Privacy Statement

Beta notice

Call +AI is in closed beta. Features, data flows, and retention periods may change as we iterate.

Our engineers occasionally review system logs — and, where strictly necessary, redacted call metadata — to debug issues. We may contact beta participants for feedback. We don't sell or share your data outside the cases listed below.

1.Who we are

Call +AI is a hosted SIP dialer and AI agent platform operated by Call Plus AI. If you have privacy questions or requests, email privacy@callplusai.com.

2.What we collect

Account & device

Account info — your email, name (if provided), and the API keys we issue to your devices.
Device info — model, OS version, app version, and limited diagnostics used to route notifications and debug issues.

Calling & telephony

SIP credentials — the SIP username, password, and server address you configure. Passwords are encrypted at rest with Fernet keys that are not exposed through the API.
Call metadata — direction, timestamps, duration, the originating and destination phone numbers, SIP account used, screening result, and whether an AI agent handled the call.
Call recordings — when recording is enabled (by you or by a rule), we capture audio in AAC / WAV / Opus / OGG and store it on our servers. On self-hosted deployments, recordings stay on your infrastructure.
Transcripts — when an AI agent handles a call, we store the generated transcript alongside the call record.
Screening rules — the phone numbers and modes (ALLOW / BLOCK / SILENCE) you've configured.

Contacts & integrations

Contact matches — names matched from your device contacts. We don't copy your address book; we store only the match result for calls you place or receive.
Webhook configuration — the endpoint URLs you configure and the delivery-attempt logs (status code, timestamp, retry count).
AI agent configuration — per-direction agent IDs and provider API keys you supply. These are stored encrypted and used only to route calls to your chosen provider.

3.How we use it

Operate the service — routing calls, recording, transcription, delivering webhooks.
Secure the service — rate limiting, abuse prevention, incident investigation.
Improve the product during beta — debugging, quality measurement, and feature prioritization based on aggregated usage patterns.
Communicate with you — onboarding, product updates, feedback requests, and security notices.

We do not use your call recordings or transcripts to train foundation models.

4.Third parties we share data with

To deliver the service during beta we share limited data with:

AI agent providers you enable. During closed beta that means ElevenLabs; support for your own stack (via the "Use Your AI" provider) and Vapi is rolling out during beta. While an agent is active on a call, the provider receives the audio stream and any context you've configured. Each provider operates under its own privacy terms — we recommend reviewing them before enabling.
Cloud infrastructure used for hosting, storage, and media routing, in the region you select.
Your webhook endpoints. You decide what those endpoints do with the data we deliver; we only record delivery outcomes.

We don't sell your data, we don't use it for advertising, and we don't share it outside the cases above.

5.Retention

Default retention during beta:

Call metadata & transcripts — up to 12 months.
Call recordings — 90 days by default, configurable per SIP account or screening rule, including "never record".
Webhook delivery logs — 30 days.
Account information — for the duration of your beta participation, and up to 30 days after termination unless you ask us to delete it sooner.

On self-hosted deployments, retention is whatever you configure — we hold nothing on our side.

6.Your rights

You can:

Access, correct, or export your data.
Delete your account and the data associated with it.
Revoke API keys and disable recording at any time from Settings.
Withdraw consent to beta communications.

Email privacy@callplusai.com with a request and we'll respond within 30 days. EU / UK residents have additional rights under GDPR; California residents under CCPA — we'll honor those on request.

7.Security

Passwords and provider API keys encrypted at rest using Fernet.
TLS on all transport.
Rate-limited APIs with per-device authentication.
Access to production data limited to named engineers with MFA and audit logging.

No system is perfectly secure. If you believe you've found a vulnerability, email security@callplusai.com — we respond to security reports before anything else.

8.Calls, consent, and local law

You are responsible for complying with call-recording and AI-agent-disclosure laws in your jurisdiction. Call +AI gives you the controls — per-rule recording, screening, disclosure prompts — but the legal duty to obtain consent from call participants rests with you.

9.Children

Call +AI is not intended for anyone under 16. We don't knowingly collect data from children. If you believe a child has given us information, email privacy@callplusai.com and we'll delete it.

10.Changes to this statement

We'll post material changes at the top of this page and notify beta participants by email before they take effect. Continued use of the beta after an update constitutes acceptance.

11.Contact

Questions, requests, or complaints: privacy@callplusai.com. Security issues: security@callplusai.com.