Privacy Policy

1. Overview & Scope

This Privacy Policy describes how CallBolt LLC ("CallBolt," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information when you use our website at callbolt.ai, our Voice AI platform, dashboards, APIs, telephony services, and all related services (collectively, the "Services").

This Policy applies to all users of the Services, including Clients (businesses who subscribe), Trial Users (individuals testing the platform), and End-Customers (customers of our Clients who interact with CallBolt-powered voice agents). By using the Services, you consent to the practices described in this Policy. Please also review our Terms & Conditions.

2. Who We Are

CallBolt LLC
A Texas Limited Liability Company
Dallas, Texas, United States
Email: privacy@callbolt.ai

CallBolt provides a Voice AI platform that enables businesses to deploy intelligent, human-like voice agents for customer interactions. We operate as both a Data Controller (for our direct users) and a Data Processor (for End-Customer data processed on behalf of our Clients).

3. Types of Users

We interact with three distinct categories of users, and our data practices differ for each:

4. Data We Collect

4.1 Data from Clients & Trial Users

• Account Information: Name, email address, phone number, company name, job title, billing address
• Authentication Data: Password (stored hashed), login timestamps, session tokens
• Billing Data: Payment method type, last four digits of card (we do not store full payment card numbers — see Section 7)
• Usage Data: Features used, pages visited, API calls made, call volumes, configuration settings
• Support Data: Communications with our support team, feedback, feature requests
• Device & Technical Data: IP address, browser type, operating system, device identifiers, referral URLs

4.2 Data from End-Customers (Processed on Behalf of Clients)

• Call Data: Phone number (for telephony calls), call duration, call timestamps
• Voice Recordings: Audio recordings of voice conversations (when enabled by the Client)
• Transcripts: Text transcriptions of voice conversations
• Verification Data: Name, email, phone number — only when voluntarily provided by the End-Customer during a call and the Client's voice agent is configured to collect it
• Sentiment & Analytics: AI-derived sentiment scores, conversation topics, resolution status
• Tool Interaction Data: Records of tool calls made during conversations (e.g., CRM lookups, ticket creation) — logged for the Client's operational visibility

Important: We do not independently collect End-Customer data. All End-Customer data is collected and processed solely at the direction and on behalf of the Client who deployed the voice agent. The Client is the Data Controller for their End-Customer data.

4.3 Data We Do NOT Collect

• Social Security numbers
• Government-issued ID numbers
• Financial account numbers or full payment card numbers through AI interactions
• Health or medical information (unless the Client specifically configures a healthcare use case, in which case a separate BAA is required)
• Biometric data for identification purposes (voice recordings are not processed as voiceprints)
• Data from minors under 18

5. How We Collect Data

• Directly from you: When you create an account, configure voice agents, contact support, or enter information into the Platform
• Automatically: Through cookies, server logs, and analytics tools when you visit our website or use the Platform
• From voice interactions: Audio and transcripts are captured during voice agent conversations conducted through the Platform
• From third-party integrations: When Clients connect CRM, ticketing, or other tools to the Platform, data may flow between those systems and CallBolt as configured by the Client
• From telephony providers: Call metadata (phone numbers, call duration) from third-party telephony integrations

6. How We Use Your Data

6.1 For Clients & Trial Users

• Service Delivery: To provide, maintain, and improve the Platform and Services
• Account Management: To authenticate your identity, manage subscriptions, and process billing
• Communications: To send service-related notices (security alerts, billing, feature updates, maintenance)
• Re-engagement: To contact you about new features, offers, or services that may be relevant to your use case. You may opt out of marketing communications at any time
• Analytics: To understand how the Platform is used and to improve the user experience
• Legal & Compliance: To comply with applicable laws, respond to legal requests, and enforce our Terms

6.2 For End-Customer Data

• Service Delivery Only: To process voice conversations, generate transcripts, and deliver analytics to the Client
• Error Logging: To store minimal data necessary for debugging and ensuring the reliability of the Services
• Not for Marketing: We do not use End-Customer data for our own marketing or outreach purposes
• Not for Model Training: We do not use End-Customer PII to train or improve AI models
• Not Sold: We do not sell End-Customer data to any third party

