This Privacy Policy describes how Call Vibe (“CallVibe”, “we”, “us”, or “our”) collects, uses, discloses, and protects information when you visit our website, use our services, sign up for a trial, or otherwise interact with us. This policy is based on the CallVibe product and contact information provided in the CallVibe site text file.

1. Controller / Processor Roles

For self-serve signups on our website, marketing activities, and other direct interactions with individuals, CallVibe acts as a data controller (we determine the purposes and means of processing). For enterprise customers who provide CallVibe with data to be processed on their behalf (for example call recordings or telephony data), CallVibe will typically act as a processor/service provider under applicable law and in accordance with the parties’ agreement (including any Data Processing Addendum or DPA). Where there is any conflict between this Privacy Policy and a signed DPA, the DPA will govern.

2. What Information We Collect

Personal Data you provide

When you sign up, request a demo, contact us, or use our services, you may provide Personal Data such as:

• Full name, job title, and company name

• Email address and phone number

• Billing and payment information (when you purchase paid services)

• Postal address (when provided)

• Any other information you choose to provide in forms, chat, or support tickets

Communications & Voice Data

If you enable voice features or connect telephony to CallVibe, we may collect:

• Call audio recordings;

• Transcripts and automated summaries;

• Call metadata (timestamps, durations, participants, call IDs);

• Interaction logs, sentiment tags, and AI-generated scoring.

Enterprise customers are responsible for obtaining any required notices or consents from their end users before transferring Communications Data to CallVibe. We may use aggregated or de-identified Communications Data to improve our products and services, provided such uses do not identify the customer or individual end users.

Usage, Device & Location Data

We collect Usage Data automatically, such as IP address, browser type and version, pages visited, access times, device identifiers, operating system, and (where granted) approximate location data from your device.

Cookies & Tracking

We use cookies and similar technologies (including session cookies, preference cookies, security cookies and advertising/analytics cookies) to operate, secure, and improve our services. You can control cookies via your browser settings; note that disabling cookies may affect functionality. We honor Global Privacy Control signals where required by applicable law.

3. How We Use Your Data

We use collected information to:

• Provide, maintain, and improve CallVibe services (including real-time transcription, sentiment analysis, auto-summaries, and coaching features);

• Communicate with you about your account, product updates, and support;

• Process payments and manage subscriptions;

• Detect, prevent and investigate security incidents, fraud, or other misuse;

• Personalize and measure the effectiveness of our marketing;

• Aggregate and de-identify data to train, evaluate, and improve our models and services; and

• Comply with legal obligations and enforce our agreements.

Transactional or service-related messages (e.g., billing, security notices) are necessary for service provision and cannot be opted out of. Marketing emails can be unsubscribed from using the link in those emails.

4. AI, Model Training, and Google AI

CallVibe uses Google AI technologies to power certain product features and delivers enterprise-grade architecture and analytics. We may use aggregated, de-identified data to improve our machine learning models and services, but we will not use Communications Data in a way that identifies a customer or individual end-user without legal basis and required agreements/consents.

Google Workspace APIs: We do not use data obtained via Google Workspace APIs to develop or improve generalized AI/ML models unless explicitly disclosed and permitted by the customer. (If your integration or agreement differs, the applicable agreement or DPA will control.)

5. Retention of Data

We retain Personal Data as long as necessary for the purposes described in this policy, to provide the services, fulfill contractual obligations (including billing), comply with legal requirements, and resolve disputes. Usage Data and Communications Data retention periods vary by account settings, customer agreements, and legal obligations; enterprise customers may configure retention settings under their agreement or DPA. Where feasible, we anonymize or delete data when no longer needed.

6. Disclosure & Sharing of Data

We may disclose Personal Data:

• To our service providers and subprocessors who perform services on our behalf (hosting, analytics, payment processors, customer support), under appropriate confidentiality terms;

• To comply with legal obligations or respond to lawful requests from public authorities;

• In connection with corporate transactions (e.g., merger, acquisition, asset sale);

• To protect the rights, property, or safety of CallVibe, our users, or the public; and

• With your consent or as otherwise disclosed at collection.

We do not sell Personal Data for monetary consideration. In some jurisdictions, certain transfers to third parties may be treated as a “sale” — see your rights under CCPA/CPRA below.

7. Service Providers (Examples)

We use third-party service providers to support our operations. Examples include (subject to change):

• Analytics: Google Analytics, Cloudflare Analytics, Segment, Mixpanel.

• Development & CI/CD: GitHub.

• Payments: Stripe (for payment processing).

You can request an up-to-date list of subprocessors and vendors by contacting us (see Contact section).

8. International Transfers & Safeguards

Your data may be transferred to and processed in the United States and other countries whose data protection laws may differ from your jurisdiction. When transfers are made from the EEA, UK, or other jurisdictions with data transfer restrictions, we use appropriate safeguards such as Standard Contractual Clauses, the UK IDTA, or other approved mechanisms.

9. Security

We implement administrative, technical, and physical measures designed to protect your Personal Data consistent with industry standards (for example SOC 2 and other recognized frameworks where applicable). However, no method of transmission or storage is 100% secure. In the event of a data breach affecting Personal Data, we will notify affected parties and regulators as required by applicable law.

10. Email Communications

We may send you service-related, transactional, and marketing emails. Transactional emails (account, billing, security) are necessary for service delivery and cannot be unsubscribed. Marketing emails include an unsubscribe link to opt out.

11. Your Rights (GDPR, CCPA/CPRA, and Other Laws)

GDPR (EU/EEA)

If you are in the EU/EEA, you have rights including access, rectification, deletion, restriction of processing, portability, objection, and to withdraw consent where processing is based on consent. To exercise your rights, contact us and we will respond in accordance with applicable law. We may need to verify your identity before responding.

CCPA / CPRA (California)

If you are a California resident, you may have rights to request access to categories and specific pieces of personal information collected, request deletion, opt out of “sale” or sharing for cross-context behavioral advertising, and request correction of inaccurate Personal Information. To make requests, email us (see Contact). You may make certain requests twice in a 12-month period.

Other jurisdictions

Where local law grants you additional rights, we will comply with applicable law. Requests may be limited by applicable legal exceptions.

Children

We do not knowingly collect Personal Data from children under 13 (or under 16 in the EEA) without parental consent. If you believe we have collected such data, contact us to request deletion.

12. Right to Deletion & Exceptions

Subject to applicable legal exceptions, we will delete Personal Data upon a verified request. Exceptions include (but are not limited to) data necessary to:

• Complete a transaction or provide a contracted service;

• Detect/prevent security incidents, fraud, or misuse;

• Comply with legal obligations; or

• Maintain internal records for legitimate business purposes.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the revised policy on our site and/or sending an email to the primary email address on your account where required by law. Your continued use of CallVibe after changes are posted constitutes acceptance of the updated policy.

14. Contact Information

If you have questions, requests, or concerns about this Privacy Policy or your personal data, please contact us:

Call Vibe
1544 Sawdust Rd, Ste 270
The Woodlands, TX 77380
United States

Email (general & privacy requests): info@callvibe.ai
Phone: +1 832-791-2206

(For DPA, compliance, or to request an up-to-date list of subprocessors, please contact us at the same address or info@callvibe.ai.)

15. Governing Law

This Privacy Policy shall be governed by the laws set forth in the applicable agreement between you and CallVibe or, absent such an agreement, by applicable U.S. law and other laws as required by local regulation.