Privacy Policy

1. Introduction

CallCover ("we", "us", or "our") operates an intelligent voice AI platform that handles calls, manages conversations, and grows businesses 24/7. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at callcover.com (the "Service").

We are committed to protecting your privacy and ensuring transparency in how we handle your personal information. This policy applies to all users of CallCover, including both individuals and businesses.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

Full name
Email address
Password (encrypted and securely stored)
Mobile phone number

Business Profile Information:

Business name
Website URL
Business address (including street, city, region, and postcode)
Business description and services offered
Brand voice and communication style preferences
Frequently asked questions (FAQs)
Operating hours and days
Special instructions for your AI assistant

Payment Information:

We use Stripe to process payments. Stripe collects and processes your payment card information, billing address, and related payment data
We store your Stripe customer ID, subscription status, and plan information
We do not directly store your complete credit card details

2.2 Information Collected Automatically

Call Data:

Phone numbers involved in calls
Call duration and timestamps (start and end times)
Call direction (inbound or outbound)
Call status (completed, failed, busy, no-answer)
Call transcripts (text version of conversations)
Call summaries and key points
Sentiment analysis (positive, neutral, or negative)
Customer names (when identified during calls)
Reason for call termination

Call Recordings:

Audio recordings of calls handled by your CallCover assistant
Recordings are stored in Supabase Storage
Recording duration and file paths
Original Vapi.ai recording URLs

Technical and Usage Data:

Session information stored in secure HTTP-only cookies (24-hour expiration)
IP addresses associated with account activities
Activity logs of user actions (sign-ins, settings changes, etc.)
Browser type and device information (via Google Analytics)
Page views and navigation patterns (via Google Analytics)

AI Assistant Configuration:

Vapi.ai assistant ID and phone number ID
Twilio phone number and SID (Session ID)
Assistant personality and voice settings
System prompts generated from your business profile

2.3 Information from Third Parties

We receive information from our service providers:

Twilio: Phone number availability, call statistics, and telecommunications data
Vapi.ai: Voice AI processing results, call handling data
OpenAI: AI-generated content for business intelligence features
Stripe: Payment processing status and subscription information

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

Creating and managing your CallCover account
Provisioning and configuring your AI voice assistant
Managing your Twilio phone number
Processing and storing call recordings
Generating call transcripts and summaries
Providing sentiment analysis on calls
Enabling your AI assistant to respond appropriately to callers

3.2 Service Improvement

Analysing usage patterns to improve our Service
Developing new features and functionality
Conducting business intelligence analysis
Optimising assistant performance and accuracy

3.3 Communication

Sending transactional emails (account creation, password resets, subscription changes)
Providing customer support
Sending service updates and important notices
SMS notifications (when enabled) to your specified mobile number

3.4 Security and Compliance

Detecting and preventing fraud or security threats
Enforcing our Terms of Service
Complying with legal obligations
Maintaining activity logs for security audits
Ensuring team-based data isolation

3.5 Payment Processing

Processing subscription payments via Stripe
Managing billing and invoices
Handling subscription renewals and cancellations

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

Supabase (Database and Storage):

Stores all user data, business profiles, call logs, and recordings
Privacy Policy: https://supabase.com/privacy

Stripe (Payment Processing):

Processes all subscription payments
Receives billing and payment information
Privacy Policy: https://stripe.com/privacy

Twilio (Telecommunications):

Provides phone numbers and call routing
Processes call statistics
Privacy Policy: https://www.twilio.com/legal/privacy

Vapi.ai (Voice AI Platform):

Powers the AI voice assistant functionality
Processes call audio and generates transcripts

OpenAI (AI Processing):

Powers business intelligence features
Processes business information to generate assistant configurations
Privacy Policy: https://openai.com/privacy

Google Analytics:

Tracks website usage and analytics
Measurement ID: G-BD8R02R49R
Privacy Policy: https://policies.google.com/privacy

Vercel (Hosting and Analytics):

Hosts the CallCover application
Provides performance analytics
Privacy Policy: https://vercel.com/legal/privacy-policy

4.2 Team Members

If you are part of a team account, other team members with appropriate permissions may access:

Business profile information
Call logs and recordings
Activity logs
Team settings and configuration

Team owners have full access to all team data. We implement role-based access control to ensure proper data segregation.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

Valid legal processes (court orders, subpoenas)
Government or regulatory requests
Protection of our rights, property, or safety
Prevention of fraud or security threats

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email before your information becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Measures

All data transmitted via HTTPS/TLS encryption
Passwords encrypted using industry-standard hashing (bcrypt)
JWT tokens for authentication stored in secure HTTP-only cookies
Database credentials and API keys stored as encrypted environment variables
Team-based data isolation with strict access controls
Row-level security policies in database

5.2 Operational Measures

Regular security audits and monitoring
Activity logging for all user actions
Restricted access to production systems
Secure development practices
Regular security updates and patches

5.3 Third-Party Security

All our service providers maintain SOC 2 Type II or equivalent certifications and follow industry best practices for data security.

6. Data Retention and Deletion

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide the Service.

Call Recordings: Stored indefinitely until you delete your account or request specific deletions.
Activity Logs: Retained for security and audit purposes for the duration of your account.
Business Profile: Maintained throughout your subscription.