7. Payment Data & AI Separation

CallBolt maintains a strict architectural separation between payment systems and AI models. This is a core design principle of the Platform:

• No payment information is ever transmitted to, processed by, or accessible to any AI model or large language model (LLM).
• All payment processing is handled by PCI-DSS compliant third-party processors through isolated, secure channels.
• When payment-related features are offered in the future, payment collection will occur through secure, user-initiated flows (e.g., tokenized SMS payment links or hosted payment pages) where the user enters their own payment details directly. The AI system will only receive a success/failure status — never raw payment data.
• Client billing data (subscription payments) is processed and stored solely by our payment processor and is never exposed to AI systems.

8. Data Sharing & Third Parties

We share data only in the following circumstances:

8.1 Service Providers (Sub-Processors)

We use the following categories of third-party service providers to deliver the Services. These providers process data solely on our behalf and are bound by contractual obligations to protect your data:

The specific AI infrastructure used may vary by Client based on their requirements for speed, cost, and performance. This may include self-hosted open-source models, managed AI services, or third-party voice platforms. Clients will be informed of which infrastructure applies to their deployment, and a full list of sub-processors is available upon request or as part of a Data Processing Agreement (DPA).

8.2 Legal Requirements

We may disclose data when required by law, subpoena, court order, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

8.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, personal data may be transferred as part of the transaction. We will notify affected users of any change in ownership or control.

8.4 With Client's Consent

We may share data with additional third parties when explicitly authorized by the Client (e.g., CRM integrations configured by the Client).

9. Data Sales & Model Training

9.1 We Do Not Sell Personal Data

CallBolt does not sell, rent, lease, or trade the personally identifiable information of any user — Clients, Trial Users, or End-Customers — to any third party. This applies to all categories of personal data, including PII and payment information.

9.2 We Do Not Sell Sensitive Data

As required by the TDPSA, we explicitly confirm: we do not sell sensitive personal data, and we do not sell biometric data.

9.3 AI Model Training

• End-Customer Data: We do not use End-Customer PII or conversation data to train, fine-tune, or improve our AI models or any third-party models.
• Aggregated Data: We may use fully anonymized, aggregated, and de-identified data (e.g., call volume trends, average conversation lengths, feature usage patterns) to improve the Platform. This data cannot be used to identify any individual.
• Third-Party AI Providers: When using third-party AI services, we configure them to not retain or use customer data for their own model training purposes. Where available, we enable data opt-out settings provided by such services.

10. Voice Data & Recordings

10.1 What We Record

Voice conversations conducted through CallBolt may be recorded and transcribed. The recording and transcription capabilities are configured by the Client. Clients are responsible for obtaining consent from End-Customers where required by applicable law (including one-party and two-party consent jurisdictions).

10.2 How Voice Data Is Processed

Voice audio is processed in real-time by our AI voice engine to generate responses. Audio may be temporarily buffered during processing but is not permanently stored unless the Client has enabled call recording. Transcripts derived from voice conversations are stored in the Client's account for their use.

10.3 Voiceprint Clarification

CallBolt does not create or store voiceprints (biometric voice identifiers) from End-Customer voice recordings. Voice recordings are processed for speech recognition and response generation only, not for biometric identification or authentication.

10.4 Voice Cloning Data

When Clients use the voice cloning feature, the source audio is used solely to create a synthetic voice model for that Client. Source audio for voice cloning is stored securely and is not shared with other Clients or used for any other purpose.

11. Cookies & Tracking Technologies

11.1 What We Use

• Essential Cookies: Required for authentication, security, and basic Platform functionality
• Analytics Cookies: Used to understand how visitors interact with our website (e.g., page views, referral sources)
• Preference Cookies: Store your settings (e.g., theme preference, language)

11.2 Third-Party Cookies

We may use third-party analytics services that set their own cookies. We do not use cookies for targeted advertising.

