infrastructure, KYC documentation and such others.
For the Enterprise secure messaging infrastructure, Murphi.in provides tools, features, and services that enable Subscribers to facilitate communications among their users and with users on third-party messaging platforms. Murphi.in does not independently verify, validate, or adjudicate the accuracy, completeness, or compliance of any data, communication, or content processed through the Platform, regardless of Subscriber segment.
Murphi.in is not a financial institution, bank, non-banking financial company, payment system provider, insurance company, regulator, auditor, compliance officer, financial advisor, investment advisor, legal advisor, data controller for Subscriber user decisions, regulated intermediary, communication originator, system of record for financial transactions, professional services firm, or any other entity that provides regulated services. Murphi.in does not originate, control, endorse, or verify any communication transmitted through the Platform.
For all User-Generated Content and Personal Data of its users, the Subscriber is the Data Fiduciary under the DPDP Act and the Data Controller under the GDPR. The Subscriber determines the purposes and means of processing such data and is solely responsible for obtaining all necessary consents from its users and customers under applicable law.
Murphi.in acts as a Data Processor under the GDPR and a Data Processor under the DPDP Act with respect to User-Generated Content processed on behalf of the Subscriber. With respect to Subscriber Metadata and platform operational data where Murphi.in determines the purposes and means of processing, Murphi.in acts as a Data Fiduciary under the DPDP Act and a Data Controller under the GDPR. The respective roles and obligations of the parties are further described in the Data Processing Addendum, where applicable, attached to the Platform Licensing Agreement.
Murphi.in collects and processes the following categories of data in connection with the provision of the Platform: (a) Subscriber information, including company name, registered address, contracting entity details, Admin contact details, and Business Admin contact details; (b) user account information, including name, email address, mobile number, role, and sub-workspace assignment; (c) authentication data, including one-time passwords, password hashes, and biometric identifiers stored locally on the device secure enclave only and never transmitted to or stored on Murphi.in servers; (d) User-Generated Content, including text messages, files, documents, images, audio files, video files, and voice and video call data; (e) Interoperability Data, including messages, files, and metadata exchanged with users on WhatsApp, Telegram, Discord, Instagram, Facebook, and similar platforms; (f) WhatsApp Business Solution Data, including message metadata, delivery statuses, and template performance data, processed in accordance with the WhatsApp Business Solution Terms; (g) Compliance Audit Data, including message metadata, timestamps, delivery status, read receipts, permission change logs, and deletion logs; (h) Usage Data, including login history, feature usage, session duration, device information, IP addresses, and browser type; (i) Subscriber Metadata, including user counts, message volumes, and billing-related statistics; and (j) consent records, including DPDP Act, GDPR, and WhatsApp opt-in consent capture with timestamps.
Murphi.in processes Personal Data for the following purposes, as specified under Section 6 of the DPDP Act and Article 6 of the GDPR: providing the messaging, interoperability, and communication services comprising the Platform; authenticating users and controlling access to workspaces and sub-workspaces; maintaining compliance audit trails as required by applicable regulators including RBI, SEBI, IRDAI, and sector-specific regulators for non-BFSI Subscribers; fulfilling regulatory retention requirements, including a minimum of seven years for BFSI communications; responding to lawful government, regulatory, or judicial requests; platform security monitoring, threat detection, and incident response; improving service reliability, performance, and features; billing and commercial operations with respect to Subscriber Metadata only; and complying with applicable laws, regulations, and legal processes.
For processing subject to Indian law, the lawful bases include consent under Section 6 of the DPDP Act, performance of a contract to which the Data Principal is a party, compliance with legal obligations imposed on Murphi.in, and legitimate uses as specified under applicable law. For processing subject to the GDPR, the lawful bases include performance of a contract to which the data subject is a party under Article 6(1)(b), compliance with a legal obligation under Article 6(1)(c), and legitimate interests pursued by Murphi.in or the Subscriber under Article 6(1)(f), provided such interests are not overridden by the rights and freedoms of the data subject. Special categories of Personal Data under GDPR Article 9 may be present in User-Generated Content; Subscribers across all segments are responsible for obtaining explicit consent from data subjects where required for such processing.
