Privacy Policy.
How we protect and use your data.

Callvy AI LLC - Privacy policy.

Effective Date: January 2026

Last Updated: January 2026



1. Overview and Purpose of This Privacy Policy


This Privacy Policy explains how Callvy AI LLC (“Callvy,” “we,” “us,” or “our”) collects, uses, processes, stores, shares, and protects information in connection with its AI-powered voice agent and business communication platform, including but not limited to inbound and outbound calling, automated appointment scheduling, call recording, message delivery, and system integrations.

Callvy is a business-to-business (B2B) SaaS platform designed for use by business entities, professionals, and organizations. We do not provide consumer-facing services intended for personal, household, or purely individual use. Any personal data processed by Callvy is done on behalf of business customers and within a commercial communications context.

This Privacy Policy is drafted to comply with applicable U.S. federal and state privacy laws, including but not limited to:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • State privacy laws in Virginia, Colorado, Connecticut, Utah, and similar jurisdictions
  • Applicable U.S. wiretapping and call recording laws
  • Applicable provisions of the Telephone Consumer Protection Act (TCPA)
  • General data protection and security obligations applicable to SaaS providers

Where applicable, this Policy also addresses international data transfer considerations for data that may be processed or stored outside the United States.



2. Scope of This Policy


This Privacy Policy applies to:

  • The Callvy website located at https://callvy.ai
  • The Callvy web application, dashboards, and administrative interfaces
  • AI voice agents operated by or through Callvy
  • Recorded and transcribed calls processed through Callvy systems
  • Messages sent via SMS, email, WhatsApp, or similar channels through Callvy
  • Calendar, spreadsheet, CRM, and productivity tool integrations
  • Any other services, features, or tools provided by Callvy that link to or reference this Privacy Policy

This Policy does not apply to third-party websites, services, or platforms that may be linked to or integrated with Callvy but are governed by their own privacy policies.



3. Business-to-Business (B2B) Context and Role Allocation


Callvy operates primarily as a data processor and service provider when handling information on behalf of its business customers. In this context:

  • Our customers are typically the data controllers (or “businesses” under CCPA)
  • Callvy acts as a service provider / processor, processing data strictly according to customer instructions and contractual obligations

However, Callvy may act as a data controller with respect to certain limited information, including:

  • Account registration and billing data
  • Website analytics and usage data
  • Security, fraud prevention, and compliance data
  • Communications between Callvy and its customers

Nothing in this Policy is intended to shift legal responsibility for end-user consent, call recording disclosures, or lawful communications away from the customer where such responsibility is imposed by law.



4. Nature of Callvy’s Services and AI Processing


Callvy provides AI-powered voice and communication systems, including:

  • AI voice agents that answer and place telephone calls
  • Automated call routing and call handling
  • Call recording and storage
  • Real-time or post-call transcription using automated speech recognition
  • AI-generated conversational responses using large language models (LLMs)
  • Appointment booking and calendar synchronization
  • Automated confirmation and follow-up messaging via SMS, email, and WhatsApp

These services necessarily involve the automated processing of voice data, call metadata, conversational content, and business scheduling information.

By using Callvy, customers acknowledge and agree that:

  • Calls may be handled by AI systems rather than human agents
  • Conversations may be recorded, transcribed, analyzed, summarized, or processed by AI models
  • AI outputs are probabilistic and may not be error-free

Callvy does not represent that AI-generated responses are legally, medically, or professionally authoritative.



5. Call Recording and Consent Framework


Callvy provides tools that enable call recording, but does not control how customers deploy those tools.

Customers are solely responsible for:

  • Determining whether call recording is lawful in their jurisdiction
  • Providing required disclosures to callers (e.g., “This call may be recorded”)
  • Obtaining any required consent under federal or state law
  • Complying with one-party or all-party consent requirements

Callvy expressly disclaims responsibility for unlawful call recording conducted by customers.

To reduce risk, Callvy systems may support:

  • Automated call recording disclosures
  • Configurable recording controls
  • Logging and audit features

However, the presence of such features does not relieve customers of their legal obligations.



6. AI, LLMs, and Automated Decision-Making Disclosure


Callvy’s platform uses a combination of:

  • Large language models (LLMs)
  • Conversational AI agents
  • Speech-to-text and text-to-speech technologies
  • Automated decision logic

These systems may:

  • Generate spoken responses
  • Interpret caller intent
  • Route calls or schedule appointments
  • Produce summaries or structured outputs

Processing may occur:

  • In real time
  • Asynchronously
  • On Callvy infrastructure or via third-party AI service providers

Callvy does not use AI systems to engage in unlawful profiling or discriminatory decision-making, and does not knowingly deploy AI for purposes that would require heightened legal disclosures unless explicitly agreed in writing.