11.3 Global Privacy Control (GPC)

In compliance with the TDPSA, we recognize and honor Global Privacy Control (GPC) signals. When we detect a GPC signal from your browser, we automatically suppress any non-essential tracking scripts.

11.4 Managing Cookies

You can manage or disable cookies through your browser settings. Disabling essential cookies may affect the functionality of the Services.

12. Data Retention

Upon request, we will delete your data within 45 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal defense).

13. Data Security

We implement administrative, technical, and physical safeguards to protect your data, including:

• Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Role-based access controls, principle of least privilege, multi-factor authentication for administrative access
• Infrastructure Security: Hosting on SOC 2-compliant cloud infrastructure with network isolation, firewalls, and intrusion detection
• Data Isolation: Client data is logically isolated; one Client's data is never accessible to another
• Payment Separation: Complete architectural separation between payment processing systems and AI systems (see Section 7)
• Regular Audits: Periodic security reviews and vulnerability assessments
• Incident Response: Documented incident response plan with notification procedures

While we take reasonable measures to protect your data, no system is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

14. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Know / Access: Request confirmation of whether we process your data and obtain a copy
• Right to Delete: Request deletion of your personal data, subject to certain legal exceptions
• Right to Correct: Request correction of inaccurate personal data
• Right to Portability: Request a copy of your data in a commonly used, machine-readable format
• Right to Opt Out: Opt out of the sale of personal data (we don't sell, but the right is available), targeted advertising, or profiling
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

To exercise any of these rights, contact us at privacy@callbolt.ai. We will respond within 45 days of receiving a verifiable request. We may extend this period by an additional 45 days if reasonably necessary, with notice to you.

For End-Customers: If you are an End-Customer of one of our Clients and wish to exercise privacy rights regarding data collected during a voice interaction, please contact the Client (business) directly. As a Data Processor, we process End-Customer data at the Client's direction. We will cooperate with the Client to fulfill your request.

15. Texas Data Privacy & Security Act (TDPSA)

As a Texas company, we comply with the Texas Data Privacy and Security Act. Under the TDPSA, Texas consumers have rights to access, correct, delete, and port their personal data, and to opt out of data sales and targeted advertising.

• We do not sell personal data
• We do not sell sensitive personal data
• We do not sell biometric data
• We do not process data for targeted advertising
• We honor Global Privacy Control (GPC) signals
• We process sensitive data only with affirmative consent
• We limit data collection to what is adequate, relevant, and reasonably necessary

To submit a TDPSA rights request, email privacy@callbolt.ai with "TDPSA Request" in the subject line. We will authenticate your identity before processing the request. If we deny a request, you may appeal by emailing the same address with "TDPSA Appeal" in the subject line. If your appeal is denied, you may contact the Texas Attorney General's office.

16. California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA as amended by the CPRA:

• Right to Know: What categories and specific pieces of personal information we have collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Information: We only use sensitive information for purposes authorized by the CCPA

To exercise your CCPA rights, email privacy@callbolt.ai with "CCPA Request" in the subject line.

Categories of personal information collected in the past 12 months: Identifiers (name, email, phone, IP address), commercial information (billing records), internet/electronic activity (usage data, device info), professional information (company, job title), and inferences drawn from the above.

We do not sell or share personal information. We disclose personal information to service providers for business purposes as described in Section 8.

17. Children's Privacy

The Services are not directed to children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided personal data to CallBolt, please contact us at privacy@callbolt.ai, and we will promptly delete such information.

18. International Data Transfers

The Services are hosted in the United States. If you access the Services from outside the United States, your data will be transferred to and processed in the United States. By using the Services, you consent to the transfer of your data to the United States, where data protection laws may differ from those of your jurisdiction.

19. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page with a revised "Last Updated" date. For active account holders, we will provide email notification at least 30 days before material changes take effect. Your continued use of the Services after any changes constitutes acceptance of the updated Policy.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CallBolt LLC
Dallas, Texas
Privacy Inquiries: privacy@callbolt.ai
General Legal: legal@callbolt.ai
Website: https://callbolt.ai