Privacy policy Callin.io

Last Updated: 25.09.2024

1. Introduction

Callin.io is a service provided by Replacing Humans LLC (“we,” “us,” or “our”), a company based in the United States. We have developed Callin.io, a SaaS platform that offers AI phone agent services for organizations.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website (www.callin.io) and our AI phone agent services (collectively, the “Services”). We are committed to protecting your privacy and complying with applicable data protection laws, including:

     

      • The General Data Protection Regulation (GDPR)

      • The German Federal Data Protection Act (BDSG) and Telemedia Act (TMG)

      • The Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD)

      • The Italian Personal Data Protection Code

      • The UK Data Protection Act 2018 and UK GDPR

      • The French Data Protection Act and the French Data Protection Authority (CNIL) guidelines

      • Applicable US privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

      • Other jurisdctions regulations.

    2. Data Controller and Contact Information

    Data Controller: Replacing Humans LLC 30 N Gould St Ste R, Sheridan, WY 82801 United States

    Data Protection Officer: Email: [email protected]

    For any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].

    3. Technical Infrastructure

    We utilize the following platforms and tools to provide our Services:

       

        • GenAI/AI Services: OpenAI chat completions, Azure OpenAI, OpenAI embeddings, Langchain, Cartesia Text to Speech Synthesis, Elevenlabs Text to Speech Synthesis, PlayHT Text to Speech Synthesis, Deepgram Speech Recognition/Speech to Text

        • Other: Redis Cache, Twilio Telephony Platform.

      4. Personal Data We Collect

      We collect and process the following types of personal data:

         

          • Account Information: Name, email address, phone number, company name, and website URL.

          • Usage Data: Information about how you use our Services, including IP address, browser type, device information, and interaction with our website and AI phone agents.

          • Google Calendar Data: With your explicit consent, we access and use data from your Google Calendar, including email addresses, names, dates of birth, phone numbers, notes, and event descriptions.

          • Call Recordings: With your explicit consent, we may record conversations between our AI phone agents and your customers for quality assurance and service improvement purposes or to enable you and your organizatin to lawfully use our software services.

          • Analytics Data: We use Google Analytics on our website to collect anonymized usage data. We do not use advertising pixels from platforms like Facebook, Instagram, or TikTok.

        5. How We Use Your Personal Data

        We use your personal data for the following purposes:

        a) Service Provision: To execute and deliver our services, including managing user accounts and providing AI phone agent functionality.

        b) Compliance and Legal Obligations: To comply with applicable laws and regulations, including tax laws.

        c) Marketing and Communications: To promote our services and communicate with potential and existing customers, based on our legitimate interests or your consent where required.

        d) Website Operation and Security: To manage and secure our website, ensuring its reliability and security.

        e) AI Call Management: When users request a callback from an AI agent, we process the provided data to facilitate this service.

        f) Google Calendar Integration: To allow our AI phone agents to schedule appointments on behalf of our clients.

        g) Service Improvement: To analyze usage patterns and improve our Services. h) Technical Issue Resolution: To detect, prevent, and address technical issues.

        6. Legal Bases for Processing

        We process your personal data on the following legal bases:

        a) Performance of a Contract: When processing is necessary to fulfill our contractual obligations to you.

        b) Compliance with Legal Obligations: When processing is required to comply with applicable laws and regulations.

        c) Legitimate Interests: When processing is based on our legitimate interests, such as improving our Services or marketing to potential customers, and these interests are not overridden by your rights and freedoms.

        d) Consent: When you have given explicit consent for specific processing activities, such as AI call recordings or accessing Google Calendar data.

        7. Data Sharing and Disclosure

        We may share your personal data with:

        a) Service Providers and Subprocessors: Including cloud service providers (AWS, GCP, Azure), AI service providers (OpenAI, Azure OpenAI), and other necessary technological service providers.

        b) Legal and Regulatory Authorities: When required by law or to protect our rights and interests.

        c) Potential Buyers or Investors: In the event of a sale, merger, or investment in our company.

        We do not sell your personal data to third parties. Google user data is not shared with third parties except as specified above for necessary service provision and development.

        8. International Data Transfers

        As a US-based company, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as:

           

            • Standard Contractual Clauses approved by the European Commission

            • Adequacy decisions for countries deemed to provide adequate protection

            • Binding Corporate Rules for intra-group transfers, where applicable

          9. Data Retention

          We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. Specifically:

             

              • Account information is retained for the duration of your use of our Services and for a reasonable period thereafter for legal and operational purposes.

              • Google Calendar data is retained only for as long as necessary to provide the requested services and is then securely deleted or anonymized.

              • Call recordings are retained for a limited period (typically 30 days) unless a longer retention period is required for legal or operational reasons.

