Privacy Policy

This Privacy Policy explains how Callys.ai collects, uses, and safeguards personal information when you use our AI voice agent platform.

Last updated: April 20, 2026

1. Information We Collect

  • Account data: name, email, and password.
  • Business data: company name, greeting scripts, business hours, and AI agent configuration.
  • Call data: voice recordings, transcripts, and caller phone numbers processed through Vapi.ai.
  • Booking data: appointments created via Google Calendar integrations.
  • Payment data: processed by Stripe; we do not store full card details.
  • Usage data: IP address, browser details, and dashboard interaction logs.

2. How We Use Your Information

  • Operate the AI voice agent service.
  • Process and transcribe calls.
  • Book appointments on your behalf.
  • Send notifications and transactional emails via Resend.
  • Process billing and subscription payments.
  • Improve AI response quality and platform reliability.
  • Comply with legal and regulatory obligations.

We do not sell your data or your callers' data to third parties.

3. Data Storage and Security

Callys.ai stores platform data in Supabase (PostgreSQL) infrastructure hosted on AWS. Data is encrypted at rest (AES-256) and in transit using TLS 1.2 or higher. We implement row-level security, restrict service role key usage to server-side environment variables, and conduct regular security reviews of our systems and vendors.

In the event of a confirmed breach affecting personal data, we will provide notification within 72 hours.

4. Third-Party Services

  • Vapi.ai: Voice call processing, real-time transcription, and AI conversation handling. Call audio is processed through Vapi's infrastructure.
  • Google Calendar: Appointment booking with explicit user authorization and minimum required scopes.
  • Stripe: PCI-compliant payment processing. We do not store card details.
  • Supabase: Database and authentication provider.
  • OpenAI and Gemini: AI-generated responses during calls. Their API data usage policies apply.
  • Deepgram: Voice synthesis for AI agent responses.
  • Resend: Transactional email delivery.

5. Data Retention

  • Active accounts: data retained while account remains active.
  • Cancelled accounts: data deleted 30 days after cancellation.
  • Call recordings: retained for 90 days by default.
  • Billing records: may be retained for up to 7 years for legal and tax compliance.
  • Immediate deletion requests can be processed upon verified request.

6. Your Rights

Subject to applicable law, you may request access, rectification, erasure, restriction of processing, data portability, and withdrawal of consent. To submit a request, email support@cvidsproductions.net. We respond to verified requests within 30 days.

7. Cookies

We use session cookies required for authentication and secure account sessions. We do not use tracking or advertising cookies.

8. Changes to This Policy

If we make material changes to this policy, we will notify users by email or dashboard notice at least 14 days before changes take effect.

9. Contact Us

Data Controller: Callys.ai

Email: support@cvidsproductions.net

10. Google API Services and Limited Use

Callys.ai uses Google API Services to provide calendar-based appointment booking for our customers.

Google Scopes Requested

  • https://www.googleapis.com/auth/calendar (read and write calendar events)
  • https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile (identify connected account)

How We Use Google User Data

  • Read calendar events for availability checks.
  • Create, update, and delete booking events created by our service.
  • Store OAuth tokens in an encrypted Supabase database.
  • Do not cache calendar event contents.

How We Protect Google User Data

  • We do not sell, rent, or trade Google user data with third parties.
  • We do not use Google user data for AI model training.
  • Access is limited to authorized personnel with operational need.
  • Users can disconnect Google anytime, and tokens are revoked within 24 hours.
  • Account deletion removes Google data within 30 days.

Compliance Statement

Callys.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

Google Data Requests

For requests related to Google user data, contact support@cvidsproductions.net. We respond within 30 days.