Privacy Policy

YourCallAgent ("we", "our", "us") provides AI-powered voice agent software to businesses. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and the choices you have. By using the Service, you agree to this Policy.

Contact: privacy@yourcallagent.com

This Policy addresses two distinct groups:

• Customers — the businesses and individuals who sign up for and use the Service. With respect to Customer data, we are a data controller.
• Callers — the people who call our Customers and interact with an AI voice agent. With respect to Caller data, we are a data processor acting on the Customer's instructions; the Customer is the controller.

• Account information: name, email address, company name, role, and authentication credentials (handled by Supabase Auth).
• Configuration: agent prompts, knowledge base entries, calendar recipient email, business settings.
• Connected accounts: when you connect Google, we receive OAuth tokens (access + refresh tokens) and request the drive.readonly scope. We use those tokens to read the contents of the Drive folder you select.
• Drive content: the text contents of files in the Drive folder you select (Google Docs, Sheets, PDFs, and plain-text files). We store extracted text in your knowledge base.
• Operational logs: request logs, error logs, and audit data we use to operate, secure, and debug the Service.
• Payment information: if you purchase a paid plan, billing information is handled by our payment processor; we do not store full card numbers.

When a caller interacts with one of our Customer's AI agents, we may process:

• The caller's phone number.
• Audio and transcripts of the call.
• Information the caller volunteers during the conversation (e.g., name, scheduling preferences, contact details).
• Call metadata: duration, timestamps, outcome categories or tags assigned by the Customer.

We process this data only to provide the Service to the Customer (e.g., routing the call, generating responses, sending appointment emails) and as required by our agreements and applicable law. We do not sell Caller data. We do not use Caller data to train general-purpose AI models.

Customers are responsible for any required disclosures to Callers, for recording consent, and for honoring Caller rights requests. If you are a Caller and want to exercise your rights, please contact the business that called you; if you cannot reach them, contact us and we will route the request to the relevant Customer.

• Provide, operate, secure, and improve the Service.
• Authenticate users and prevent abuse, fraud, and unauthorized access.
• Send transactional communications (account notices, billing, security alerts).
• Provide customer support.
• Comply with legal obligations and enforce our Terms.

We share data with these subprocessors. Their handling of your data is governed by their own privacy policies.

• Retell AI — voice infrastructure: call routing, audio streaming, real-time transcription, and the LLM that powers your agent.
• Supabase — Postgres database and authentication.
• Cloudflare — application hosting and CDN.
• Google — Drive (for folder content you authorize us to read) and Calendar / Gmail integrations that you enable.
• Resend — transactional email delivery (e.g., calendar invites).

We may also disclose data if required by law, subpoena, or government request, or to protect the rights, property, or safety of us, our users, or others. If we are involved in a merger, acquisition, or sale of assets, data may be transferred as part of the transaction subject to standard confidentiality protections.

When you connect your Google account, we request the drive.readonly scope and access only the folder you select. We use Drive content solely to populate your agent's knowledge base. We do not share Drive content with any third party except as needed to operate the Service (e.g., sending knowledge base text to Retell AI as part of your agent's prompt). We do not use Google user data for advertising, and we do not transfer or sell it.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can disconnect Google access at any time from your Settings page or by revoking access at myaccount.google.com/permissions. On disconnect, we delete the stored tokens; previously imported text remains in your knowledge base until you remove it.

We retain Customer data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. You can request deletion at any time; backup copies may persist for up to 30 days before being purged.

Caller data is retained according to the Customer's retention configuration and as needed to operate the Service.

We use reasonable administrative, technical, and physical safeguards to protect personal data — including encryption in transit, encryption at rest where supported by our infrastructure providers, access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security.

Our infrastructure is global. Personal data may be processed in the United States, the European Union, and other countries where we or our subprocessors operate. Where required, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses.

Depending on your jurisdiction (e.g., GDPR, UK GDPR, CCPA/CPRA, PIPEDA, LGPD), you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate personal data.
• Delete personal data, subject to limited exceptions.
• Object to or restrict processing.
• Receive a portable copy of your personal data.
• Withdraw consent where we rely on consent as the lawful basis.
• Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@yourcallagent.com. We will respond within the timeframe required by applicable law.

We use first-party cookies that are strictly necessary to authenticate your session and remember your preferences. We do not use third-party advertising or cross-site tracking cookies. We may use privacy-respecting analytics to understand aggregate usage of the Service.

The Service is not directed to children under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this Policy from time to time. If we make a material change, we will notify you by email or in-product notice before it takes effect. The "Last updated" date at the top reflects the latest version.

For privacy questions, complaints, or to exercise your rights, email privacy@yourcallagent.com.