Privacy Policy

Last Updated: July 1, 2026

1. Overview

addisVOICE ("Company," "we," "our," or "us") is committed to protecting the privacy of our business customers ("Customers") and the individuals who interact with Customer-operated AI voice receptionists ("Callers"). This Privacy Policy explains what information we collect, how we use and share it, how we protect it, and what rights you have with respect to your personal data. This Policy applies to our website, dashboard, APIs, and all Services we provide.

2. Information We Collect

We collect information in two contexts: from Customers who use our platform, and from Callers who interact with Customer-operated AI receptionists.

2a. Information from Customers

  • Account Information: Name, business name, email address, and password when you create an account.
  • Business Configuration: Greeting scripts, FAQ content, special instructions, knowledge base entries, and other content you upload to configure your AI receptionist.
  • Billing Information: Payment method details processed by Stripe. We do not store full credit card numbers on our servers.
  • Usage Data: Minutes consumed, call counts, plan tier, subscription status, and account activity logs.
  • Integration Credentials: API keys and configuration settings for connected third-party services (Cal.com, webhooks, etc.) stored in encrypted form.
  • Communications: Emails and support requests you send to us.

2b. Information from Callers (via Customer Accounts)

  • Call Recordings: Audio recordings of inbound calls routed through a Customer's AI receptionist line. Recordings are processed by Retell AI and stored in our secure database.
  • Transcripts: Text transcriptions of call conversations generated from audio recordings.
  • Call Metadata: Caller phone number, call duration, call start/end timestamps, call status, and cost metrics.
  • Call Analysis: AI-generated summaries, sentiment scores, and key data points extracted from call transcripts.
  • Booking Data: If calendar integration is enabled, name, phone number, email, and appointment details captured during a call.

2c. Automatically Collected Information

  • Log Data: IP addresses, browser type, pages visited, and timestamps when you access our website or dashboard.
  • Cookies: Session tokens and authentication cookies necessary to maintain your logged-in state. We do not use advertising or cross-site tracking cookies. See our Cookie Policy for details.

3. Legal Basis for Processing (GDPR)

For Customers or Callers in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases:

  • Contract Performance: Processing necessary to provide the Services you subscribed to (account management, call handling, billing).
  • Legitimate Interests: Fraud prevention, security monitoring, product improvement, and sending service-related communications.
  • Legal Obligation: Retaining records as required by applicable law.
  • Consent: For any optional communications such as marketing emails, where we obtain explicit opt-in consent.

4. How We Use Information

  • Provision and operation of the AI receptionist call routing and voice conversation engine
  • Display of call history, transcripts, analytics, and metrics on your dashboard
  • Generation and delivery of post-call email notifications and daily summary reports
  • Billing, subscription management, and payment processing
  • Enforcement of plan usage limits and overage calculation
  • Customer support and responding to your inquiries
  • Detection and prevention of fraud, abuse, and Terms of Service violations
  • Improvement of AI model accuracy, transcription quality, and platform features (using aggregated, de-identified data only)
  • Compliance with legal obligations and regulatory requirements

5. Information Sharing & Third-Party Providers

We do not sell your personal data or Caller data to third parties. We share data only with the following categories of recipients as necessary to provide the Services:

Retell AI

Processes caller audio in real time to generate AI voice responses, perform speech-to-text transcription, and extract call analysis. Call audio and transcripts pass through Retell AI infrastructure during call processing.

Stripe

Processes all payment transactions, subscription billing, and invoicing. Stripe is PCI DSS Level 1 certified. We share your billing information directly with Stripe and do not store raw card data.

Resend

Delivers transactional email notifications including post-call transcripts, daily summaries, and account alerts. Your email address and call summary content are transmitted to Resend for delivery.

Supabase

Provides our primary cloud database infrastructure and authentication services. All Customer and Caller data is stored on Supabase-managed PostgreSQL instances with encryption at rest.

Twilio

Sends SMS notifications (such as missed-call alerts) to Customer-designated phone numbers when this feature is enabled. Caller phone numbers may be included in these SMS payloads.

Google Gemini (AI/RAG)

Generates text embeddings from knowledge base content for retrieval-augmented generation (RAG) and assists with automated booking extraction from call transcripts.

Cal.com

Creates calendar bookings on your behalf when the appointment scheduling integration is enabled. Caller name, phone, email, and requested appointment time are transmitted to Cal.com.

We may also disclose information to law enforcement or regulatory authorities when required by law, court order, or to protect the rights, property, or safety of addisVOICE, our Customers, or the public.

6. Call Recording Notice to Callers

Calls handled by addisVOICE-powered AI receptionists are recorded and transcribed. Businesses using addisVOICE are required to disclose call recording to callers at the start of each interaction. If you are a Caller who spoke with an AI receptionist powered by addisVOICE and you have questions about how your call data was used, please contact the business whose AI receptionist you interacted with. You may also contact us at privacy@addisvoice.com and we will direct your inquiry appropriately.

7. Data Retention

  • Active Accounts: Call recordings, transcripts, and analytics are retained for the duration of your active subscription plus 30 days following cancellation.
  • Deleted Accounts: Upon account deletion request, all Customer and associated Caller data is permanently deleted within 30 days, except where retention is required by law.
  • Billing Records: Payment and transaction records are retained for 7 years as required for tax and accounting compliance.
  • Legal Holds: Data subject to active legal proceedings or regulatory investigations may be retained beyond standard periods.

To request deletion of your data, contact support@addisvoice.com.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete data.

Deletion

Request deletion of your personal data (subject to legal obligations).

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests.

Restriction

Request restriction of processing in certain circumstances.

Opt-Out (CCPA)

California residents may opt out of the "sale" of personal information. We do not sell personal data.

Withdrawal

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact privacy@addisvoice.com. We will respond within 30 days (or within the timeframe required by applicable law). We may request identity verification before fulfilling your request.

9. Data Security

We implement commercially reasonable technical and organizational safeguards to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no system is completely secure. We cannot guarantee the absolute security of your information and are not liable for unauthorized access resulting from factors outside our reasonable control. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

10. International Data Transfers

addisVOICE operates primarily in the United States. If you are located in the EEA, UK, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in the United States. Such transfers are made pursuant to appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, where required.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact privacy@addisvoice.com and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address and/or a prominent notice on our website at least 14 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

Privacy inquiries: privacy@addisvoice.com

General support: support@addisvoice.com

Also see our Terms of Service and Acceptable Use Policy