Privacy Policy

Last updated: April 13, 2026

Callvoa ("we," "us," or "our") operates the Callvoa AI receptionist service. This Privacy Policy describes what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

From customers (you): When you subscribe to Callvoa, we collect your name, business name, email address, mobile phone number, business address, and payment information (processed and stored by Stripe — we do not store your credit card details directly).

From your callers: When someone calls your business and the Callvoa AI answers, we collect the caller's name, phone number, service address, reason for calling, appointment details, and a recording of the conversation. This information is collected solely to provide the Service to you.

From Google (if you connect your Google Calendar): If you choose to connect your Google Calendar to Callvoa, we receive an OAuth access token and refresh token from Google, along with calendar event data necessary to check availability and create appointments on your behalf. See Section 4 below for full details.

2. How We Use Information

We use collected information to provide, maintain, and improve the Callvoa service, send you call notifications and appointment details via SMS and email, process your payments, communicate with you about your account, and comply with legal obligations. We do not use caller information or Google user data for marketing purposes, advertising, or training AI models.

3. Information Sharing

We do not sell, rent, or share your data, your callers' data, or your Google user data with third parties for marketing purposes. We share information only with service providers who help us operate the Service: Stripe (payment processing), Twilio (SMS delivery), Vapi and associated AI providers including OpenAI, ElevenLabs, and Deepgram (call handling infrastructure), Google (calendar integration, if connected), and Cal.com (appointment scheduling, where applicable). Each provider receives only the information necessary to perform their function. We may also disclose information if required by law or to protect our legal rights.

4. Google User Data

Callvoa's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access: When you connect your Google Calendar to Callvoa, we request the https://www.googleapis.com/auth/calendar scope. This allows Callvoa to read existing calendar events (to check your availability) and create, update, or delete calendar events (to book appointments on your behalf). We do not access any other Google data — not your Gmail, Drive, Contacts, or any calendar data outside of events on the calendar you connect.

How we use it: Google Calendar data is used exclusively to allow our AI receptionist to schedule appointments with your callers. Specifically, we read your existing events to determine when you are available, and we create new events when a caller books an appointment. We do not use this data for any other purpose.

How we store it: We store only the OAuth refresh token required to maintain the connection to your Google Calendar, along with metadata about events Callvoa has created (such as event IDs, so we can update or cancel them later). We do not copy, cache, or retain the contents of your broader calendar in our systems.

What we do NOT do with Google user data: We do not sell it. We do not share it with third parties except as strictly necessary to provide the appointment-scheduling feature you have requested. We do not use it for advertising. We do not use it to train, develop, or improve any generalized or non-personalized AI or machine learning models. We do not allow humans to read your Google data except (a) with your explicit consent, (b) to comply with applicable law, (c) for security purposes such as investigating abuse, or (d) to perform aggregate and anonymized operations analysis.

Revoking access: You may revoke Callvoa's access to your Google Calendar at any time by visiting your Google Account permissions page or by contacting us at jackson@callvoa.com. Upon revocation, we will delete your stored OAuth tokens within 30 days.

5. Call Recordings

All calls handled by the Callvoa AI are recorded. Recordings are stored securely and accessible only to you (the subscriber). You are responsible for complying with all applicable laws regarding call recording disclosure in your jurisdiction. We recommend including a disclosure in your greeting that calls may be recorded.

6. SMS Communications and Mobile Information

When you subscribe to Callvoa, we collect your mobile phone number to send you text message notifications related to your service, including new call alerts, appointment confirmations, urgent call notifications, and occasional account updates.

Mobile phone numbers and SMS consent information are not shared with third parties or affiliates for marketing or promotional purposes. This information is used solely to deliver the notifications you have subscribed to as part of the Callvoa service.

Message frequency varies based on the volume of calls received by your business. Message and data rates may apply. You may opt out of SMS notifications at any time by replying STOP to any message. Reply HELP for assistance. Opting out of SMS notifications does not cancel your Callvoa subscription.

7. Data Retention

We retain your account data, call records, and stored OAuth tokens for the duration of your active subscription. Upon cancellation or disconnection of a connected service, we delete the associated data within 30 days unless you request earlier deletion or we are required by law to retain it. You may request deletion of your data at any time by emailing jackson@callvoa.com.

8. Data Security

We use commercially reasonable measures to protect your information, including encrypted data transmission (TLS), encrypted storage of OAuth tokens and sensitive credentials, and access controls on our infrastructure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting us at jackson@callvoa.com. If you are a California resident, you may have additional rights under the CCPA. Contact us to exercise any data rights.

10. Children's Privacy

Callvoa is a business service and is not directed at individuals under the age of 18. We do not knowingly collect information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email at least 14 days in advance. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, contact us at jackson@callvoa.com.