            10. Your Rights

            Depending on your location, you may have the following rights regarding your personal data:

            a) Right to Access: You can request a copy of the personal data we hold about you.

            b) Right to Rectification: You can ask us to correct any inaccurate or incomplete personal data.

            c) Right to Erasure: You can request that we delete your personal data in certain circumstances.

            d) Right to Restrict Processing: You can ask us to restrict the processing of your personal data in certain situations.

            e) Right to Data Portability: You can request a copy of your data in a machine-readable format to transfer to another service.

            f) Right to Object: You can object to our processing of your personal data in certain circumstances, particularly for direct marketing purposes.

            g) Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

            h) Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

            To exercise these rights, please contact us using the information provided in Section 2.

            11. Security Measures

            We implement appropriate technical and organizational measures to protect your personal data, including:

               

                • Encryption of data in transit and at rest

                • Access controls and authentication mechanisms

                • Regular security audits and vulnerability assessments

                • Employee training on data protection and security best practices

                • Incident response and data breach notification procedures

              12. Cookies and Similar Technologies

              We use cookies and similar technologies to enhance your experience on our website. Our use of cookies includes:

                 

                  • Essential Cookies: Necessary for the website to function properly.

                  • Analytical Cookies: Used to analyze website usage and improve our services (e.g., Google Analytics).

                  • Functional Cookies: Enhance the functionality of the website.

                  • Advertising Cookies: While we do not currently use advertising pixels, we may use cookies for marketing purposes.

                Users can control the use of cookies through their browser settings. Opting out of non-essential cookies may affect the functionality of our website.

                For more detailed information about the specific cookies we use and how to manage them, please see our separate Cookie Policy [link to Cookie Policy].

                13. Google Analytics

                We use Google Analytics to analyze the use of our website. Google Analytics uses cookies to collect information about website usage. This data is processed in a way that does not directly identify individuals. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

                14. Integration with Google Calendar

                Our software integrates with Google Calendar solely to allow our AI phone agents to schedule appointments on behalf of our clients. We access this data with your explicit consent and use it only for the specified purpose of appointment scheduling. We do not transfer or process this data using large language models.

                15. AI Phone Agents and Call Recordings

                With your explicit consent, conversations between our AI phone agents and your customers may be recorded for quality assurance and service improvement purposes or to enable you to lawfully use our software services. These recordings are stored securely and accessed only by authorized personnel. You have the right to withdraw your consent for call recording at any time. You can withdraw your aforementioned consent at any time, but you will not be able to fully use all the features of our software, such as performing certain actions based on the analysis of the conversation data.

                16. Children’s Privacy

                Our Services are not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information unless we have a legal obligation to keep it.

                17. Changes to This Privacy Policy

                We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. We encourage you to review this policy periodically.

                18. Specific Provisions for Different Jurisdictions

                18.1 European Union (GDPR)

                For users in the EU, the GDPR applies to the processing of your personal data. In addition to the rights outlined in Section 10:

                   

                    • We will respond to your requests to exercise your rights within one month, with the possibility of extending this period by two additional months where necessary.

                    • You have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.

                  18.2 Germany (DSGVO and TMG)

                  For users in Germany, in addition to GDPR rights:

                  a) Legal Framework: We comply with the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), the Telemedia Act (Telemediengesetz, TMG), and the GDPR implementation law (Datenschutz-Grundverordnung, DSGVO).

                  b) Data Protection Officer: As required by German law, we have appointed a Data Protection Officer. You can contact our DPO at [email protected].

                  c) Right to Object:

                     

                      • You have the right to object to the processing of your personal data for direct marketing purposes at any time, free of charge.

                      • If we process your data based on legitimate interests, you have the right to object to such processing. We will then no longer process the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

                    d) Consent:

                       

                        • For minors under 16, consent must be given or authorized by the holder of parental responsibility.

                        • We obtain explicit consent for the processing of special categories of personal data, as required by § 26 BDSG.

                      e) Data Minimization: We adhere strictly to the principle of data minimization as required by § 71 BDSG.

                      f) Employee Data: We process employee data in accordance with § 26 BDSG, ensuring that such processing is necessary for the employment relationship.

                      g) Automated Decision-Making: If we use automated decision-making processes, we comply with the restrictions set out in § 37 BDSG.

                      h) Data Transfers: We ensure that data transfers to countries outside the EU/EEA comply with Chapter V of the GDPR and § 78-81 BDSG.

                      i) Telemedia Act Compliance:

                         

                          • We only collect and use personal data to the extent necessary to enable the use of our website and to bill for services, as per § 15 TMG.

                          • We do not combine usage data with personal data unless necessary for billing purposes or explicitly permitted by law.

                        j) Right to Information: In accordance with § 34 BDSG, you have the right to request information about the personal data we process about you.

                        k) Supervisory Authority: You have the right to lodge a complaint with the competent state data protection authority (Landesdatenschutzbehörde) or the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit).

                        18.3 Spain (LOPDGDD)

                        For users in Spain:

                           

                            • You have the right to request the limitation of processing in certain circumstances, as provided by the LOPDGDD.

                            • We comply with specific requirements regarding the information to be provided in data collection forms and the obtaining of consent.

