Privacy Policy - OpenCall: AI Call Agent
Privacy Policy - OpenCall: AI Call Agent
Effective Date: March 26, 2026 Last Updated: March 28, 2026
Calify LTD ("Calify," "we," "us," or "our") is a company registered in Israel. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the OpenCall mobile application ("App") and related services (collectively, the "Service").
By using OpenCall, you consent to the practices described in this Privacy Policy. If you do not agree, do not use the Service.
Calify LTD 3 Kiryat Mada, Jerusalem, 9777603, Israel Email: support@calify-ai.com
For GDPR purposes, Calify LTD is the data controller responsible for your personal data.
Account Information: Name, email address, and profile photo (via Google or Apple Sign-In). Used for account creation and authentication.
Phone Numbers: Your personal phone number (for caller ID verification) and phone numbers you call. Used for caller ID verification and placing calls on your behalf.
Call Goals & Instructions: Text you enter describing the purpose of each call. Used for instructing the AI agent on how to conduct the call.
Identity Profiles: Name, phone number, address, account/ID numbers, and additional context you choose to provide. Used for providing the AI agent with reference information during calls.
Voice Recordings: Audio recordings you provide for voice cloning (30 seconds to 2 minutes, WAV or MP3). Used for creating a custom AI voice clone via ElevenLabs.
Voice Clone Consent: Your consent type ("my own voice" or "consent from owner") and timestamp. Used for legal compliance and audit trail.
Call Transcripts: Real-time text transcriptions of both the AI agent's speech and the call recipient's responses. Used for displaying call progress and call history.
Call Recordings: Audio recordings of calls made through the Service. Used for quality assurance and Service improvement.
Call Metadata: Call duration, call status, language, timestamps, and Call SID. Used for Service functionality and call history.
Analytics Data: App events (call started, call completed, call failed, voice cloned, voice designed, identity created, caller ID verified, login, sign-up, account deleted). Used for Service improvement and debugging.
Crash Reports: App crash logs and stack traces. Used for identifying and fixing bugs.
Firebase User ID: Unique identifier assigned by Firebase Authentication. Used for account management.
Device Identifiers: We do not collect IDFA, IDFV, device model, or OS version.
Location Data: We do not collect your geographic location.
Cross-App Tracking: We do not engage in cross-app or cross-site tracking. Our Apple Privacy Manifest declares NSPrivacyTracking: false.
We use your personal information for the following purposes:
Providing the Service — Creating your account, placing AI-assisted phone calls, displaying transcripts, and maintaining call history.
Voice Cloning — Processing your voice recordings to create custom AI voice clones through ElevenLabs.
AI Agent Operation — Providing your name, call goal, language preference, and optional identity information to the AI agent so it can conduct calls on your behalf.
Caller ID Verification — Verifying your phone number through Twilio so your calls display your number to recipients.
Analytics & Improvement — Understanding how the Service is used to improve functionality and user experience.
Crash Reporting — Identifying and resolving technical issues.
Legal Compliance — Meeting legal obligations, including maintaining consent records.
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing, we rely on the following:
Consent: Voice cloning, third-party AI data sharing, analytics.
Contract Performance: Account creation, placing calls, call transcripts, call history.
Legitimate Interest: Crash reporting, service security, fraud prevention.
Legal Obligation: Record-keeping for regulatory compliance, AI disclosure to call recipients.
You may withdraw your consent at any time through the App's Profile → Data & Privacy settings. Withdrawing consent does not affect the lawfulness of processing performed before withdrawal.
We share your data with the following third-party service providers ("sub-processors") who are essential to operating the Service:
Data Shared: Voice recordings (for cloning), call audio (real-time streaming), call goals and language preferences (in system prompts), optional identity information (name, phone, address, account ID, context)
Purpose: Real-time AI voice conversation, voice cloning, text-to-speech
Storage: Voice clone data is stored on ElevenLabs servers
AI Model Training: Under ElevenLabs' current terms, ElevenLabs retains a perpetual, royalty-free license to use voice data and content to train and improve their AI models. They commit not to commercialize your voice on a standalone basis without your permission. We have opted out of ElevenLabs using data processed through our Service for model training by disabling the "Improve the models for everyone" setting on our API account. While this opt-out prevents your data from being actively used for training going forward, ElevenLabs' underlying license terms remain in effect. We recommend reviewing ElevenLabs' Privacy Policy and Terms of Use for full details on their data practices.