7. Third-Party Infrastructure and AI Service Providers (High-Level Disclosure)


To deliver its services, Callvy relies on third-party infrastructure providers, which may include:

  • Cloud hosting providers
  • Telecommunications carriers and messaging platforms
  • AI model providers (including speech, voice synthesis, and language models)
  • Analytics and monitoring services
  • Email, calendar, and productivity platform integrations

Audio, transcripts, metadata, and message content may be processed by these providers solely to provide services to Callvy and its customers, subject to contractual confidentiality, security, and data protection obligations.

Callvy does not sell personal data and does not permit third-party providers to use customer data for their own independent marketing purposes.

(Additional detail on third-party processing, including telecom and messaging platforms such as SMS and WhatsApp rails, will be covered in later sections.)



8. Children’s Data


Callvy services are not intended for use by children under 13, and Callvy does not knowingly collect personal information from children.

Customers are prohibited from using Callvy to intentionally engage minors unless they have obtained all legally required parental or guardian consents.

If Callvy becomes aware that it has inadvertently processed children’s data without appropriate authorization, it will take reasonable steps to delete such information.



INFORMATION WE COLLECT, HOW IT IS COLLECTED, AND PURPOSE LIMITATION


This section is intentionally detailed and exhaustive. It is designed to clearly articulate what data is collected, how it enters Callvy’s systems, and why each category is processed, in alignment with U.S. privacy, telecommunications, and AI governance expectations.



9. Categories of Information We Collect


Callvy may collect, receive, generate, or process the following categories of information in connection with its services. Not all categories apply to every customer or use case.



9.1 Business and Account Information


We collect information necessary to establish and maintain a business relationship, including:

  • Legal business name
  • Trade name or DBA
  • Business address
  • Business email addresses
  • Business phone numbers
  • Authorized user names and credentials
  • Account configuration settings
  • Billing, invoicing, and payment-related metadata (processed via third-party payment processors)
  • Support communications and correspondence

Purpose:

This information is collected to onboard customers, authenticate users, administer accounts, provide customer support, process payments, enforce contractual terms, and comply with legal and tax obligations.



9.2 Phone Numbers and Call Identifiers


Callvy processes phone-related data, including:

  • Business phone numbers provisioned or connected to the platform
  • Inbound caller phone numbers
  • Outbound call destination numbers
  • Call routing identifiers
  • Caller ID information
  • Trunk, carrier, or session identifiers

Purpose:

Phone number data is required to enable call routing, inbound and outbound communications, caller identification, call analytics, troubleshooting, fraud prevention, and regulatory compliance.

Callvy does not independently determine whom customers call or message. All dialing decisions are made by the customer or their configured workflows.



9.3 Call Audio Recordings


Callvy may record audio from inbound and outbound calls, depending on customer configuration.

This may include:

  • Entire call recordings
  • Partial call segments
  • Voicemail audio
  • AI-generated audio responses

Important Disclosure:

Call recording is a configurable feature. Whether a call is recorded depends on customer settings and legal obligations applicable to the customer.

Purpose:

  • Provide call recording services requested by customers
  • Enable transcription and AI-driven call handling
  • Support quality assurance and debugging
  • Allow customers to review, audit, or document communications
  • Comply with customer recordkeeping requirements

Callvy does not independently decide when recording is legally permissible.



9.4 Call Metadata and Telephony Logs


Callvy collects technical and operational metadata associated with calls, including:

  • Call start and end times
  • Call duration
  • Ring time
  • Call routing paths
  • Transfer events
  • Hang-up reasons
  • Error codes
  • AI agent handoff indicators

Purpose:

This data is essential for system functionality, reliability monitoring, billing calculations, analytics, performance optimization, security auditing, and customer reporting.



9.5 AI Conversation Transcripts and Derived Data


When enabled, Callvy converts audio into text and may generate:

  • Call transcripts
  • Structured conversation summaries
  • Detected intents
  • AI-generated responses
  • Extracted appointment details (e.g., date, time, service requested)

These outputs may be created using automated speech recognition and large language models.

Purpose:

Transcript and derived data are used to:

  • Enable AI-driven conversation handling
  • Power appointment booking and follow-ups
  • Improve customer workflows
  • Provide searchable records and analytics
  • Debug and improve system accuracy

AI outputs are probabilistic and may contain errors.



