AI Call Agent← Back to home

Privacy Policy

Last updated: 1 February 2026
Effective date: 1 February 2026

AI Call Agent (“we,” “us,” or “our”) operates the AI Call Agent platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information and the information of people you contact through the Service. It applies to users of the Service (account holders and their authorized users) and, where relevant, to call recipients and other data subjects.

1. Who Is Responsible for Your Data?

We are the data controller for the personal data we process in connection with the Service (e.g. account data, usage data). For users in the UK and EU, we process personal data in accordance with the UK GDPR and the EU General Data Protection Regulation (GDPR). For California residents, we provide the disclosures required under the California Consumer Privacy Act (CCPA) as amended.

When you use the Service to place calls or upload contact data, you act as a data controller (or joint controller) for the personal data of the people you contact. You are responsible for having a lawful basis (e.g. consent, legitimate interest) to process their data and to provide them with any required notices. We process that data on your behalf as a processor to deliver the Service (see Section 6).

2. Data We Collect

2.1 Account and Registration Data

  • Name, email address, company name, and other details you provide when signing up or managing your account.
  • Login credentials (stored securely; we do not store raw card numbers—payments are handled by Stripe).

2.2 Usage and Service Data

  • Contacts and leads you upload (e.g. name, email, phone number, business name, country).
  • Call metadata: when calls are placed, duration, outcome (e.g. answered, not answered), cost.
  • Call recordings and transcripts (where the Service is configured to record and transcribe).
  • Calendar and appointment data you provide or that is captured during calls (e.g. for Cal.com booking).
  • Billing and balance information (e.g. top-ups, credits used).

2.3 Technical and Log Data

  • IP address, browser type, device information.
  • Logs of API requests, errors, and system events (for operation and security).

2.4 Data from Call Recipients

When you place a call through the Service, the recipient’s voice and the conversation content may be recorded and transcribed. We process this data to provide the Service (e.g. to store recordings and transcripts in your account). You must ensure that call recipients are informed and, where required by law (e.g. two-party consent states), have consented to recording.

3. How We Use Data

We use the data we collect to:

  • Provide the Service – Account management, placing and managing calls, storing recordings and transcripts, billing, and support.
  • Improve and secure the Service – Analytics (aggregated where possible), troubleshooting, fraud prevention, and security.
  • Comply with law – Responding to legal process, regulatory requests, and enforcing our terms.
  • Communicate with you – Service-related emails (e.g. password reset, billing, important policy changes). We may send marketing only where permitted and with your consent; you can opt out at any time.

We do not sell your personal data or the personal data of call recipients to third parties for marketing. We may share data as described in the next section.

4. Third-Party Processors and Disclosure

We use the following categories of service providers to operate the Service. They process data on our instructions and are bound by contractual obligations consistent with this policy and applicable law.

PurposeProcessorData sharedLocation / notes
Telephony (voice calls)TwilioPhone numbers, call metadata, recordings (if configured)US / global; see Twilio’s privacy policy
AI voice and conversationVAPIConversation content, transcripts, call metadataUS; see VAPI’s privacy policy
Speech-to-textDeepgram (via VAPI)Audio / voice data for transcriptionUS; see Deepgram’s privacy policy
AI / LLM processingOpenAI (via VAPI)Conversation content for AI responsesUS; see OpenAI’s privacy policy
PaymentsStripeBilling details, payment method (we do not store card numbers)Global; PCI-compliant; see Stripe’s privacy policy
Calendar / schedulingCal.com (if used)Calendar and slot dataAs per Cal.com configuration
Hosting and infrastructureVercel, Neon (database)All data necessary to run the ServiceAs per provider; may include US/EU

We may also disclose data:

  • To our affiliates and professional advisers (e.g. lawyers, auditors) where necessary.
  • When required by law (e.g. court order, regulatory request) or to protect our rights, safety, or property.
  • In connection with a merger, sale, or restructuring (with notice where required by law).

5. Legal Basis (UK/EU)

For users and data subjects in the UK and EU, we rely on:

  • Contract – Processing necessary to perform our contract with you (e.g. account, calls, billing).
  • Legitimate interests – Improving the Service, security, fraud prevention, and defending our rights, where not overridden by your interests.
  • Legal obligation – Where we must process data to comply with law.
  • Consent – Where we ask for consent (e.g. marketing, optional features); you may withdraw consent at any time.

6. Your Rights (GDPR and CCPA)

6.1 Data subject rights (GDPR)

If you are in the UK or EU, you have the right to:

  • Access – Request a copy of your personal data we hold.
  • Rectification – Request correction of inaccurate data.
  • Erasure – Request deletion of your personal data (subject to legal exceptions).
  • Restriction – Request that we limit processing in certain circumstances.
  • Portability – Request a copy of your data in a structured, machine-readable format.
  • Object – Object to processing based on legitimate interests (including profiling where applicable).
  • Withdraw consent – Where processing is based on consent.
  • Lodge a complaint – With a supervisory authority in your country.

To exercise these rights, contact us at support@aicallagent.ai. We will respond within the time required by law (e.g. one month under GDPR).

6.2 California residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information (subject to exceptions).
  • Correct inaccuracies in your personal information.
  • Opt out of the “sale” or “sharing” of personal information—we do not sell or share personal information for cross-context behavioural advertising as defined under CCPA.
  • Non-discrimination for exercising your rights.

To exercise these rights, contact us at support@aicallagent.ai. We may need to verify your identity. You may also designate an authorized agent.

6.3 Data access and deletion process

We provide a process for data access and deletion requests as required by GDPR and CCPA. Contact support@aicallagent.ai or use the in-app/data request form if we provide one. We will respond and, where applicable, provide or delete data within the statutory timeframe.

7. Data Retention

  • Account data – Retained while your account is active and for a period after closure as needed for legal, accounting, or dispute resolution (e.g. 3–7 years where required).
  • Recordings and transcripts – Retained according to your account settings and our retention policy; you can request deletion of specific calls or account data.
  • Billing and transaction data – Retained as required for tax, accounting, and legal compliance.
  • Logs and technical data – Retained for a limited period for security and operation (e.g. 12–24 months unless longer required by law).

We minimise data collection and delete or anonymise data when no longer needed for the purposes described in this policy.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit and at rest where applicable, access controls, and secure development practices. Payment card data is handled by Stripe and is not stored on our servers.

9. International Transfers

We and our processors may store and process data in the United States and other countries. Where we transfer personal data from the UK or EU to a country not recognised as providing adequate protection, we use appropriate safeguards (e.g. standard contractual clauses, UK IDTA) as required by law.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with data, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and, for material changes, notify you (e.g. by email or in-app notice) and indicate the effective date. We encourage you to review the policy periodically.

12. Contact

  • Data controller: AI Call Agent
  • Contact for privacy and data subject requests: support@aicallagent.ai (use this address for GDPR/CCPA requests and general privacy enquiries; we do not maintain a separate Data Protection Officer contact).
  • Registered office / postal address: Available on request—email support@aicallagent.ai.
  • Phone: We handle privacy and data requests by email only; please use the address above.

For EU/EEA representatives (if appointed), we will publish their contact details on our website or in this policy.

Have qualified legal counsel review registered office details, DPO requirements, and processor disclosures for your specific situation.

Ready to Stop MissingCalls and Start Scaling?

Book Demo