User-Generated Content is stored in the data residency location of the Subscriber’s country, leveraging third-party messaging infrastructure providers and cloud infrastructure providers with regional data center presence. For India Subscribers, User-Generated Content resides in India. For EU Subscribers, User-Generated Content resides within the European Union or European Economic Area. For Subscribers in other countries, User-Generated Content resides in the applicable country where infrastructure providers have regional presence.
Subscriber Metadata and Usage Data may be stored outside the Subscriber’s local data residency, typically in the country where the contracting entity operates. This exception is disclosed herein and Subscribers acknowledge this data handling practice. For cross-border transfers from India, Murphi.in complies with Section 16 of the DPDP Act and applicable government notifications regarding permissible transfer destinations. For cross-border transfers from the EU or EEA, Murphi.in implements appropriate safeguards under GDPR Article 46, including Standard Contractual Clauses pursuant to European Commission Decision 2021/914 and, where applicable, adequacy decisions under Article 45. For transfers from the United Kingdom, Murphi.in implements the UK International Data Transfer Agreement or the UK Addendum to the Standard Contractual Clauses. Specific data residency and transfer configurations are addressed in the Platform Licensing Agreement and, where applicable, the Data Processing Addendum.
Murphi.in uses third-party infrastructure to deliver the Platform, including cloud infrastructure providers, messaging infrastructure providers, WhatsApp Business Solution Providers, AI model providers, communication providers for SMS and email delivery and push notifications, and payment processors for subscription billing. Murphi.in does not disclose the identities of specific third-party vendors in this Policy; vendor identities are proprietary information. Murphi.in maintains a sub-processor list and will provide notice to Subscribers of material changes to sub-processors. All sub-processors are contractually bound to confidentiality obligations and appropriate administrative, physical, and technical safeguards consistent with applicable Data Protection Laws. Murphi.in is not liable for third-party infrastructure failures, data loss, outages, or service degradation caused by third-party providers.
When Subscribers use the Platform’s WhatsApp interoperability features, WhatsApp Business Solution Data is processed in accordance with Meta’s WhatsApp Business Solution Terms, WhatsApp Business Messaging Policy, and Meta’s Privacy Policy. Subscriber acknowledges and agrees that Murphi.in processes Business Solution Data solely on Subscriber’s behalf and per Subscriber’s authorization, consistent with the written agreement requirement under the WhatsApp Business Solution Terms for Third-Party Service Providers. Business Solution Data may be subject to Meta’s own data handling practices, which are beyond Murphi.in’s control. Meta’s terms and policies govern data transmitted through WhatsApp. Content transmitted to WhatsApp and other third-party messaging platforms leaves Murphi.in’s control once delivered to the third-party platform API. Meta may retain, process, or disclose data per its own policies. Murphi.in is not responsible for Meta’s privacy practices, data handling, policy changes, enforcement actions, or any consequence of Meta’s exercise of its rights under the WhatsApp Business Solution Terms.
In addition to WhatsApp, the Platform provides interoperability with Telegram, Discord, Instagram, Facebook, and other third-party messaging platforms. When Subscribers or Users communicate with individuals on these third-party platforms, the Subscriber and its Users are bound by those platforms’ respective terms of service and privacy policies. Murphi.in is not responsible for the privacy practices, data handling, policy changes, enforcement actions, or failures of any third-party messaging platform. Content transmitted to any third-party messaging platform leaves Murphi.in’s control upon delivery to the respective platform API.