9.6 Appointment, Scheduling, and Calendar Data


When customers connect calendars or scheduling systems, Callvy may process:

  • Availability windows
  • Appointment times and dates
  • Service types
  • Attendee names and contact details
  • Booking confirmations, cancellations, and reschedules

Purpose:

This data enables automated appointment booking, real-time availability checking, reminders, confirmations, and calendar synchronization.

Callvy only accesses calendar data authorized by the customer through supported integrations.



9.7 Messages Sent via SMS, Email, and WhatsApp


Callvy may process outbound and inbound message content, including:

  • SMS messages
  • WhatsApp messages
  • Email notifications
  • Confirmation and reminder messages
  • Follow-up communications

Message content may include appointment details, confirmations, or customer-defined templates.

Purpose:

Messaging data is processed to deliver communications requested by customers and to confirm or follow up on calls and appointments.



9.8 IP Address, Device, and Usage Information


We collect certain technical information automatically, such as:

  • IP addresses
  • Browser type
  • Device type
  • Operating system
  • Access timestamps
  • Usage patterns within the dashboard

Purpose:

This data is used for security, fraud prevention, performance optimization, debugging, and analytics.



9.9 Cookies and Analytics Data


Callvy uses cookies and similar technologies on its website and dashboards to collect:

  • Session identifiers
  • Authentication tokens
  • Usage metrics
  • Page interaction data

Purpose:

Cookies help maintain sessions, improve usability, monitor performance, and understand aggregate usage trends. Callvy does not use cookies for cross-site behavioral advertising.



10. How Information Is Collected


Information processed by Callvy enters the system through multiple lawful channels:


10.1 Directly From Customers


  • Account registration
  • Configuration inputs
  • Uploaded data
  • Customer support communications

10.2 Automatically Through Use of the Platform


  • Calls placed or received
  • Messages sent or received
  • AI agent interactions
  • System logs and telemetry

10.3 Through Integrations Authorized by Customers


  • Calendar platforms (e.g., scheduling and availability)
  • Email services
  • Spreadsheet or CRM tools
  • Messaging platforms

Callvy accesses only the data scopes explicitly authorized by customers.



11. Purpose Limitation and Lawful Use


Callvy processes information solely for legitimate business purposes, including:

  • Providing and operating the platform
  • Performing contractual obligations
  • Ensuring system security and integrity
  • Complying with legal obligations
  • Improving service reliability and functionality

Callvy does not use collected data for unrelated purposes without authorization.



12. Telecommunications, TCPA, and Messaging Compliance Positioning


Callvy provides technical tools, not legal advice or compliance determinations.

Customers acknowledge and agree that:

  • They are responsible for TCPA compliance
  • They must obtain lawful consent for calls and messages
  • They must comply with opt-in, opt-out, and do-not-call requirements
  • They must comply with WhatsApp, SMS, and carrier policies

Callvy may enforce platform-level safeguards (such as rate limits or abuse detection) but does not guarantee regulatory compliance.



13. No Sale of Personal Data


Callvy does not sell personal data, as that term is defined under applicable U.S. privacy laws.

We do not exchange personal data for monetary or other valuable consideration with third parties for independent use.



AI SYSTEMS, MODEL TRAINING, THIRD-PARTY PROCESSORS, AND DATA FLOW CONTROL


This section is drafted deliberately dense and defensive to address AI governance, voice synthesis, LLM usage, telecom rails, and processor liability insulation, consistent with enterprise SaaS and AI-first platforms operating in the United States.



14. Artificial Intelligence Systems and Automated Processing


14.1 Use of AI, LLMs, and Conversational Agents


Callvy’s services are fundamentally enabled by automated systems, including but not limited to:

  • Large Language Models (LLMs)
  • Conversational AI agents
  • Automated speech recognition (speech-to-text)
  • Voice synthesis (text-to-speech)
  • Decision logic and workflow automation

These systems may operate:

  • In real time during live calls
  • Asynchronously after calls conclude
  • Across distributed infrastructure

AI systems may generate outputs including spoken responses, text messages, summaries, routing decisions, or structured data fields.

Important Notice:

AI-generated outputs are probabilistic, not deterministic. They may be incomplete, inaccurate, or contextually incorrect. Callvy does not guarantee correctness, factual accuracy, or suitability for any specific purpose.



