Last Updated: February 2025

Privacy Policy

How we collect, use, and protect your information

1. Introduction

AI Receptionist ("we," "our," or "us") provides an AI-powered phone answering service. This Privacy Policy describes how we collect, use, store, and share information when you use our services.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

Note: This policy applies to our commercial and government offerings. Government customers may have additional contractual terms that supersede portions of this policy.

2. Information We Collect

2.1 Call Data

When our AI answers calls on your behalf, we may collect:

Phone numbers — Caller phone numbers for call routing and logging
Call recordings — Audio recordings of conversations (if enabled in your settings)
Transcripts — Text transcriptions of call audio
Call metadata — Duration, timestamps, call disposition

2.2 Account Information

Email address and name
Organization/business name
Billing information (processed by Stripe)
Configuration preferences

2.3 Technical Information

IP addresses and browser information
Device identifiers
Usage logs and analytics

3. How We Use Information

We use collected information to:

Provide and operate the AI receptionist service
Process and respond to calls on your behalf
Generate transcripts and call summaries
Process payments and manage subscriptions
Send service-related communications
Improve our AI models and service quality
Detect and prevent fraud or abuse
Comply with legal obligations

4. Service Providers (Subprocessors)

We use third-party services to operate our platform. These providers process data on our behalf under contractual obligations:

Provider	Purpose	Data Processed
Twilio / Vapi	Voice telephony and call routing	Call audio, phone numbers
OpenAI / Azure OpenAI	AI language processing	Transcripts, conversation context
Google Cloud / Firebase	Hosting and database	Account data, configuration
Stripe	Payment processing	Billing information
Vercel	Application hosting	Technical logs

[Attorney review recommended: Verify subprocessor list is complete and agreements are in place.]

5. Data Retention

We retain data according to the following general guidelines:

Call recordings and transcripts: Retained according to your account settings. You may configure automatic deletion periods or manually delete recordings.
Account data: Retained while your account is active and for a reasonable period afterward for legal and business purposes.
Billing records: Retained as required by tax and accounting regulations.
Technical logs: Generally retained for up to 90 days for security and debugging purposes.

Government customers may have specific retention requirements defined in their service agreements.

6. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Export: Request your data in a portable format
Restriction: Request that we limit processing of your data

To exercise these rights, please contact us at the address below. We will respond to verified requests within the timeframes required by applicable law.

Government customers: Your dashboard may include self-service data export and deletion features. Contact your account administrator for access.

7. Security

We implement technical and organizational measures designed to protect your information, including:

Encryption of data in transit using TLS
Encryption of sensitive data at rest
Access controls and authentication requirements
Regular security assessments
Incident response procedures

No system is completely secure. We cannot guarantee absolute security but strive to use commercially reasonable protections.

8. Children's Privacy

Our services are not directed to children under 13 (or other age as required by local law). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be processed in the United States or other countries where our service providers operate. By using our services, you acknowledge that your information may be transferred to and processed in jurisdictions with different data protection laws than your country of residence.

[Attorney review recommended: Add specific transfer mechanisms (SCCs, etc.) if required for your customer base.]

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: [privacy@yourdomain.com]
Address: [Your Business Address]

[Attorney review recommended: Include appropriate contact information and any required regulatory registrations.]