Subscribers own User-Generated Content transmitted through the Platform. Murphi.in acts solely as a Data Processor with respect to User-Generated Content. The Platform employs a two-layer data architecture: messages and files are stored on third-party messaging infrastructure with perpetual retention as the default; simultaneously, an immutable compliance audit mirror is maintained in Murphi.in’s own database, providing an independent regulatory record for SEBI, RBI, IRDAI, and other applicable regulatory compliance. Murphi.in does not monitor, moderate, or review User-Generated Content except where required by applicable law or valid legal process. Platform audit trail features, including keyword flagging and content classification capabilities for Data Loss Prevention, are configurable by the Subscriber. Subscriber is responsible for defining, configuring, maintaining, and enforcing DLP policies within its workspace. Murphi.in does not independently monitor or prevent data leakage.
Data retention is aligned with regulatory minimums applicable to the Subscriber’s sector. For BFSI Subscribers, a minimum retention period of seven years applies for communications, consistent with SEBI, RBI, and IRDAI requirements; perpetual retention is available as the default implementation. Non-BFSI Subscribers configure retention periods per their industry norms and applicable law. Subscribers configure specific retention requirements in the Platform Licensing Agreement. Murphi.in will retain data as long as necessary to provide the Services, comply with legal obligations, and fulfill contractual retention commitments. Upon termination of the Platform Licensing Agreement, data export and deletion follow contractually agreed timelines. Subscriber is responsible for exporting data it considers critical prior to termination. Murphi.in is not responsible for data loss or deletions caused by Subscriber-initiated actions, expired retention periods, or third-party infrastructure changes.
Under the DPDP Act, Data Principals have the right to access, correction, erasure, grievance redressal, and nomination of a representative, as provided under Sections 11 through 15 of the DPDP Act. Under the GDPR, data subjects have the right to access, rectification, erasure, restriction of processing, data portability, objection, and rights related to automated decision-making, as provided under Articles 15 through 22 of the GDPR.
For User-Generated Content where the Subscriber is the Data Fiduciary or Data Controller, Data Principal and data subject rights requests are exercised through the Subscriber. Murphi.in will forward any direct rights requests received from data subjects or Data Principals to the applicable Subscriber without undue delay. Murphi.in is not responsible for Subscriber’s failure to respond to rights requests in a timely manner. For Subscriber Metadata where Murphi.in acts as Data Fiduciary or Controller, rights requests may be directed to the contact information provided in this Policy.
Subscribers across all segments are responsible for obtaining and recording all necessary consents from Internal Users, External Users, and Guest Users before onboarding them to the Platform. This includes valid consent under Section 6 of the DPDP Act, freely given consent under Article 7 of the GDPR, and, for WhatsApp Business communications, explicit WhatsApp opt-in consent in accordance with the WhatsApp Business Messaging Policy. WhatsApp opt-in consent must be specific to WhatsApp messaging, freely given, informed so that the recipient understands the nature of messages they will receive, documented with timestamp, source, and scope of consent, and revocable with opt-out honored immediately. Pre-checked boxes, previously obtained SMS consents, or assumed consents are not valid WhatsApp opt-in. Each recipient must independently opt-in to receive WhatsApp Business messages. Murphi.in provides consent capture features within the Platform but is not the consent obtainer; the Subscriber is solely responsible for the validity of consents obtained.
Murphi.in implements commercially reasonable administrative, physical, and technical safeguards to protect Personal Data. These safeguards include, in general terms, encryption in transit and at rest using industry-standard protocols, two-factor authentication for user access, role-based access control with granular permission management, workspace and sub-workspace data isolation enforced at the database level, audit logging of all administrative and data access actions, screenshot and download restriction capabilities configurable by the Subscriber Admin, and secure storage of authentication credentials. Encryption employed by the Platform reflects current industry standards; future cryptographic developments, including quantum computing, may affect encryption strength, and Murphi.in is not responsible for future decryption of historically stored data. These measures meet or exceed industry standards and comply with applicable Data Protection Laws, including the safeguard requirements under the WhatsApp Business Solution Terms for Third-Party Service Providers processing Business Solution Data. Users are responsible for maintaining secure credentials and following their organization’s security policies. No system is completely secure, and Murphi.in cannot guarantee absolute security against all threats.