14.2 No Human Review Guarantee


Unless explicitly configured or contracted, AI interactions may occur without human review. Customers are responsible for determining whether human oversight is required for their use case.



15. AI Training, Improvement, and Model Refinement


15.1 Use of Data for System Improvement


Callvy may use limited subsets of processed data to:

  • Improve platform performance
  • Enhance speech recognition accuracy
  • Improve conversational quality
  • Detect system failures or abuse
  • Optimize AI routing and intent recognition

This use is conducted under strict internal controls and subject to contractual obligations with customers.



15.2 No Open Model Training on Customer Data by Default


By default:

  • Callvy does not use customer call audio or transcripts to train open or public AI models
  • Data processed on behalf of customers is not sold or licensed for third-party model development

Any deviation from this principle would require explicit contractual agreement.



15.3 Third-Party AI Model Providers


To deliver AI functionality, Callvy may rely on third-party AI service providers for:

  • Speech recognition
  • Voice synthesis
  • Natural language understanding
  • Language generation

These providers process data solely to deliver services to Callvy and are bound by confidentiality, security, and data-use restrictions.

Callvy intentionally does not guarantee that AI vendors will never update, replace, or modify their underlying models.



16. Voice Synthesis, Audio Processing, and AI Voice Providers


Callvy’s AI voice agents may generate or process audio using third-party voice synthesis and audio processing technologies, including providers specializing in conversational AI voices.

Audio data (including caller audio and AI-generated speech) may be:

  • Temporarily processed
  • Buffered
  • Transmitted
  • Stored for limited durations

Legal Positioning:

Voice processing providers act as sub-processors, not independent data controllers. They are contractually prohibited from using Callvy data for unrelated purposes.

Callvy does not represent that any specific vendor will be used indefinitely and reserves the right to change providers without notice.



17. Telecommunications, Messaging, and Carrier Infrastructure


17.1 Telecom Rails and Call Delivery


Callvy does not operate its own global telecommunications network. Calls are delivered via third-party telecom carriers and infrastructure providers.

These providers may process:

  • Phone numbers
  • Call metadata
  • Audio streams

Solely to transmit communications.



17.2 SMS, WhatsApp, and Messaging Platforms


Messages sent via Callvy may traverse third-party messaging platforms and carrier networks, including SMS and WhatsApp-based channels.

Such platforms impose their own policies, including:

  • Content restrictions
  • Opt-in requirements
  • Rate limits
  • Enforcement mechanisms

Callvy does not control carrier-level filtering, blocking, or message delivery failures.



17.3 TCPA and Communications Law Disclaimer


Callvy is not a legal compliance service.

Customers are solely responsible for:

  • Obtaining consent for calls and messages
  • Maintaining opt-in records
  • Honoring opt-out requests
  • Complying with TCPA, CAN-SPAM, CTIA, and similar laws

Callvy expressly disclaims liability for unlawful communications initiated by customers.



18. Calendar, Email, Spreadsheet, and Productivity Integrations


Callvy may integrate with third-party productivity tools to enable scheduling and automation.

These integrations are permission-based and limited to authorized scopes.

Callvy does not access:

  • Email inbox content unrelated to Callvy workflows
  • Calendar data beyond availability and event fields required for scheduling

Integration providers operate under their own privacy policies.



19. Third-Party Processors and Sub-Processors


Callvy uses third-party service providers to support:

  • Cloud hosting and storage
  • Telephony and messaging
  • AI processing
  • Monitoring and analytics
  • Customer support tooling

All processors are subject to contractual obligations regarding:

  • Confidentiality
  • Security safeguards
  • Purpose limitation

Callvy does not permit processors to sell or independently exploit customer data.



20. No Sale or Targeted Advertising Use


Callvy does not:

  • Sell personal data
  • Share data for cross-context behavioral advertising
  • Engage in consumer profiling for marketing purposes

Any analytics conducted are internal and aggregated.



21. Security Safeguards


Callvy implements administrative, technical, and organizational safeguards designed to protect data, including:

  • Encryption in transit and at rest (where appropriate)
  • Access controls and authentication
  • Audit logging
  • Network security monitoring
  • Least-privilege principles

No system is completely secure. Callvy does not guarantee absolute security.



DATA RETENTION, STORAGE LIMITATIONS, DELETION, AND LIFECYCLE CONTROLS


This section is intentionally exhaustive and structured to withstand regulatory, contractual, and litigation scrutiny. It clarifies how long data exists, why it exists, when it is deleted, and what cannot be immediately erased due to system or legal constraints.


22. Data Retention Philosophy and Legal Basis


Callvy retains information only for as long as reasonably necessary to:

  • Provide and operate the services
  • Fulfill contractual obligations
  • Comply with legal, regulatory, or accounting requirements
  • Resolve disputes and enforce agreements
  • Maintain system security, integrity, and auditability

Retention periods are determined based on:

  • The nature of the data
  • The purpose for which it was collected
  • Legal or regulatory requirements
  • Operational necessity
  • Customer configuration and instructions

Callvy does not retain data indefinitely by default.



23. Retention of Specific Data Categories


23.1 Account and Business Information


Business account data (such as business name, contact details, and account configuration) is retained:

  • For the duration of the customer’s active account
  • For a reasonable period following account termination to:
  • Finalize billing
  • Comply with tax and accounting laws
  • Resolve disputes
  • Maintain audit trails

After this period, such data is deleted or anonymized unless further retention is legally required.



23.2 Call Audio Recordings


Call recordings are retained according to:

  • Customer-defined retention settings (where available)
  • Default platform retention limits
  • Legal or compliance obligations imposed on the customer

Callvy does not mandate a universal retention period for call recordings, as legal requirements vary by jurisdiction and industry.

Customers are responsible for configuring retention periods consistent with applicable law.



23.3 Call Transcripts and AI-Derived Outputs


Transcripts, summaries, and AI-derived data are retained:

  • For as long as necessary to support customer workflows
  • To provide searchable records and analytics
  • For debugging and system reliability

These data may persist beyond the audio recording itself unless explicitly deleted.



23.4 Call Metadata and Logs


Call metadata and system logs are retained longer than call content due to their importance for:

  • Security investigations
  • Abuse detection
  • Performance monitoring
  • Billing verification
  • Legal compliance

Metadata may be retained even after call content is deleted.



23.5 Messaging Data (SMS, WhatsApp, Email)


Message content and delivery logs may be retained:

  • To confirm message delivery
  • To comply with carrier or platform requirements
  • To support customer records and audits

Retention periods vary depending on channel and provider.



23.6 Calendar and Scheduling Data


Calendar and appointment data is retained:

  • While the integration is active
  • For the duration necessary to support bookings and confirmations

When an integration is disconnected, Callvy ceases active access, though residual data may persist temporarily in backups or logs.



23.7 Backup and Disaster Recovery Data


Callvy maintains system backups to ensure continuity and resilience.

Backups may contain copies of customer data and are retained for limited periods under strict access controls.

Deleted data may persist in backups until those backups are cycled out in accordance with internal retention schedules.



24. Data Deletion and Customer-Controlled Erasure


24.1 Customer-Initiated Deletion


Customers may request deletion of certain data through:

  • Platform controls
  • Support requests
  • Account termination

Deletion requests are honored subject to:

  • Legal retention obligations
  • Security and fraud prevention needs
  • Technical feasibility


24.2 Limitations on Immediate Deletion


Certain data cannot be immediately deleted due to:

  • Ongoing calls or workflows
  • Active investigations
  • Backup system constraints
  • Legal preservation requirements

Callvy does not misrepresent deletion timelines and does not guarantee instantaneous erasure across all systems.



24.3 Anonymization and De-Identification


Where deletion is not immediately possible, Callvy may:

  • Anonymize data
  • De-identify personal identifiers
  • Restrict access

Such data is no longer associated with identifiable individuals.



25. Data Sharing and Disclosure


25.1 Sharing with Service Providers


Callvy shares data only with service providers acting as processors or sub-processors to:

  • Operate infrastructure
  • Deliver communications
  • Enable AI functionality
  • Monitor performance
  • Provide customer support

These providers are contractually restricted from using data for unrelated purposes.



25.2 Legal and Regulatory Disclosures


Callvy may disclose information when required to:

  • Comply with law enforcement requests
  • Respond to subpoenas or court orders
  • Protect rights, safety, or property
  • Investigate fraud or security incidents

Where legally permitted, Callvy will notify customers of such requests.



25.3 Business Transfers


In the event of a merger, acquisition, financing, or asset sale, information may be transferred as part of the transaction, subject to confidentiality obligations.



26. No Sale of Personal Data (Reaffirmation)


Callvy does not sell personal data, rent data, or trade data for commercial gain.

This includes voice data, transcripts, and contact information.



27. Data Localization and International Transfers


Callvy’s systems may process data in the United States and other jurisdictions.

By using Callvy, customers acknowledge that data may be transferred across borders where privacy laws may differ.

Callvy implements safeguards designed to protect data regardless of processing location.



28. Residual Risk Disclosure


Despite safeguards:

  • No system is immune from risk
  • Transmission of data over networks carries inherent risk
  • AI systems may behave unpredictably

Customers accept these residual risks as part of using the platform.



USER RIGHTS, STATE PRIVACY RIGHTS, AND REQUEST HANDLING


This section details customer and end-user rights related to their data, including access, deletion, correction, and specific state-level privacy rights. Although Callvy is a B2B platform, we provide robust procedures to protect individual privacy and comply with U.S. privacy laws where applicable.



29. User Rights Overview


Depending on your role—whether as a business customer or an end-user of our customer’s services—you may have rights regarding the information Callvy processes:

  1. Access: You can request information about the personal data we process about you.
  2. Correction / Rectification: You may request corrections to inaccurate or incomplete information.
  3. Deletion: You can request deletion of personal data subject to legal or contractual retention requirements.
  4. Opt-Out / Do-Not-Call / Do-Not-Message Requests: You may request limitations on communications where applicable, although TCPA, WhatsApp, and carrier rules apply.
  5. Data Portability: To the extent feasible, you may request copies of your information in a structured, machine-readable format.

Note: For B2B deployments, most personal data processed by Callvy is done on behalf of the customer, who remains the primary decision-maker regarding user requests.



30. California Consumer Privacy Rights (CCPA / CPRA)


For California residents:

  • Callvy does not sell personal data; the “Do Not Sell” right is therefore not applicable.
  • Customers may direct requests for personal data related to their interactions.
  • California residents may exercise rights such as:
  • Right to request categories of personal information collected
  • Right to request disclosure of sources, business purposes, and third-party recipients
  • Right to request deletion (subject to legal exceptions)
  • Right to opt out of certain sharing (where applicable)

Requests can be submitted via the contact information listed below. Verification procedures will be followed to protect the security of the data.



31. State Privacy Rights Beyond California


Callvy acknowledges emerging privacy rights in other U.S. states, including Virginia, Colorado, Connecticut, Utah, and others. Residents may have:

  • Right to access personal information
  • Right to correct inaccuracies
  • Right to request deletion
  • Right to obtain information about processing purposes and third-party sharing

Callvy will process requests consistent with applicable state law, while respecting its B2B role and contractual obligations to customers.



32. Limitations on Rights in a B2B Context


  • Callvy acts primarily as a data processor; the business customer is typically the data controller.
  • Many requests related to end-user information must be directed to the customer.
  • Callvy will assist customers in fulfilling requests to the extent technically feasible.
  • Certain data (e.g., backup copies, audit logs, regulatory retention records) may be exempt from immediate deletion or correction.


33. Operational Handling of Requests


  1. Submission: Requests may be submitted via email, support portal, or web forms.
  2. Verification: Callvy may request additional information to verify identity or authorization.
  3. Processing: Upon verification, requests are processed consistent with retention policies, legal obligations, and contractual agreements.
  4. Timeline: Callvy endeavors to respond within statutory timelines where applicable.
  5. Limitations: Requests that compromise system security, violate law, or conflict with contractual obligations may be partially restricted, with explanation provided.


34. Data Correction Procedures


  • Customers may correct account-related information directly through the dashboard.
  • AI transcripts and derived data may be updated or annotated upon request where feasible.
  • Historical recordings may not be editable, but notes or metadata can be appended to correct factual errors for recordkeeping purposes.


35. Communication Preferences and Opt-Outs


  • Callvy supports opt-out management for messages sent via SMS, WhatsApp, and email.
  • Customers retain primary control over opt-in and opt-out lists.
  • Callvy may enforce opt-outs at the platform level but does not guarantee carrier or platform-level enforcement beyond technical integration.


36. Children’s Privacy Rights


  • Callvy services are not intended for use by children under 13.
  • Callvy does not knowingly process data from children without parental consent.
  • Requests from parents to delete data from children will be honored if identified.


37. Contact Information for Privacy Requests


For any privacy-related inquiries, data access, correction, or deletion requests:

Email: admin@callvy.ai

All requests will be reviewed, verified, and processed in accordance with this Privacy Policy and applicable law.



SECURITY, INTERNATIONAL TRANSFERS, CHILDREN, AND POLICY CHANGES


This section is written to provide defensive legal positioning, cover technical and procedural safeguards, international processing considerations, and clarify policy change protocols.