                            • We adhere to the guidelines set by the Spanish Data Protection Agency (AEPD) regarding cookie usage and online tracking.

                          18.4 Italy (GPDP)

                          For users in Italy:

                             

                              • You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

                              • We comply with specific requirements regarding the information to be provided and the obtaining of consent, as outlined in the Italian Personal Data Protection Code.

                              • We adhere to the guidelines set by the Garante regarding cookie usage and online tracking.

                            18.5 United Kingdom (ICO)

                            For users in the UK:

                               

                                • References to GDPR in this policy should be understood as references to the UK GDPR and the Data Protection Act 2018.

                                • You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we have not adequately addressed your concerns.

                                • We comply with specific requirements regarding data transfers outside the UK, ensuring appropriate safeguards are in place.

                              18.6 France (CNIL)

                              For users in France:

                                 

                                  • You have the right to define guidelines regarding the fate of your personal data after your death, in accordance with the French Data Protection Act.

                                  • We comply with the specific requirements set by the French Data Protection Authority (CNIL) regarding cookie consent and data retention periods.

                                  • You have the right to lodge a complaint with the CNIL if you believe we have not adequately addressed your concerns.

                                18.7 United States

                                For users in the United States:

                                   

                                    • California residents may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to opt-out of the sale of personal information and the right to request deletion of personal information.

                                    • We comply with the CAN-SPAM Act for marketing communications, providing clear unsubscribe options in our marketing emails.

                                    • We adhere to the principles of the Children’s Online Privacy Protection Act (COPPA) regarding the collection of data from children under 13.

                                    • You have the right to know what personal information we collect, use, disclose, and sell.

                                    • You have the right to request deletion of your personal information, subject to certain exceptions.

                                    • You have the right to opt-out of the sale of your personal information.

                                    • You have the right to non-discrimination for exercising your CCPA rights.

                                    • You can designate an authorized agent to make a request on your behalf.

                                  c) Nevada Privacy Rights: Under Nevada law, you have the right to opt-out of the sale of certain personal information to third parties. To exercise this right, please contact us at [email protected].

                                  d) Data Security: We implement reasonable security measures to protect your personal information, as required by various state laws (e.g., California, New York, Massachusetts).

                                  e) Data Breach Notification: In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable state laws.

                                  f) Do Not Track: We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.

                                  g) Children’s Privacy:

                                     

                                      • Our services are not directed to children under 13.

                                      • We do not knowingly collect personal information from children under 13.

                                      • If we learn we have collected personal information from a child under 13, we will delete that information promptly.

                                    h) Email Marketing:

                                       

                                        • We comply with the CAN-SPAM Act.

                                        • All marketing emails contain an “unsubscribe” option and our physical address.

                                        • We process opt-out requests promptly, within 10 business days.

                                      i) Financial Information: If we collect financial information, we comply with the Gramm-Leach-Bliley Act (GLBA) safeguards rule to protect such information.

                                      j) Health Information: We do not collect or process protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA). If this changes, we will update our practices to comply with HIPAA requirements.

                                      k) Third-Party Websites: Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

                                      l) Changes to Privacy Practices: We will notify you of any material changes to our privacy practices through our website or via email.

                                      18.8 The Netherlands

                                      For users in the Netherlands:

                                         

                                          • We comply with the Dutch General Data Protection Regulation Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG), which supplements the GDPR in the Netherlands.

                                          • You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not adequately addressed your concerns.

                                          • We adhere to the guidelines set by the Autoriteit Persoonsgegevens regarding cookie usage and online tracking, including obtaining explicit consent for non-essential cookies.

                                          • In accordance with Dutch law, we will respond to requests to exercise your rights under the GDPR within one month, with the possibility of extending this period by two additional months where necessary, informing you of such extension within the first month.

                                          • If we process your personal data based on legitimate interests, you have the right to object to such processing, and we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

                                          • We comply with specific requirements regarding the processing of special categories of personal data (such as health data or biometric data) as outlined in the UAVG.

                                        18.9 Portugal

                                        For users in Portugal:

                                           

                                            • We comply with Law No. 58/2019, which ensures the implementation of the GDPR in Portugal.

                                            • You have the right to lodge a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados, CNPD) if you believe we have not adequately addressed your concerns.

                                            • In accordance with Portuguese law, we will respond to requests to exercise your rights under the GDPR free of charge, unless the request is manifestly unfounded or excessive.

                                            • We adhere to the guidelines set by the CNPD regarding cookie usage and online tracking, including obtaining clear and specific consent for non-essential cookies.

                                            • If we process your personal data for direct marketing purposes, you have the right to object at any time, free of charge, to such processing, including profiling to the extent that it is related to such direct marketing.

                                            • We comply with specific requirements regarding the processing of personal data in the context of employment relationships, as outlined in Portuguese labor law and the guidelines provided by the CNPD.

                                            • In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will communicate the breach to you without undue delay, in clear and plain language, as required by Portuguese law.

                                          By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this policy, please do not use our Services.

                                          For any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].