Privacy Policy

1. Information We Collect

1.1 Personal Information

When you create an account, subscribe to a plan, or interact with our Service, we may collect the following personal information:

• Account Information: Your full name, email address, phone number, company name, job title, and billing address.
• Payment Information: Credit card numbers, billing details, and transaction history. Payment processing is handled by third-party payment processors; we do not store full credit card numbers on our servers.
• Identity Verification: Government-issued identification or business registration documents when required for regulatory compliance or account verification.
• Profile Information: Profile photos, preferences, and any other information you voluntarily provide in your account settings.

1.2 Usage Data

We automatically collect certain information when you access and use our Service, including:

• Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Log Data: Pages visited, features used, time spent on pages, click patterns, search queries, and referral URLs.
• Service Usage: Call volumes, message counts, bot interaction statistics, API usage metrics, and feature adoption data.
• Performance Data: Error logs, response times, and system performance metrics to maintain and improve our Service.

1.3 Communication Data

As an AI-powered communication platform, we process various types of communication data on your behalf:

• Voice Data: Call recordings, voice transcriptions, and audio files processed through our AI Voice Bot. Voice data is transcribed using speech-to-text technology and may be temporarily stored for processing purposes.
• Message Data: Text messages, emails, chat conversations, and other communications sent or received through our omnichannel platform, including WhatsApp, SMS, email, Facebook Messenger, Instagram, and web chat channels.
• AI Interaction Data: Prompts, responses, and conversation logs generated by our AI agents during automated interactions with your customers.
• Contact Data: Customer contact information, CRM records, and interaction histories that you upload or create within our platform.

1.4 Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activity. This includes:

• Essential Cookies: Required for the Service to function properly, including session management and authentication.
• Analytics Cookies: Help us understand how visitors interact with our website and Service, enabling us to improve user experience.
• Preference Cookies: Remember your settings, language preferences, and display options.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain our AI voice bot, omnichannel messaging, CRM integration, and related features.
• Account Management: To create and manage your account, process subscriptions, handle billing, and provide customer support.
• AI Processing: To power our AI agents, train and improve our machine learning models, generate conversation responses, and perform speech-to-text and text-to-speech conversions.
• Communication: To send you service-related notifications, billing reminders, security alerts, product updates, and promotional materials (with your consent where required).
• Analytics and Improvement: To analyze usage patterns, monitor Service performance, identify trends, and develop new features and improvements.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.
• Personalization: To tailor the Service experience based on your preferences, usage history, and business needs.

3. Data Sharing & Third Parties

We do not sell your personal information to third parties. We may share your information with the following categories of recipients:

3.1 Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Twilio: Provides telephony infrastructure for voice calls, SMS messaging, and phone number provisioning. Twilio processes call data and message content as necessary to deliver communication services.
• Azure OpenAI: Powers our AI language models for natural language processing, conversation generation, and intelligent response capabilities. Conversation data is processed through Azure's secure infrastructure.
• Payment Processors: Third-party payment providers (such as Stripe) handle payment transactions securely. These processors are PCI-DSS compliant and only receive the payment information necessary to process your transactions.
• Cloud Infrastructure: We use Amazon Web Services (AWS) for hosting, data storage, and computing resources. All data stored on AWS is protected by industry-standard encryption and security measures.
• Analytics Providers: We use analytics services to understand usage patterns and improve our Service. These providers receive aggregated or anonymized data where possible.

3.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as when you authorize a third-party integration or connect an external service to your MiCalls account.

4. Data Security

We take the security of your personal information seriously and implement a comprehensive set of technical and organizational measures to protect it:

• Encryption: All data transmitted between your devices and our servers is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
• Access Controls: We enforce strict role-based access controls, ensuring that only authorized personnel can access personal data, and only to the extent necessary for their job functions.
• Infrastructure Security: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance, regular security audits, intrusion detection systems, and 24/7 monitoring.
• Authentication: We support multi-factor authentication (MFA) for account access and enforce strong password requirements.
• Incident Response: We maintain a documented incident response plan and will notify affected users and relevant authorities of any data breach in accordance with applicable laws.
• Employee Training: All employees undergo regular security awareness training and are bound by confidentiality obligations.

While we strive to use commercially acceptable means to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention guidelines include:

• Account Data: Retained for the duration of your active account and for up to 30 days after account deletion to allow for account recovery.
• Communication Records: Call recordings, transcriptions, and message logs are retained according to your subscription plan settings. You can configure retention periods within your account or request deletion at any time.
• Billing Records: Transaction records and invoices are retained for a minimum of 7 years to comply with tax and financial reporting obligations.
• Usage Analytics: Aggregated and anonymized usage data may be retained indefinitely for statistical analysis and product improvement purposes.
• AI Training Data: De-identified and aggregated data used to improve our AI models is retained in accordance with our model improvement policies. You may opt out of having your data used for model improvement through your account settings.
• Legal Hold: Information subject to a legal hold, litigation, or regulatory investigation will be retained until the matter is resolved.

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods.

6. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

6.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You can request the deletion of your personal data, subject to certain legal exceptions.
• Right to Restrict Processing: You can request that we limit the processing of your personal data in certain circumstances.
• Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data for direct marketing purposes or where processing is based on legitimate interests.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@micalls.com. We will respond to your request within 30 days.

6.2 California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You can request that we delete the personal information we have collected from you, subject to certain legal exceptions.
• Right to Opt-Out: You have the right to opt out of the sale of your personal information. MiCalls does not sell personal information to third parties.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing or quality of service for exercising your rights.

To submit a CCPA request, please contact us at support@micalls.com or call us at +1 (219) 277-3212. We will verify your identity before processing your request and respond within 45 days.

7. Cookies & Tracking

Our use of cookies and similar tracking technologies is governed by the following principles:

7.1 Types of Cookies We Use

• Strictly Necessary Cookies: These cookies are essential for the website and Service to function. They enable core features such as authentication, session management, and security. These cookies cannot be disabled.
• Performance and Analytics Cookies: These cookies collect information about how visitors use our website, such as which pages are visited most often and whether users encounter error messages. This data helps us optimize the user experience.
• Functional Cookies: These cookies allow our website to remember choices you have made, such as your language preference or region, and provide enhanced, personalized features.
• Targeting and Advertising Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They also help us measure the effectiveness of advertising campaigns.

7.2 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies. However, if you block essential cookies, some parts of our Service may not function properly. You can also opt out of certain third-party cookies through industry opt-out mechanisms such as the Digital Advertising Alliance's opt-out page.

7.3 Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. At this time, we do not respond to DNT signals, as there is no widely accepted standard for how to interpret and respond to these signals. We will update this policy if a uniform standard is established.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information from our records as quickly as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@micalls.com so we can take appropriate action.

9. International Data Transfers

MiCalls operates globally, and your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our primary servers and offices are located.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to ensure your data is protected, including:

• Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses as the legal mechanism for cross-border data transfers.
• Data Processing Agreements: We enter into data processing agreements with all third-party service providers that process personal data on our behalf, ensuring they maintain adequate security and privacy standards.
• Adequacy Decisions: Where applicable, we rely on adequacy decisions issued by the European Commission for data transfers to certain countries.

By using our Service, you acknowledge that your information may be transferred internationally. We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will:

• Post the updated policy on this page with a revised "Last Updated" date.
• Send a notification to your registered email address for material changes that affect how we process your personal information.
• Display a prominent notice within the Service or on our website when significant changes are made.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to reach out to us: