Privacy Policy

1. Introduction and Scope

Callaro.ai ("Callaro", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy ("Policy") describes how we collect, use, share, and secure personal information when you visit our website (callaro.ai), use our voice AI platform, APIs, or any related services (collectively, the "Services").

This Policy applies to all users of the Services, including website visitors, prospective customers, current customers, API consumers, and individuals whose data may be processed through our platform on behalf of our customers. By accessing or using our Services, you acknowledge that you have read and understood this Policy.

This Privacy Policy should be read in conjunction with our Terms of Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, job title, and billing details when you register for an account or contact us.
• Communication Data: Information you provide when you contact our support team, submit feedback, or participate in surveys.
• Payment Information: Billing address and payment method details, processed securely through our third-party payment processors. We do not store complete credit card numbers on our servers.

2.2 Information Collected Through the Services

• Call Data: Call recordings, transcripts, metadata (duration, timestamps, call outcomes), and AI-generated summaries and actions produced during automated voice calls.
• Client Data: Data uploaded by customers for use in call campaigns, including contact lists, CRM records, scripts, and knowledge base documents.
• Usage Data: Information about how you interact with our platform, including features used, API calls made, pages visited, session duration, and workflow configurations.

2.3 Information Collected Automatically

• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Log Data: Server logs recording access times, pages viewed, referring URLs, and other diagnostic data.
• Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies as described in Section 11 below.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the Services, including processing calls, generating transcripts, executing workflow actions, and delivering analytics.
• Account Management: To create and manage your account, process billing, and provide customer support.
• Communication: To send you service-related announcements, security alerts, support responses, and — with your consent — marketing communications.
• Product Improvement: To analyse usage patterns, diagnose technical issues, and develop new features. We use aggregated, anonymised data for these purposes wherever possible.
• Security and Compliance: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues. To comply with legal obligations and enforce our Terms of Service.
• Legal Obligations: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Call Recording and AI Processing

As a voice AI platform, Callaro processes call recordings and generates transcripts, summaries, and automated actions on behalf of our customers. Important disclosures regarding call data:

• Call recordings and transcripts are stored securely and encrypted at rest (AES-256) and in transit (TLS 1.2+).
• We do not use individual customer call data to train our core AI models without explicit, separate customer consent.
• Customers are responsible for ensuring that call recipients are notified of recording in compliance with applicable laws (e.g., two-party consent states/jurisdictions).
• Automated PII (Personally Identifiable Information) redaction is available for transcripts and can be configured per account.
• Call data retention periods are configurable by customers. Default retention is 90 days, after which data is permanently deleted unless otherwise configured.

5. Disclosure and Sharing of Information

We may share your information in the following circumstances:

• Service Providers (Sub-processors): We engage trusted third-party service providers to assist in delivering the Services. These include cloud infrastructure providers (DigitalOcean, AWS), telephony providers (Twilio, Exotel), payment processors, and analytics tools. Sub-processors are contractually bound to protect your data and use it only as directed by us.
• Integrations: When you connect third-party services (CRM, calendar, messaging) through our platform, data may be shared with those services as configured by you.
• Legal Requirements: We may disclose information when required by law, court order, subpoena, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
• With Consent: We may share information with your explicit consent for purposes not covered by this Policy.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data at rest (AES-256) and in transit (TLS 1.2+).
• Regular security assessments and penetration testing.
• Role-based access controls with the principle of least privilege.
• Multi-factor authentication for administrative access.
• Comprehensive audit logging of all system access and data operations.
• Incident response procedures with defined escalation protocols.

While we strive to use commercially acceptable means to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Services. Specific retention periods:

• Account Data: Retained for the duration of your account plus 30 days after account termination.
• Call Recordings and Transcripts: Configurable retention (default: 90 days). Enterprise customers can set custom retention periods.
• Usage and Analytics Data: Retained in aggregated, anonymised form indefinitely for product improvement.
• Billing Records: Retained as required by applicable tax and financial regulations (typically 7 years).

Upon account termination, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

8. International Data Transfers

Callaro operates globally and may transfer, store, and process your information in countries other than your country of residence, including India and the United States. When we transfer data internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:

• Standard contractual clauses approved by relevant data protection authorities.
• Data processing agreements with sub-processors that mandate equivalent protections.
• Compliance with applicable cross-border data transfer mechanisms under GDPR, DPDPA (India), and other applicable frameworks.

9. Your Data Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

• Right of Access: You have the right to request a copy of the personal information we hold about you and to confirm that we are processing your data.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information.
• Right to Erasure: In certain circumstances, you have the right to request deletion of your personal data. This is not absolute — we may retain data where required by law or legitimate business need.
• Right to Restriction of Processing: You have the right to request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at privacy@callaro.ai. We will respond to your request within 30 days, or as required by applicable law.

10. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly. If you believe that a child has provided us with personal information, please contact us at privacy@callaro.ai.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and assist in our marketing efforts. Types of cookies we use:

• Essential Cookies: Required for the basic functionality of the website and Services. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous usage statistics.
• Functional Cookies: Remember your preferences and settings to provide a personalised experience.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. These are only set with your consent.

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Services. For more information, see our Cookie Policy.

12. Communication Preferences

We may use your email address to send service-related communications (e.g., account notifications, security alerts, system maintenance notices). These communications are necessary for the operation of the Services and cannot be opted out of while your account is active.

For marketing communications (newsletters, product updates, promotional offers), we will only send these with your consent. You may opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@callaro.ai.

13. Third-Party Links

The Services may contain links to third-party websites, applications, or services that are not owned or controlled by Callaro. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you access through our platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent notice on the Services or sending you an email at least 30 days before the changes take effect. We encourage you to review this Policy periodically.

15. Grievance Officer / Data Protection Contact

In accordance with applicable data protection laws, if you have any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices, please contact our Grievance Officer / Data Protection Contact: