Privacy Policy

Account Information

When you register, we collect your full name, email address, company name, industry type, and selected country. We require phone number verification via SMS one-time passcode (OTP) before registration is completed. We store a record of the phone number used for verification, the verification status, and the IP address of the request. If you enable two-factor authentication (TOTP), we store an encrypted TOTP secret. We also store your onboarding progress, notification preferences, and AI agent configuration settings.

Voice Call Data

When calls are processed through our platform, we collect caller phone numbers, recipient phone numbers, call direction, call duration, and call outcome. We generate and store AI-produced call summaries, action items, and text transcripts of both the caller and AI agent speech. Call recordings are hosted by our telephony provider (Twilio) and referenced by identifier. We do not store raw audio files on our own servers.

Messaging Data

For WhatsApp and SMS conversations routed through SpeakHalo, we store message content, sender and recipient phone numbers, message direction, delivery and read status, and timestamps. For WhatsApp voice notes, we store a transcription of the audio content. Media files shared via WhatsApp (images, documents) are downloaded and stored temporarily for processing.

Customer Data

You may store your customer information in our platform, including customer name, phone number, email address, physical address, service history, appointment records, lead status, notes, and total spend. This data is entered by you or captured during AI-handled calls with your customer's knowledge.

Image and Media Data

When you or your customers share photos through WhatsApp for equipment analysis, we process those images through our AI vision service. We store the image, any extracted text (such as model or serial numbers), the AI analysis result, and a diagnosis summary. Images are subject to file type validation, size limits (10 MB maximum), and security scanning.

Payment Information

Payment processing is handled entirely by Paddle, our Merchant of Record. We do not collect, store, or have access to your credit card numbers, billing addresses, or bank account details. We only store a Paddle subscription identifier and customer identifier to link your account to your subscription.

Technical and Device Data

When you sign in, we collect your IP address, device type, browser name, and operating system for security purposes (stored with your refresh token). We log IP addresses in audit records, cookie consent records, phone verification attempts, and API key usage. We do not use third-party analytics services, tracking pixels, or advertising SDKs.

Team Data

If you use team features, we store team member email addresses, roles, join dates, and invite records. Team invitations contain a secure token that expires after 7 days.

Voice Calls (Real-Time)

During a live voice call, the caller's audio is streamed in real-time to OpenAI's Realtime API via a secure WebSocket connection for AI processing. The system prompt sent alongside the audio includes your business name, industry, time-of-day greeting, industry-specific expertise, and relevant knowledge base articles. If caller recognition is enabled and the caller is recognized, their name, past service history, and appointment information may be included in the prompt context. We store the text transcript of both sides of the conversation, but we do not store raw audio files on our servers. OpenAI does not use API data to train its models, subject to OpenAI's API data usage policies.

Image Analysis

When a customer sends a photo through WhatsApp for equipment diagnosis, the image is sent to OpenAI's GPT-4o Vision API along with an industry-specific analysis prompt. The AI returns a diagnostic assessment. Customer names, phone numbers, or addresses are not sent with the image request. OpenAI does not use API data to train its models.

Text Chat and Messaging AI

WhatsApp and SMS conversations that use AI assistance send message text to Google's Gemini API for generating responses. Our website chat assistant also uses Google's Gemini API. Voice notes received via WhatsApp are sent to Google's Speech-to-Text API for transcription. In all cases, data is processed in transit and is not stored beyond what is necessary to complete the request, subject to each provider's API data usage policies.

OpenAI

Voice call audio streams (via the Realtime API for AI voice conversations) and images for analysis (via the GPT-4o Vision API for photo estimates). OpenAI does not use API data to train its models.

Google (Gemini AI, Speech-to-Text, Calendar)

Text prompts for AI-assisted messaging and our website chat assistant (Gemini API), voice note transcription (Speech-to-Text API), and calendar event details (Google Calendar API).

Twilio

Phone numbers, voice call audio, SMS message content, WhatsApp message content, media files, call recordings, delivery statuses.

Paddle (Merchant of Record)

Your payment card details (entered directly on their checkout page), billing address, subscription details. We never see or store your card number. Paddle acts as the Merchant of Record and is responsible for all payment processing, tax collection, and billing compliance.

SendGrid (Twilio)

Recipient email addresses and email content for transactional emails (appointment reminders, password resets, team invitations, usage alerts).

DigitalOcean

Our backend application (FastAPI), frontend application (Next.js), PostgreSQL database, and Redis cache are hosted on DigitalOcean infrastructure. DigitalOcean processes and stores all application data on our behalf.

Cloudflare

Our website uses Cloudflare for CDN, DDoS protection, and DNS security. Cloudflare processes IP addresses, browser information, and request metadata for security filtering and performance optimization.