In the event of a Personal Data breach affecting Subscriber data, Murphi.in will notify the affected Subscriber without unreasonable delay in accordance with applicable law. With respect to the DPDP Act, Murphi.in will comply with breach notification requirements under Section 8(6), including notification to the Data Protection Board of India and affected Data Principals as required. With respect to the GDPR, Murphi.in will notify the Subscriber within seventy-two hours of becoming aware of a breach, consistent with Article 33, and will assist with notification to data subjects under Article 34 where required. With respect to CERT-In Directions dated April 28, 2022, Murphi.in will report cyber incidents to CERT-In within six hours of noticing such incidents, as mandated under Section 70B of the Information Technology Act, 2000. Subscribers are responsible for any onward notifications to their end users, their sector regulators including RBI, SEBI, and IRDAI, and applicable data protection authorities.
Murphi.in complies with the Directions issued by the Indian Computer Emergency Response Team (CERT-In) dated April 28, 2022, under Section 70B of the Information Technology Act, 2000. Murphi.in reports cyber incidents to CERT-In within the mandated six-hour timeframe. Murphi.in maintains ICT system logs within Indian jurisdiction for a period of one hundred and eighty days. Murphi.in synchronizes system clocks to the Network Time Protocol servers of the National Informatics Centre or the National Physical Laboratory. Murphi.in has designated a Point of Contact for interface with CERT-In as required by the Directions. Subscribers operating in India are separately and independently responsible for their own CERT-In obligations, and Murphi.in’s compliance with these Directions does not relieve Subscribers of their independent duties.
Murphi.in provides audit trail exports in a form suitable for Section 65B certification under the Indian Evidence Act, 1872, when lawfully requested by a Subscriber, a competent court, or a regulatory authority. Murphi.in will cooperate in providing Section 65B certificates for audit records that are lawfully requested. Specific procedures for obtaining Section 65B certified records, including turnaround times and operational processes, are governed by the Platform Licensing Agreement.
The Platform supports Subscriber eDiscovery requirements through audit trail export and search features. Subscriber is responsible for implementing and maintaining its own litigation hold processes and for issuing legal hold instructions to Murphi.in when required. Upon receipt of a valid legal hold instruction from a Subscriber or valid legal process from a competent authority, the Platform will suspend automated data deletion in accordance with the instruction. Murphi.in does not proactively place legal holds or freeze data without Subscriber instruction or valid legal process.
The Platform provides features supporting Subscriber Data Loss Prevention configuration, including keyword flagging, pattern detection in audit logs, and content classification capabilities. Subscriber owns and configures DLP policies for its workspace. Murphi.in does not independently monitor content or prevent data leakage; the Subscriber is the DLP controller and bears sole responsibility for defining, implementing, and enforcing its DLP policies. DLP features are compliance support features provided as part of the Platform; they are not a guarantee of regulatory compliance or prevention of data leakage.
The Platform provides features designed to support Subscriber compliance with applicable regulations. For BFSI Subscribers, these features support compliance with RBI, SEBI, and IRDAI requirements, including immutable audit logs, compliance search and export capabilities, and minimum seven-year retention. The Platform’s audit trail records all communications as a comprehensive, immutable record; however, the audit trail may not specifically follow the prescribed formats of any particular regulator at all times, and Subscribers are responsible for interpreting and applying regulatory format requirements to exported data, incorporating changes brought about by SEBI or any other regulatory authority from time to time. For non-BFSI Subscribers, these features support sector-specific compliance obligations, including employment law record-keeping, corporate governance documentation, and industry-specific audit trails. These are features only; Subscribers are solely responsible for their regulatory compliance, interpretation of regulations, and fulfillment of regulatory obligations. Murphi.in is not a regulator, compliance advisor, or guarantor of regulatory compliance.
