Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials through our authentication provider, Clerk. If you sign up using a third-party provider (e.g., Google), we receive the profile information you authorize.

1.2 Call Data

When you initiate calls through the Service, we collect and store:

• Phone numbers dialed and caller ID information
• Call duration, timestamps, and status (connected, no answer, voicemail, etc.)
• Full audio recordings of all calls
• AI-generated transcripts of both sides of each conversation
• AI-generated summaries and structured data extracted from conversations
• Call objectives and instructions you provide

1.3 Payment Information

Payment processing is handled by Stripe. We do not directly store your credit card numbers. Stripe collects and processes your payment information in accordance with their privacy policy. We receive and store transaction records, billing history, and credit balances.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including IP addresses, browser type, pages viewed, API requests, feature usage patterns, and timestamps.

1.5 API Keys

We generate and store API keys that you use to authenticate with our Service. You are responsible for keeping your API keys confidential.

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including initiating and managing phone calls on your behalf
• Process calls through our telephony infrastructure and route audio through our media servers
• Transcribe call audio and extract structured data using artificial intelligence models
• Process payments and manage your account balance
• Send transactional communications related to your account and calls
• Monitor and enforce compliance with our Terms of Service and Acceptable Use Policy
• Detect and prevent fraud, abuse, and security incidents
• Improve, develop, and optimize the Service
• Comply with legal obligations

3. Call Recording & Transcription

All outbound calls made through AgenticCalling are recorded and transcribed by artificial intelligence. This is a core function of the Service and cannot be disabled.

• Audio Recordings: Full audio recordings of all calls are captured and stored in cloud storage (Supabase Storage / Amazon S3). Recordings are retained for 90 days by default, after which they are automatically deleted unless you request earlier deletion.
• Transcripts: AI-generated transcripts of both sides of the conversation are created for every call. Transcripts are retained until you delete them or until your account is terminated.
• AI Analysis: Call audio and transcripts are processed by artificial intelligence models (including OpenAI and Google Gemini) to generate summaries and extract structured data based on your specified objectives.
• Call Recipient Disclosure: Our voice agents identify themselves and may disclose that the call is being recorded, as applicable. However, you are solely responsible for ensuring compliance with all applicable recording consent laws in the jurisdictions where your call recipients are located.

4. Data Sharing

We share information with the following categories of third-party service providers solely to operate the Service:

• Twilio — Telephony, SIP trunking, and SMS delivery. Twilio processes phone numbers, call metadata, and audio streams to route calls.
• LiveKit — WebRTC media infrastructure. LiveKit processes real-time audio streams during active calls.
• OpenAI — AI processing, speech-to-text transcription, and natural language understanding. Call audio and/or transcripts are sent to OpenAI for processing.
• Google (Gemini) — AI processing and audio analysis. Call audio may be sent to Google for AI-powered conversation handling.
• Stripe — Payment processing. Stripe receives your payment information and transaction details.
• Clerk — Authentication and identity management. Clerk processes your login credentials and profile information.
• Supabase — Database hosting and file storage. Call data, transcripts, and recordings are stored in Supabase.
• Render — Application hosting and infrastructure.

We do not sell your personal information or call data to third parties. We do not share your data with third parties for their own marketing purposes.

We may disclose information if required by law, subpoena, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Storage & Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and authentication for all internal systems
• Secure cloud storage through Supabase and Amazon S3 with server-side encryption
• Regular security reviews of our infrastructure
• API key-based authentication for programmatic access

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

• Audio Recordings: Retained for 90 days from the date of the call, then automatically deleted. You may request earlier deletion at any time.
• Transcripts & Structured Data: Retained until you manually delete them or until 30 days after account termination.
• Account Information: Retained for the duration of your account and for 30 days following account termination.
• Payment Records: Retained as required by applicable tax and accounting regulations.
• Usage Logs: Retained for up to 12 months for analytics and security purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Export: Download your call recordings, transcripts, and structured data through the dashboard or API.
• Deletion: Request deletion of your personal information, call recordings, and transcripts. Note that we may retain certain information as required by law.
• Correction: Request correction of inaccurate personal information.
• Opt-Out: You may close your account at any time to stop all data collection.

To exercise any of these rights, contact us at rab657@nyu.edu. We will respond to your request within 30 days.

8. TCPA & Telecommunications Compliance

You are solely responsible for obtaining all necessary consents from individuals before initiating calls or text messages through our platform.

AgenticCalling acts as a technology provider and communications platform. You, the user, are the initiator of all calls and messages. As the initiator, you bear full responsibility for compliance with:

• The Telephone Consumer Protection Act (TCPA)
• The Telemarketing Sales Rule (TSR)
• The National Do Not Call (DNC) Registry requirements
• State-specific telemarketing and robocall laws
• All applicable call recording consent laws, including two-party/all-party consent states
• The CAN-SPAM Act and other applicable messaging regulations

A2P 10DLC Compliance

If you use the Service to send SMS or text messages, you are required to register your messaging campaigns in accordance with A2P 10DLC (Application-to-Person 10-Digit Long Code) requirements. This includes registering your brand and campaign with The Campaign Registry (TCR) through our platform. Failure to complete A2P 10DLC registration may result in message filtering, delivery failures, or suspension of your messaging capabilities.

DNC List Management

We provide DNC list management tools to help you maintain compliance. You are responsible for uploading and maintaining your internal DNC lists and for scrubbing your call lists against the National DNC Registry as required by law. Our tools assist but do not guarantee regulatory compliance.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal information, please contact us at rab657@nyu.edu.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send a notification to the email address associated with your account. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at: