Privacy Policy

This Privacy Policy ("Policy") describes how Call-e, Inc., a Delaware corporation doing business as "Call-e" ("Call-e," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with our websites, web applications, services, tools, and related offerings (collectively, the "Services").

Call-e provides AI-assisted software that records, transcribes, and analyzes voice and video meetings to generate notes, scorecards, guidance, and analytics for our customers ("Clients").

This Policy applies to: visitors to our websites; individuals who interact with our marketing, events, or communications; representatives and employees of our Clients who use the Services ("Authorized Users"); and individuals whose information we process on a Client's behalf, including participants in recorded meetings ("Participants").

Questions? Contact us at privacy@call-e.io or at the postal address in Section 15.

1. Our Role: Processor and Controller

For most processing of meeting and Participant data, Call-e acts as a processor / service provider on behalf of our Clients, who act as the controller / business under applicable privacy laws.

• Our Clients determine what data they send to Call-e (for example, meeting audio and video, transcripts, and CRM context) and how they use the outputs.
• Clients are responsible for providing required notices to, and obtaining all required consents from, Participants and their own customers — including consent to record meetings. See our Recording & Consent Notice.

For certain activities — operating our website, marketing to prospective Clients, and managing our own business relationships — Call-e acts as an independent controller / business.

2. Information We Process ("Data")

2.1 Registration Data. Name, business email, phone number, company name, role, login identifiers (including single sign-on identity), and preferences. Used to create and manage accounts; provide, configure, secure, and support the Services; and send service and (where permitted) marketing communications.

2.2 Conversation & Engagement Data. Meeting audio and video; transcripts; AI-generated outputs (summaries, notes, scorecards, guidance, action items); and limited contextual data such as participant names, meeting metadata, and CRM context a Client chooses to connect. This may include personal information about a Client's customers, prospects, and other Participants. Used to provide transcription, notes, guidance, and analytics; produce dashboards and reports; and maintain, secure, and improve the Services (including via de-identified/aggregated analytics as described in Section 4).

2.3 Usage Data. Log data about how Authorized Users interact with the Services; device, network, and technical data (browser, OS, IP address, approximate city/region, performance metrics); and cookie or similar identifiers. Used to monitor, secure, and troubleshoot the Services; understand adoption; and improve the product. See Section 10 and our Cookie Policy.

2.4 Billing Data. Billing contact, plan details, and limited payment information processed by PCI-compliant third-party payment processors. We do not store full payment-card numbers. Used to administer subscriptions, invoicing, and fraud prevention. (Billing is not yet enabled in the Services; this section applies once paid subscriptions launch.)

2.5 Support & Communications Data. Information you submit in support requests, emails, chats, surveys, and feedback. Used to respond to and improve support.

3. How We Use Data

We use Data to provide, secure, support, and improve the Services; to communicate with you; to comply with law; and for the specific purposes described in Section 2. We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law.

4. Artificial Intelligence and Model Training

Call-e uses AI and machine-learning technologies to transcribe meetings and generate insights. Our key commitments:

1. We do not train models on your identifiable data. We do not use identifiable Conversation & Engagement Data to train general-purpose models made available to other customers or the public. Call-e does not train or fine-tune any of its own models on customer data; our AI functions are performed through third-party AI providers via their APIs.
2. Our AI vendors are contractually restricted. Where we use third-party AI providers (see Section 6 and our Sub-processor list), we contractually require them to keep your data confidential and not use it to train their publicly available models.
3. De-identified improvement. We may use de-identified or aggregated data derived from your use of the Services to operate, secure, and improve our models, features, and analytics. We do not attempt to re-identify such data; we create it using industry-standard methods so it cannot reasonably be associated with any individual or customer; we contractually prohibit recipients from re-identifying it; and it consists of derived or aggregated data, not raw recordings or transcripts.
4. Human oversight. AI outputs are advisory and do not replace human judgment. Authorized Users remain responsible for their decisions and for complying with applicable laws and professional standards. See our AI Use & Limitations Disclosure.

5. Legal Bases for Processing (EEA/UK)

Where required, we rely on: your consent (e.g., certain marketing); contractual necessity (to perform our agreements with Clients); our legitimate interests in operating, securing, and improving the Services; and compliance with legal obligations.

