Privacy Policy - CallAI
Last updated July 2024
Introduction
Call AI ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our video call intelligence platform. We adhere to Google's API Services User Data Policy in our use of Google API Services and Microsoft's API Terms of Use for Microsoft Calendar API. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.
Our Service
We are a video call intelligence platform that connects to your calendar to send AI notetakers to your meetings. Our service records, transcribes, and diarises your calls to allow you to extract insights.
We will process data using two legal rationales, if you are an individual and not associated with a contracted client we will ask for your consent. If you are associated with a contracted client we will use legitimate interest as the legal basis to process the data
Corporate
If you choose to use our service, personal data items such as Name, Email Address and Telephone number may be stored in our Corporate Cloud Storage, Corporate Email Platform or our Help Desk platform.
We will process data using two legal rationales, if you are an individual and not associated with a contracted client we will ask for your consent. If you are associated with a contracted client we will use legitimate interest as the legal basis to process the data.
Personal data will be retained for a period of up to 3 years for an active account, ie an account which has been used.
Marketing
We would like to send you information about products and services of ours which may be of interest to you. You have a right at any time to stop us from contacting you for marketing purposes. The personal data will include names, addresses, email addresses, employer, job title and telephone numbers.
We will process data using the following legal rationales to send marketing information, if you are an individual and not associated with a contracted client we will ask for your consent. If you are associated with a contracted client, we will use contractual obligation as the legal basis to process the data. If you are associated with a previous contracted client, we will use legitimate interest as the legal basis to process the data. All of the above rationales for marketing information can be removed by informing us of your wish to remove consent.
We will retain personal data for active customer leads for a period of up to 3 years, a lead will be active under the following circumstances
Information We Collect
We collect the following information through Google API Services and Microsoft Calendar API:
· Calendar Events: We access your Google Calendar and Microsoft Calendar events to schedule our AI Notetakers for your meetings.
· Email Addresses: We collect email addresses associated with your calendar events to facilitate meeting attendance.
Additionally, we collect:
· Meeting Content: We record, transcribe, and diarise your video calls to provide insights.
Personal Data Processed
IntentPro processes the following personal data of the meeting attendees:
· First name
· Last name
· Company email address
· Telephone numbers
· Job title
· Company name
· Seniority
· Company size
· Calendar Events
· Voice
· Likeness
· Meeting transcripts
· Meeting recordings
Purpose of Data Collection
We request Google and Microsoft user data for the following purposes:
· To send AI Notetakers to your scheduled meetings
· To record, transcribe, and diarise your calls
· To extract and provide insights from your meetings
· To improve and maintain our service
We do not use the collected data for any purposes other than providing our core service as described above.
Data Use and Limitations
Our use of Google user data adheres to the Limited Use requirements set forth in Google's API Services User Data Policy. Our use of Microsoft user data adheres to Microsoft's API Terms of Use.
We limit our use of data to providing and improving user-facing features that are prominent in our application's user interface. We do not transfer data except to provide or improve our service, for security purposes, to comply with applicable laws, or as part of a merger, acquisition, or sale of assets (with user consent). We do not allow humans to read the data unless specifically agreed to by the user, necessary for security purposes, required to comply with applicable law, or when aggregated and used for internal operations in accordance with applicable privacy laws. We do not transfer or sell user data to third parties like advertising platforms or data brokers. We do not use user data for advertising purposes, including retargeting or personalised/interest-based advertising. We do not use user data to determine credit-worthiness or for lending purposes.
Data Retention
Personal data will be stored for the term of the agreement. Personal data will be retained for a period of up to 3 years for a dormant account
Data Sharing
We share collected data with Open AI through Microsoft Azure Open AI for data processing purposes. This sharing is necessary to provide our core service of extracting insights from your meetings. We do not share your information with any other third parties except as necessary to provide our service or as required by law.
Authorised Sub-Processors/Service Providers
The following entities may process personal data received pursuant to this Agreement:
-
Amazon Web Services (London – eu-west-2) – for the purpose of Web Application/Service Hosting
-
Microsoft Azure Services (UK South) – for the purpose of Large Language Modelling and Transcript Analysis
-
http://Recall.ai (eu-central-1) – for the purpose of Video and Audio Transcription
-
BC LTF Limited - for the purpose of Company Support Services
-
Blenheim Chalcot IT Services India Private Limited; India; For the purpose of application development, back-office finance and invoicing services and helpdesk queries.
-
HubSpot, 25 First Street, 2nd Floor Cambridge, MA 02141 United States; for the purpose of our Marketing CRM
Data Security
We are ISO27001 certified and implement appropriate technical and organisational measures to maintain the security of your personal information. All data is encrypted Notetakerh at rest and in transit. We adhere to Google's security requirements for applications accessing sensitive and restricted scopes, as well as Microsoft's security requirements for their APIs. Our security measures include:
· Data is accessed only over https, ensuring encryption in transit
· All data at rest is encrypted within AWS RDS, using AWS KMS as our Key Management System
· Database backups are encrypted and geo-replicated to another data centre in the AWS availability zone
· Inbound traffic is only permitted via an AWS WAF
· Application logs are written to a central/auditable service
· Access to the Database layer is only possible by our senior engineers through a secured client VPN
· We use only UK/EU based AWS Data Centres which are ISO27001 certified
For EC2/Virtual machine:
· OS updates are performed in a timely manner
· OS level authentication logs are stored in a central location and can’t be tampered with
· Deployments/Rollbacks are performed securely through a CI/CD process
Your Data Protection Rights
You have the right to:
· Access your personal data
· Correct your personal data
· Delete your personal data
To exercise these rights, please contact us using the information provided in the "Contact Us" section.
Data Deletion
Any data you delete from our platform is permanently removed from our databases. You can revoke our access to your Google data at any time through your Google Account settings, and to your Microsoft data through your Microsoft Account settings.
Children's Privacy
Our service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. Our application is not directed primarily at children and is considered a mixed audience application.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page, updating the "Last Updated" date, and, where required, obtaining your consent for any material changes.
Google API Services User Data Policy
Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Microsoft API Terms of Use
Our use and transfer of information received from Microsoft APIs will adhere to the Microsoft API Terms of Use.
Who we are and how to contact us
We are the data controller responsible for defining and managing how your personal data is processed.
Our company name is IntentPro Limited
Our company address is Scale Space, 58 Wood Ln, London W12 7RZ, United Kingdom
Our email address is info@intentpro.io
By using our service, you consent to our Privacy Policy and agree to its terms.