38. Security Safeguards and Technical Measures


Callvy implements industry-standard administrative, technical, and physical safeguards to protect information processed through its platform, including but not limited to:

  • Encryption:
  • Data in transit is protected using TLS/HTTPS.
  • Stored audio, transcripts, and metadata are encrypted at rest where feasible.
  • Access Controls:
  • Role-based access for employees and contractors
  • Authentication controls, including multi-factor authentication for privileged accounts
  • Monitoring and Auditing:
  • Logging of system access and administrative activity
  • Security monitoring to detect unauthorized activity or anomalies
  • Data Minimization and Segregation:
  • Only data required to provide services is collected and processed
  • Data is logically or physically segregated between customers
  • Incident Response and Breach Preparedness:
  • Callvy maintains an incident response plan
  • Customers will be notified as required by law in the event of a breach affecting their data

Disclaimer: No system is completely secure. Callvy does not guarantee absolute prevention of unauthorized access, disclosure, or loss of data.



39. International Data Transfers


Callvy may transfer and process data in countries outside the United States. These transfers may include:

  • AI processing in cloud environments
  • Voice synthesis and transcription by international AI providers
  • System backups or distributed infrastructure

To protect such data, Callvy implements:

  • Contractual safeguards: Processor/sub-processor agreements
  • Technical measures: Encryption and secure transmission
  • Policy controls: Data access limited to authorized personnel only

By using Callvy, customers acknowledge that their data may be subject to cross-border processing, including in jurisdictions with different privacy and legal frameworks.



40. Children’s Data Exclusion (Expanded)


  • Callvy services are designed exclusively for B2B use.
  • Callvy does not knowingly collect personal information from children under 13.
  • Customers are prohibited from using Callvy to intentionally solicit or process data from minors without appropriate parental consent.
  • If Callvy becomes aware of inadvertently collected children’s data, it will take reasonable steps to delete such data promptly.

This policy is intended to comply with federal children’s privacy laws, including the Children’s Online Privacy Protection Act (COPPA), to the extent applicable.



41. Changes to This Privacy Policy


Callvy may update this Privacy Policy from time to time. Updates may be made for reasons including:

  • New or revised services or features
  • Legal, regulatory, or compliance changes
  • Security enhancements
  • Changes in third-party vendor relationships

Notification of Changes:

  • The effective date at the top of this document will be updated
  • Customers are encouraged to review the Privacy Policy periodically
  • Use of Callvy services after updates constitutes acceptance of the updated Policy

Callvy may provide additional notices via email or in-platform notifications where required.



42. Defensive Legal Disclaimers


  • AI and LLM Outputs: Callvy’s AI outputs (voice responses, text transcripts, summaries) are probabilistic and not guaranteed accurate. Customers are responsible for verifying outputs where necessary.
  • Third-Party Processors: Use of AI vendors, telecom carriers, SMS/WhatsApp platforms, and calendar/email integrations is subject to third-party policies. Callvy contracts with providers to limit data use but does not control third-party practices outside contractual scope.
  • TCPA / Messaging Compliance: Callvy provides tools but does not ensure legal compliance for calls or messages sent by customers. Customers assume full responsibility for compliance.
  • Residual Risk: While Callvy applies strong safeguards, residual risks remain, including misrouting, incorrect AI interpretation, unauthorized access, or infrastructure failure.


43. Contact Information for Questions or Concerns


For questions regarding this Privacy Policy, privacy practices, or data requests, contact:

Email: admin@callvy.ai


All inquiries are subject to verification procedures and will be processed in accordance with applicable law and contractual obligations.



FINAL SUMMARY, DISCLAIMERS, AND DENSE LEGAL PROTECTIONS


44. Explicit Third-Party AI and Voice Vendor Disclosure


Callvy may utilize third-party AI providers for:

  • Conversational voice synthesis
  • Large Language Model (LLM) responses
  • Automated transcription
  • Speech recognition

These providers, which may include commercial voice AI vendors similar to ElevenLabs, act as sub-processors under contract and are strictly prohibited from independent use of data.

Key Legal Notes:

  • Callvy may change or replace AI vendors at any time without individual customer notice.
  • Customers are responsible for configuring any AI-enabled recordings or outputs in compliance with applicable law.
  • Audio, call metadata, and transcripts processed by AI providers may temporarily reside outside the United States; safeguards (encryption, contractual restrictions) are in place to protect such data.
  • Callvy does not claim that AI-generated outputs are legally, medically, or professionally authoritative. All outputs are probabilistic and advisory in nature.


