Legal
Privacy Policy
Effective May 19, 2026 · Receptionist On Call, Inc.
Receptionist On Call, Inc. (“Company,” “we”) respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, and the rights you have under the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA), and other applicable laws. It applies to receptionistoncall.com and to the AI voice receptionist service (collectively, the “Service”).
1. Roles
When you visit our website or sign up for an account, we act as a controllerof your information. When our customers use the Service to make or receive calls from end users, the customer is the controller of that call data, and we act as a processoron the customer’s behalf, as further described in our Data Processing Addendum.
2. Personal Information We Collect
2.1 Account information.
Name, business email, password hash, organization name, billing address, payment-token identifiers (Stripe), and authentication metadata.
2.2 Call data.
When the Service places or receives a call, we process call audio, generated transcripts, caller and callee phone numbers, call duration, call status, and any structured outputs produced by the AI agent. Audio is processed in memory and only transient buffers are retained for the minimum time required for transcription. By default we store transcripts for ninety (90) days and audio recordings (when recording is enabled) for thirty (30) days, unless the customer configures different retention or a legal hold applies.
2.3 Telemetry.
Server logs, API request metadata, IP addresses, user-agent strings, and product usage events (e.g., agent created, campaign started) used for security, debugging, and product analytics.
2.4 Cookies.
Session cookies and a small number of preference cookies. See our Cookie Policy for the full inventory and choices.
3. How We Use Personal Information
- To provide, secure, and improve the Service;
- To process payments and prevent fraud;
- To respond to support requests and customer inquiries;
- To send service announcements and, with your consent, product updates;
- To meet legal, regulatory, and contractual obligations.
We do not sell personal information, and we do not use Customer call audio or transcripts to train general-purpose AI models. Aggregated, de-identified analytics may be used to operate and improve the Service.
4. Legal Bases (GDPR/UK GDPR)
We rely on the following legal bases: (a) performance of a contract, (b) our legitimate interests in operating and securing the Service, (c) compliance with legal obligations, and (d) consent where required (for example, optional marketing communications and non-essential cookies). You may withdraw consent at any time without affecting prior lawful processing.
5. Sub-processors
We rely on the following sub-processors to deliver the Service. The full list, including location and purpose, is published in our Data Processing Addendum:
- Twilio, Inc. — telephony, call signaling, recording, status callbacks.
- Deepgram, Inc. — real-time speech-to-text.
- ElevenLabs, Inc. — neural text-to-speech.
- Anthropic, PBC — large-language-model responses.
- Stripe, Inc. — payment processing and tax calculation.
- Google LLC — optional Google Calendar integration.
- Cloud infrastructure providers used to host our database and application servers.
6. International Transfers
Personal information may be transferred to and processed in the United States and other countries that may not provide the same protections as your jurisdiction. Where required, we use the European Commission’s Standard Contractual Clauses (and the UK Addendum or the Swiss equivalent) to safeguard such transfers, and we implement supplementary measures such as encryption in transit and at rest.
7. Security
We use TLS 1.2+ for data in transit, AES-256 encryption for data at rest, scoped access controls, audit logging, and periodic vulnerability scans. No system is completely secure; in the event of a personal data breach affecting your account, we will notify you and, if required, the appropriate supervisory authority without undue delay and in accordance with applicable law.
8. Retention
We retain personal information only as long as needed for the purposes described above:
- Account records: while the account is active, plus up to twenty-four (24) months thereafter for tax, audit, and dispute purposes.
- Call transcripts: ninety (90) days by default, configurable by the Customer down to the day of the call.
- Call audio recordings: thirty (30) days by default; recording is off unless enabled by the Customer.
- Billing records: seven (7) years where required by tax law.
- Server logs: thirty (30) days unless required for an ongoing investigation.
9. Your Rights
9.1 GDPR / UK GDPR rights.
Subject to applicable law, you may request access, correction, deletion, restriction, portability, and objection to processing. You may also lodge a complaint with the supervisory authority in your country of residence.
9.2 California rights.
California residents may request the categories and specific pieces of personal information we have collected, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share information. You may request deletion and may opt out of any “sale” or “sharing” of personal information. We do not sell personal information.
9.3 Other U.S. state rights.
Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws have analogous rights of access, correction, deletion, and opt-out of targeted advertising and profiling.
To exercise these rights, contact privacy@receptionistoncall.com. If you are an end user whose call was handled through a customer’s account, please contact that customer first; we will assist them as a processor.
10. Call Recording and AI Disclosure
Some jurisdictions require all parties on a call to consent to recording or to be informed that they are interacting with an AI agent. Customers are responsible for configuring agent scripts and consent prompts to comply with the laws of the locations they call from and to. We provide configuration options to capture this consent.
11. Children
The Service is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If we learn that we have done so, we will delete the information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be announced by email or through the dashboard at least fifteen (15) days before they take effect. The “Effective” date at the top of this page indicates when the latest changes were posted.
13. Contact
Privacy questions and requests can be sent to privacy@receptionistoncall.com. EU residents may also reach our representative at eu-rep@receptionistoncall.com.