top of page
CallAI
Introduction
Call AI ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video call intelligence platform. We adhere to Google's API Services User Data Policy in our use of Google API Services and Microsoft's API Terms of Use for Microsoft Calendar API. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.
Identity and Intent
Call AI is requesting access to Google and Microsoft user data. We are a video call intelligence platform that connects to your calendar to send AI bots to meetings. These bots record, transcribe, and diarize your calls to allow you to extract insights.
Information We Collect
We collect the following information through Google API Services and Microsoft Calendar API:
-
Calendar Events: We access your Google Calendar and Microsoft Calendar events to schedule our AI bots for your meetings.
-
Email Addresses: We collect email addresses associated with your calendar events to facilitate meeting attendance.
Additionally, we collect:
-
Meeting Content: We record, transcribe, and diarize your video calls to provide insights.
Personal Data Processed
IntentPro processes the following categories of personal data:
-
First name
-
Last name
-
Company email address
-
Telephone numbers
-
Job title
-
Company name
-
Seniority
-
Company size
-
Calendar Events
-
Voice
-
Likeness
-
Meeting transcripts
-
Meeting recordings
Purpose of Data Collection
We request Google and Microsoft user data for the following purposes:
-
To send AI bots to your scheduled meetings
-
To record, transcribe, and diarize your calls
-
To extract and provide insights from your meetings
-
To improve and maintain our service
We do not use the collected data for any purposes other than providing our core service as described above.
Data Use and Limitations
Our use of Google user data adheres to the Limited Use requirements set forth in Google's API Services User Data Policy. Our use of Microsoft user data adheres to Microsoft's API Terms of Use.
We limit our use of data to providing and improving user-facing features that are prominent in our application's user interface. We do not transfer data except to provide or improve our service, for security purposes, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets (with user consent). We do not allow humans to read the data unless specifically agreed to by the user, necessary for security purposes, required to comply with applicable law, or when aggregated and used for internal operations in accordance with applicable privacy laws. We do not transfer or sell user data to third parties like advertising platforms or data brokers. We do not use user data for advertising purposes, including retargeting or personalized/interest-based advertising. We do not use user data to determine credit-worthiness or for lending purposes.
Data Retention
We store your data indefinitely until you choose to delete it from our platform. Personal data will be stored for the term of the agreement.
Data Sharing
We share collected data with Open AI through Microsoft Azure Open AI for data processing purposes. Open AI does not store any of this data. This sharing is necessary to provide our core service of extracting insights from your meetings. We do not share your information with any other third parties except as necessary to provide our service or as required by law.
Authorized Sub-Processors
The following entities may process personal data received pursuant to this Agreement:
Amazon Web Services (London – eu-west-2)
Microsoft Azure Services (UK South)
Recall.ai (eu-central-1)
Data Sharing with Third-Party AI Platforms
We share collected data with Open AI through Microsoft Azure Open AI for data processing purposes. Open AI does not store any of this data. This sharing is necessary to provide our core service of extracting insights from your meetings. We do not share your information with any other third parties except as necessary to provide our service or as required by law. The specific data shared includes:
-
Meeting recordings
-
Meeting transcripts
-
Calendar events
The data is used solely for the purpose of processing and generating insights from your meetings.
Explicit User Consent
We acquire explicit user consent for accessing and sharing data through the following methods:
Initial Authorization: During the initial setup of our service, users are required to grant explicit permissions via OAuth consent screens provided by Google and Microsoft. This process clearly outlines the types of data we access and the purposes for which it will be used.
Consent for Data Processing: Before any data is processed by third-party AI platforms, users are informed and required to provide explicit consent. This is done through a consent form presented within our application interface, detailing what data will be shared and how it will be used.
Continuous Access and Control: Users can review and manage their data sharing preferences at any time through our application settings. They can revoke access to their Google and Microsoft data via their respective account settings. We provide clear instructions on how to do this within our application.
Data Security
We are ISO27001 certified and implement appropriate technical and organizational measures to maintain the security of your personal information. All data is encrypted both at rest and in transit. We adhere to Google's security requirements for applications accessing sensitive and restricted scopes, as well as Microsoft's security requirements for their APIs. Our security measures include:
-
Data is accessed only over https, ensuring encryption in transit
-
All data at rest is encrypted within AWS RDS, using AWS KMS as our Key Management System
-
Database backups are encrypted and geo-replicated to another data center in the AWS availability zone
-
Inbound traffic is only permitted via an AWS WAF
-
Application logs are written to a central/auditable service
-
Access to the Database layer is only possible by our senior engineers through a secured client VPN
-
We use only UK/EU based AWS Data Centers which are ISO27001 certified
For EC2/Virtual machine:
-
OS updates are performed in a timely manner
-
OS level authentication logs are stored in a central location and can’t be tampered with
-
Deployments/Rollbacks are performed securely through a CI/CD process
Your Data Protection Rights
You have the right to:
-
Access your personal data
-
Correct your personal data
-
Delete your personal data
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
Data Deletion
Any data you delete from our platform is permanently removed from our databases. You can revoke our access to your Google data at any time through your Google Account settings, and to your Microsoft data through your Microsoft Account settings.
Children's Privacy
Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. Our application is not directed primarily at children and is considered a mixed audience application.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where required, obtaining your consent for any material changes.
Google API Services User Data Policy
Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Microsoft API Terms of Use
Our use and transfer of information received from Microsoft APIs will adhere to the Microsoft API Terms of Use.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
By using our service, you consent to our Privacy Policy and agree to its terms.
bottom of page