Data Shared: Call goals, language preferences, call context, and real-time conversation data — routed through ElevenLabs' conversational AI platform. No direct user account data (name, email, phone number) is shared with OpenAI.
Purpose: Powering the AI call agent's language understanding and response generation during calls
Privacy Policy: OpenAI Privacy Policy
Data Shared: Phone numbers (yours and recipients'), call audio streams, call metadata
Purpose: Placing and routing phone calls, caller ID verification, answering machine detection, conference bridging
Retention: Twilio retains call detail records (CDRs) indefinitely per their policy, Voice Insights data for 30 days, TwiML logs for 30 days, and call recordings until deleted
Privacy Policy: Twilio Privacy Statement
Data Shared: Call goals and language preferences only — no personal user data
Purpose: Generating suggested follow-up questions to help you prepare for calls
Privacy Policy: Anthropic Privacy Policy
Data Shared: Account information, call history, transcripts, analytics events, crash reports, voice clone consent records
Purpose: Authentication (Firebase Auth), data storage (Cloud Firestore), analytics (Firebase Analytics), crash reporting (Firebase Crashlytics)
Region: us-central1 (United States)
Privacy Policy: Google Cloud Privacy Notice
Data Shared: Apple ID information (during Apple Sign-In)
Purpose: Account authentication
Privacy Policy: Apple Privacy Policy
Data Shared: Google account information (during Google Sign-In)
Purpose: Account authentication
Privacy Policy: Google Privacy Policy
We do not sell your personal information to any third party.
Voice cloning creates a digital voiceprint that may be classified as biometric data under certain jurisdictions (including the Illinois Biometric Information Privacy Act).
Voice cloning is optional and requires your explicit consent before any audio is processed.
You must confirm either that the voice is your own, or that you have consent from the voice owner.
Voice recordings are uploaded to our servers and forwarded to ElevenLabs for processing. We do not retain voice recordings on our servers after forwarding.
Cloned voice profiles are stored on ElevenLabs servers and can be deleted at any time through the App.
When you delete your account, all cloned voices are automatically deleted from ElevenLabs.
Important: Under ElevenLabs' current terms, voice data provided to ElevenLabs is subject to a perpetual license that permits use for model training. We have opted out of this on our API account by disabling the "Improve the models for everyone" setting, which prevents your data from being actively used for training. However, ElevenLabs' underlying license terms remain in effect per their Terms of Use. Please review ElevenLabs' Privacy Policy for full details.
Calls made through OpenCall are recorded.
All call recipients are informed at the start of each call that the call is AI-assisted and is being transcribed.
Recordings are stored by Twilio and retained until deleted.
You may request deletion of your call recordings by contacting us at support@calify-ai.com.
Real-time transcripts are generated during each call, capturing both the AI agent's speech and the recipient's responses.
Transcripts are stored in your call history within Cloud Firestore.
You can delete individual call transcripts or all call history through the App.
When you delete your account, all transcripts are permanently deleted.
Every call made through OpenCall begins with a mandatory disclosure to the recipient:
"This call is AI-assisted and is being transcribed."
This disclosure is delivered in the language of the call and cannot be disabled. It is part of our commitment to transparency and compliance with applicable laws regarding AI-generated communications and call recording consent.
9.1. When a call is made through OpenCall, we collect and process certain data about the call recipient, including their phone number, their spoken responses (captured in the call transcript), and their voice (captured in the call recording).
9.2. Call recipients are informed at the beginning of each call that the call is AI-assisted and is being transcribed. By continuing the call after this disclosure, the recipient is made aware that their responses will be recorded and transcribed.
9.3. If you are a call recipient and wish to exercise your data rights (access, deletion, or objection to processing), please contact us at support@calify-ai.com with the approximate date, time, and phone number involved. We will respond within 30 days.
9.4. Call recipients may also contact us to request deletion of their data from a specific call, including the transcript and recording associated with that call.