6.2 Account Deletion

When you delete your account:

Immediate Actions:

Your account is soft-deleted (marked as deleted with timestamp)
Session cookies are immediately invalidated
Access to the Service is terminated

Automated Resource Cleanup:

Stripe subscription is cancelled immediately
Twilio phone number is released
Vapi.ai assistant and phone number are deleted
Team membership is removed

Data Retention:

Call recordings stored in Supabase Storage are deleted
Activity logs are retained for 90 days for audit purposes
Soft-deleted account data is retained for 90 days to allow recovery
After 90 days, all data is permanently deleted

Third-Party Data:

Stripe retains payment history as required by financial regulations
Other service providers retain data according to their own policies

6.3 Subscription Cancellation

If you cancel your subscription without deleting your account:

Your Vapi.ai phone number is deleted
Your Vapi.ai assistant is deleted
Your Twilio phone number is released
Account data and call logs are retained
You retain access to historical data

6.4 Data Export

You may request an export of your data at any time by contacting support@callcover.com. We will provide your data in a structured, commonly used format within 30 days.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 General Rights

Access: Request access to your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your information (subject to retention requirements)
Data Portability: Request a copy of your data in a portable format
Object: Object to certain processing of your information
Restrict: Request restriction of processing in certain circumstances

7.2 How to Exercise Your Rights

To exercise these rights, please contact us at privacy@callcover.com or through your account settings.

7.3 Response Time

We will respond to your request within 30 days. If we need additional time, we will notify you of the reason for the delay.

8. Cookies and Tracking Technologies

8.1 Essential Cookies

We use HTTP-only cookies to maintain your session:

Cookie name: session
Duration: 24 hours
Purpose: Authentication and session management
Renewal: Automatically refreshed if less than 6 hours remain

8.2 Analytics Cookies

We use Google Analytics to understand how users interact with our Service:

Tracks page views, user behaviour, and navigation patterns
Uses cookies to identify unique users
You can opt out using browser settings or Google Analytics Opt-out Browser Add-on

8.3 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies will prevent you from using the Service.

9. International Data Transfers

CallCover is based in New Zealand. If you access our Service from outside New Zealand, please note:

Your information may be transferred to and stored in New Zealand
Your information may be processed by our service providers in various locations
We ensure appropriate safeguards are in place for international transfers
By using our Service, you consent to the transfer of your information

Our service providers operate in the following regions:

Stripe: Global infrastructure with data residency options
Twilio: Global infrastructure
Vercel: Global CDN with data residency options

10. Children's Privacy

CallCover is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child, please contact us at privacy@callcover.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

11.1 Information We Collect

Please refer to Section 2 of this Privacy Policy.

11.2 Use of Personal Information

Please refer to Section 3 of this Privacy Policy.

11.3 Disclosure of Personal Information

Please refer to Section 4 of this Privacy Policy.

11.4 Your Rights

Right to know what personal information we collect, use, and disclose
Right to delete personal information
Right to opt-out of the "sale" of personal information (we do not sell personal information)
Right to non-discrimination for exercising your rights

11.5 Exercising Your Rights

Contact us at privacy@callcover.com. We will verify your identity before processing your request.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation:

12.1 Legal Basis for Processing

We process your information based on:

Contract: To provide the Service you have subscribed to
Legitimate Interests: To improve our Service and prevent fraud
Consent: When you provide optional information or opt into marketing
Legal Obligations: To comply with applicable laws

12.2 Your GDPR Rights

Right to access your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing
Right to withdraw consent
Right to lodge a complaint with a supervisory authority

12.3 Data Controller

CallCover acts as the data controller for your personal information.

12.4 Data Protection Officer

For GDPR-related enquiries, contact our Data Protection Officer at dpo@callcover.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

Our data practices
Legal or regulatory requirements
Service features or functionality

13.1 Notification of Changes

We will notify you of material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification (for significant changes)

13.2 Your Continued Use

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party sites you visit.

15. Business Intelligence Features

We use OpenAI's GPT-4 model to power business intelligence features that help populate your business profile. When you use these features:

Your business information is sent to OpenAI for processing
OpenAI processes this information according to their privacy policy
Generated content is returned to CallCover and stored in your business profile
You can review and edit all AI-generated content before saving

16. Call Recording Consent

16.1 New Zealand Requirements

In New Zealand, call recording is legal if at least one party to the conversation consents. By using CallCover:

You (the business) consent to recording calls to your CallCover number
You are responsible for informing callers that calls may be recorded
Your AI assistant should include a recording notification in its greeting

16.2 Your Responsibilities

You are responsible for:

Ensuring compliance with local call recording laws
Providing appropriate notice to callers
Obtaining necessary consents as required by your jurisdiction
Configuring your AI assistant to provide recording notifications

17. Data Breach Notification

In the event of a data breach that affects your personal information:

We will notify affected users within 72 hours of becoming aware
Notification will include the nature of the breach and steps being taken
We will notify relevant authorities as required by law
We will provide guidance on protective measures you can take

18. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@callcover.com

Support: support@callcover.com

Data Protection Officer: dpo@callcover.com (for GDPR enquiries)

Postal Address:
CallCover
New Zealand

19. Consent

By using CallCover, you consent to:

The collection and use of information as described in this Privacy Policy
The transfer of your information to our service providers
The use of cookies and tracking technologies
Call recording and transcription services

You can withdraw your consent at any time by:

Adjusting your account settings
Contacting us at privacy@callcover.com
Deleting your account

Note that withdrawing consent may limit or prevent your use of certain Service features.

Table of Contents