45. Telephony, Messaging, and Platform Integration Risks


Callvy integrates with multiple telecom and messaging rails, including but not limited to:

  • SMS and carrier-based messaging
  • WhatsApp Business API
  • Twilio-type telephony and messaging platforms
  • Email providers (Google, Outlook, SMTP)
  • Calendar and scheduling platforms

Legal Positioning:

  1. Carrier and platform compliance: Callvy enforces technical limitations where feasible but does not control carrier behavior. Message delivery, filtering, or blocking may occur outside Callvy’s control.
  2. TCPA and consent: Customers are solely responsible for lawful opt-in/opt-out compliance and must maintain appropriate records. Callvy is not responsible for regulatory violations by customers.
  3. Data processed by platforms: Callvy ensures only authorized data flows to platforms. Providers may process data as necessary to deliver services, but cannot use it independently for marketing or training without contractual permission.
  4. Residual risk disclaimer: Carrier outages, delays, or misrouting are inherent in telecommunication systems. Callvy implements safeguards but cannot guarantee perfect delivery.


46. Calendar, Scheduling, and Productivity Tool Integrations


Callvy integrates with calendar, CRM, and spreadsheet systems to:

  • Synchronize appointments and availability
  • Automate scheduling workflows
  • Provide AI-assisted booking confirmations

Protective Disclaimers:

  • Access is limited to scopes explicitly authorized by the customer.
  • Callvy does not access unrelated emails or calendar content.
  • Any integration failures or API errors are outside Callvy’s liability.
  • Customers must ensure their use of integrations complies with third-party terms and privacy obligations.


47. B2B Positioning and Limitation of Liability


Callvy’s Privacy Policy is drafted primarily for B2B engagements:

  • Customers are the data controllers for end-user information.
  • Callvy acts as a data processor / service provider, not as an independent controller for most processed data.
  • Callvy provides tools and infrastructure; customers retain responsibility for legal compliance, call recording disclosure, TCPA adherence, and messaging consent.
  • Liability for misuse of AI outputs, unlawful communications, or breach of third-party terms rests with the customer, except where Callvy fails to implement contractual safeguards or security measures.


48. Reinforcement of AI, LLM, and Automated Processing Disclaimer


  • All AI, LLM, and voice outputs are probabilistic and may be incorrect.
  • Callvy does not guarantee correctness, accuracy, or suitability of AI-generated content for any specific legal, medical, financial, or professional purpose.
  • Customers may rely on AI outputs at their discretion. Callvy encourages human verification for critical decisions.
  • AI vendors and sub-processors process data under contract; Callvy retains ultimate control and limits use to service provision.
  • Callvy may update AI models or switch providers without notice.


49. Residual and Indirect Risk Disclaimer


Despite comprehensive safeguards:

  • Data transmitted over networks may be intercepted.
  • AI outputs may misinterpret voice, context, or intent.
  • Third-party vendors may experience outages, delays, or misconfiguration.
  • Platform integrations may fail or result in incomplete data synchronization.
  • No security, AI, or telecommunication system is entirely risk-free.

By using Callvy, customers acknowledge these residual risks.



50. Changes, Updates, and Policy Acceptance


  • The Privacy Policy is updated periodically; the “Last Updated” date reflects the latest revision.
  • Customers are responsible for reviewing updates.
  • Continued use of Callvy after changes constitutes acceptance.
  • Callvy may provide additional notices via dashboard or email where required.


51. Contact Information (Reaffirmed)


For inquiries, requests, or complaints regarding data processing, privacy practices, or policy interpretation:

Email: admin@callvy.ai

All requests will be verified and processed consistent with contractual obligations and applicable law.



52. Final Legal Protective Summary


  • AI Disclosure: Probabilistic outputs, not professional advice.
  • Third-Party Vendor Disclosure: Sub-processors only process data for service delivery; Callvy controls contracts and limits use.
  • Telecom/Messaging Disclaimer: Customers responsible for TCPA, WhatsApp, SMS, and opt-in compliance.
  • B2B Controller-Processor Limitation: Customers control end-user data; Callvy provides tools under contract.
  • Data Retention & Deletion: Limited to operational necessity and legal requirements; backups may contain residual copies.
  • Security Safeguards: Industry-standard, but residual risks remain.
  • International Transfers: Data may be processed outside the U.S. with contractual safeguards.
  • Policy Acceptance: Continued platform use constitutes agreement.