Subscribers are responsible for providing notice to their employees and users that workplace communications on the Platform are monitored, recorded, and auditable. Failure to provide such notice is the Subscriber’s sole responsibility. Applicable employment laws requiring such disclosure include, without limitation, the Indian Shops and Establishment Acts, the Industrial Employment (Standing Orders) Act, Article 88 of the GDPR for employment contexts, the United States Electronic Communications Privacy Act, and applicable state-level and country-level employment and wiretap laws.
The Murphi.in website and web application use cookies and similar tracking technologies as follows: essential cookies for authentication and session management, functional cookies for user preferences, and analytics cookies for usage statistics. Murphi.in does not use advertising cookies. Users may manage cookie preferences through their browser settings. Murphi.in respects user opt-out mechanisms and complies with the EU ePrivacy Directive and DPDP Act consent requirements for cookie usage.
Murphi.in is an enterprise platform and is not intended for use by individuals under the age of eighteen. Under the DPDP Act, a child is defined as an individual who has not completed the age of eighteen years. Murphi.in does not knowingly collect or process Personal Data of children. Subscribers are responsible for ensuring they do not onboard individuals under the age of eighteen as users of the Platform, in compliance with Section 9 of the DPDP Act.
In compliance with the DPDP Act and GDPR, Murphi.in has appointed a Data Protection Officer. Grievance redressal is available in accordance with Section 13 of the DPDP Act. For privacy-related inquiries, Data Principal rights requests, data protection complaints, or copyright infringement notices, contact Murphi.in at the following: Email: info@Deskfactors.com. For Deskfactors Technologies Pvt. Ltd. (India Subscribers): registered office address in Bengaluru, Karnataka, India. For Deskfactors Inc. (International Subscribers): 4804 Page Creek Lane, Durham, NC 27703, United States of America.
All parties acknowledge and agree to comply with all applicable laws, statutes, and regulations, including but not limited to the Indian Contract Act 1872, Foreign Exchange Management Act (FEMA) 1999, Copyright Act 1957, Trademarks Act 1999, Companies Act 2013, Prevention of Money Laundering Act 2002, Consumer Protection Act 2019, Income Tax Act 1961, Goods and Services Tax Act 2017, and all other applicable laws of the relevant jurisdiction.
Murphi reserves the right, at its sole discretion, to modify, update, or replace these AI Terms, Terms of Use, and Privacy Policy from time to time. Any material changes will be effective upon posting or as otherwise specified. Murphi may, but is not obligated to, provide notice of such changes. Customer’s continued access to or use of the platform following the effective date of any updates constitutes acceptance of the revised terms. If Customer does not agree to the revised terms, Customer must cease use of the platform.
Notwithstanding any updates, modifications, or replacements to these Terms from time to time, any provisions, rights, obligations, or conditions set forth in prior versions of the Terms that are not expressly modified, superseded, or addressed in the most current version shall continue in full force and effect and are hereby incorporated by reference into the then-current Terms.
In the event of any inconsistency, conflict, or ambiguity between the then-current version of the Terms and any prior version, such inconsistency shall be interpreted in a manner that most effectively preserves the intent, enforceability, and protection of Murphi.ai’s rights, interests, and remedies, and such interpretation shall prevail.
For questions regarding this document, contact:
Deskfactors Inc.
Email: info@deskfactors.com
Website: https://murphi.in
Murphi is focused on enterprise secure messaging for the BFSI segment and offers data security, compliance, risk management, audit trails, India data residency as its core offerings.
By leveraging global messaging and related platforms, Murphi ensures end to end encrypted messaging and global standards for security, compliance, risk and data security.
SOC2 Compliant
ISO27001 Certified
Pictures & Logos used on this website belong to the respective owners and are for representational purposes only.