Your data may be transferred to and processed in countries outside your country of residence, including:
United States — Firebase/Firestore (us-central1), Twilio, ElevenLabs, OpenAI, Anthropic
Israel — Calify LTD (data controller)
For transfers from the EEA/UK, we rely on:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable (Israel has an EU adequacy decision)
The data processing agreements of our sub-processors
We implement appropriate technical and organizational measures to protect your personal data, including:
Firebase Authentication with secure token verification for all API requests
Twilio webhook signature validation to prevent unauthorized access
CORS restrictions blocking unauthorized browser-based access
E.164 phone number validation to prevent injection attacks
XML escaping in telephony markup to prevent injection
Encrypted data transmission (TLS/HTTPS) for all communications
In-memory transcript processing with automatic cleanup (backend transcripts are deleted 60 seconds after call completion)
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Account Information: Until you delete your account.
Call Transcripts: Until you delete them individually or delete your account.
Call Recordings: Stored by Twilio until deleted; you may request deletion.
Call Metadata (Twilio CDRs): Retained by Twilio indefinitely per their policy.
Voice Insights (Twilio): 30 days.
Cloned Voices: Until you delete them or delete your account.
Voice Clone Consent Records: Retained for legal compliance purposes.
Analytics Data: Per Firebase Analytics retention settings.
Crash Reports: Per Firebase Crashlytics retention settings.
Verified Caller IDs: Until you remove them or delete your account.
Note on sub-processor retention: Certain data held by our third-party sub-processors (such as Twilio call detail records) is subject to their own retention policies and may not be fully deletable upon request. Where we cannot ensure complete deletion by a sub-processor, we will inform you and take all reasonable steps to minimize the retained data. For details, please refer to the respective sub-processor's privacy policy linked in Section 5.
Depending on your jurisdiction, you may have the following rights:
Access — Request a copy of your personal data
Rectification — Correct inaccurate personal data
Deletion — Delete your account and all associated data through the App (Profile → Delete Account) or by contacting us
Portability — Request your data in a portable format
Withdraw Consent — Revoke third-party AI data sharing consent through Profile → Data & Privacy (this will sign you out)
Restrict Processing — Request that we limit how we use your data
Object — Object to processing based on legitimate interests
Lodge a Complaint — File a complaint with your local data protection authority
To exercise any of these rights, contact us at support@calify-ai.com.
We will respond to all requests within 30 days (or sooner if required by applicable law).
If you are in the EEA or UK, the following additional provisions apply:
Data Controller: Calify LTD, 3 Kiryat Mada, Jerusalem, 9777603, Israel (an EU-recognized adequate jurisdiction for data protection)
Legal Bases: See Section 4 above
Data Protection Contact: For privacy inquiries, contact support@calify-ai.com
Right to Lodge a Complaint: You may file a complaint with your local supervisory authority
International Transfers: See Section 10 above
Automated Decision-Making: The AI agent conducts calls based on your instructions. You may request human intervention or review of any AI-conducted call by contacting us.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information.
Right to Opt-Out of Sale: We do not sell your personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Right to Correct: You may request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: Voice recordings used for cloning may constitute sensitive personal information. You may request that we limit use of this data to what is necessary for the Service.
Categories of Personal Information Collected (per CCPA):
Identifiers (name, email, phone number, user ID)
Audio/electronic information (voice recordings, call audio, transcripts)
Internet/electronic activity (analytics events, crash reports)
Biometric information (voice clones, if applicable under California law)
To exercise your rights, contact support@calify-ai.com or use the in-app deletion features.
OpenCall is not intended for use by anyone under the age of 17. We do not knowingly collect personal information from children under 17. If we become aware that we have collected data from a child under 17, we will promptly delete that information.
If you believe a child under 17 has provided us with personal information, please contact us at support@calify-ai.com.
In the event of a data breach that affects your personal information, we will:
Notify affected users via email within 72 hours of becoming aware of the breach (as required by GDPR)
Notify the relevant supervisory authority where required by law
Provide details about the nature of the breach, the data affected, and the steps we are taking to address it
We may update this Privacy Policy from time to time. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify you through the App or via email
Where required by law, obtain your consent to material changes
Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
Calify LTD 3 Kiryat Mada, Jerusalem, 9777603, Israel Email: support@calify-ai.com
For GDPR-specific inquiries, please include "GDPR Request" in the subject line.