6. How We Share Data

We share Data only as follows:

1. With your organization (the Client). Outputs and analytics are made available to your organization subject to role-based access controls.
2. Service providers and sub-processors. We use vetted providers for hosting, storage, transcription, AI generation, communications, security, observability, and support, under written agreements requiring them to protect Data and use it only as instructed. Our current sub-processors are listed in our Sub-processor list.
3. Third-party integrations you enable. If you connect a CRM or other tool (for example, GoHighLevel), we exchange relevant Data with that system to provide the integration.
4. Business transfers. In a merger, acquisition, or sale of assets, Data may be transferred as part of the transaction.
5. Legal and safety. We may disclose Data where reasonably necessary to comply with law or legal process, enforce our terms, or protect the rights, property, or safety of Call-e, our Clients, or others.

7. International Data Transfers

Call-e is based in the United States, and we and our sub-processors process Data in the United States and other countries. Where we transfer personal data across borders, we use appropriate safeguards such as Standard Contractual Clauses, along with technical controls (encryption in transit and at rest) and organizational measures.

8. Data Retention and Deletion

We retain Data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements, and we apply data-minimization practices so that personal information is not kept longer than needed for those purposes.

• Retention of a Client's meeting and Participant data is governed by our agreement with that Client and its configuration choices.
• When a Client relationship ends, our default is to de-identify the associated Client Data using industry-standard, irreversible methods so that it can no longer reasonably be re-identified, within 30 days of account deactivation. If you submit a verified deletion request, we instead delete that Client Data from our primary systems — our application database and file storage — within 30 days of verifying the request. We also retain data we are required to keep by law. As a standard operating practice, operational logs and routine encrypted backups are kept on standard, time-limited retention schedules and age out automatically rather than being individually purged. De-identified data is no longer personal information and may be retained and used as described in Section 4. (We are finalizing self-serve deletion tooling; until it is generally available, verified deletion requests are carried out manually within the same window.)
• You may request deletion or a copy of your data as described in Section 9; we will honor verified requests subject to the exceptions above.

9. Your Privacy Rights

Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal information; to object to or restrict certain processing; and to opt out of marketing.

To exercise these rights, email privacy@call-e.io. We will verify your identity and respond within the time required by applicable law (generally 45 days under U.S. state laws and one month under GDPR/UK GDPR, with permitted extensions). If your request concerns data we process on behalf of a Client, we will refer you to that Client, who is the controller. You will not be discriminated against for exercising your rights.

9.1 California (CCPA/CPRA). California residents have the rights to know, access, correct, and delete personal information; to opt out of "sale" or "sharing" (we do not sell or share personal information for cross-context behavioral advertising); and to limit the use of sensitive personal information. The categories of personal information we collect, and the purposes for which we use them, are described in Sections 2–4. We retain each category as described in Section 8. To exercise California rights, contact privacy@call-e.io; you may use an authorized agent.

9.2 EEA/UK. You may lodge a complaint with your supervisory authority. Where we rely on consent, you may withdraw it at any time.

10. Cookies and Tracking

We and our providers use cookies and similar technologies in the Services:

• Strictly necessary: authentication and session cookies required to sign in and keep you signed in.
• Functional: feature management and our in-app support chat.
• Analytics / product monitoring: product-usage analytics and session monitoring that help us keep the Services reliable and secure.

Where required by law, we obtain consent or offer an opt-out for non-essential cookies. Your browser may send "Do Not Track" signals; we may not be able to respond to all such signals consistently. See our Cookie Policy for details and choices.

11. Security

We maintain administrative, technical, and physical safeguards designed to protect Data, including encryption in transit (TLS) and at rest, access controls, tenant isolation, and monitoring. No method of transmission or storage is completely secure. For more, see our Security & Trust page.

12. Data Breach Notification

If we become aware of a security incident affecting personal information, we will respond in accordance with our incident-response procedures and notify affected Clients and, where required, regulators and individuals, without undue delay and within the timeframes required by applicable law, and in any event within 72 hours where required by applicable law. Our notification will include, to the extent known: the nature of the incident; the categories and approximate number of data subjects and records affected; the likely consequences; the measures taken or proposed to address it; and a contact point for more information. Where Call-e acts as a processor, we will notify the relevant Client (controller) promptly so it can meet its own notification obligations.

13. Children's Privacy

The Services are not directed to children under 18, and we do not knowingly collect their personal information. If you believe we have, contact us and we will take appropriate steps.

14. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy and revise the "Last Updated" date, and, where appropriate, provide additional notice.

15. Contact Us

Call-e, Inc. · 17620 NE 69th Ct, #140, Redmond, WA 98052, USA · Privacy: privacy@call-e.io · Security: security@call-e.io