Privacy Policy

This Privacy Policy explains how Kai Calls ("we", "us", or "our") collects, uses, and protects your information when you use our website and services.

1. Information We Collect

• Personal Information: Name, email, phone number, business info, and any info you provide via forms or chat.
• Usage Data: Pages visited, actions taken, device/browser info, IP address, and referral data.
• Cookies & Tracking: We use cookies and similar technologies for analytics, authentication, and improving your experience.

2. How We Use Your Information

• To provide, operate, and improve our services
• To communicate with you (support, updates, marketing if opted-in)
• To analyze usage and improve our platform
• To comply with legal obligations

3. Data Sharing & Third Parties

• We do not sell your personal data.
• We share data only with trusted service providers who help us operate the platform:

• Supabase — Database hosting and authentication
• Vapi & ElevenLabs — AI voice call processing and speech synthesis
• Twilio — Phone number provisioning and SMS delivery
• Resend — Transactional email delivery (appointment confirmations, notifications)
• Loops — Marketing and onboarding email communications
• Stripe — Payment processing (we never store your full card number)
• Google APIs — Calendar scheduling and email sending on your behalf (see Section 13)
• PostHog — Product analytics (anonymized usage data)

• Each provider processes data solely to deliver their service on our behalf and is bound by their own privacy policies.
• We may disclose info if required by law or to protect our rights.

4. Data Retention

• Account data (name, email, business info): Retained while your account is active and for 30 days after deletion request to allow recovery.
• Call recordings & transcripts: Retained for 90 days after creation, then automatically deleted unless required for legal compliance.
• Google Calendar data: Event data is accessed in real-time and cached temporarily (up to 24 hours) for scheduling. We do not permanently store copies of your calendar.
• Email data: Emails sent on your behalf are logged (recipient, subject, timestamp) for 12 months. Email content is not stored after delivery.
• Lead & CRM data: Retained while your account is active. Permanently deleted within 30 days of account closure.
• SMS consent records: Retained as required by TCPA compliance (minimum 5 years).
• Legal obligations: We may retain certain data longer if required by law, regulation, or legal proceedings.

5. Your Rights

• Access, update, or delete your personal info
• Opt out of marketing communications
• Request a copy of your data
• Contact us for any privacy-related requests

6. Security

We use industry-standard security measures to protect your data, but no system is 100% secure. Please use strong passwords and contact us if you suspect unauthorized access.

7. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect data from children under 13.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page.

9. Call Recording and Voice AI Disclosure

Our AI-powered voice services may record and transcribe phone calls for quality assurance, training, and service improvement purposes. By using our voice services or calling our AI assistants:

• Recording Notice: All calls handled by our AI assistants may be recorded. You will be notified at the beginning of each call.
• Transcription: Call audio may be transcribed to text for analysis and record-keeping.
• AI Processing: Call content may be processed by AI systems to improve service quality and provide better responses.
• Data Storage: Call recordings and transcriptions are stored securely and retained according to our data retention policies or as required by law.
• Opt-Out: If you do not wish to be recorded, you may request to speak with a human representative or end the call.

10. SMS & Text Messaging

KaiCalls may send SMS (text) messages to users and callers as part of our automated phone answering platform. This section describes how we collect, use, and protect information related to text messaging.

Types of Messages We Send

• Missed call notifications: A text letting you know we received your call and how to reach us.
• Appointment confirmations & reminders: Details about upcoming scheduled calls or meetings.
• Follow-up messages: Information related to your inquiry or the service you requested.
• Customer care messages: Support responses and account-related updates.

Message frequency varies. Typically 1–5 messages per month depending on your interaction with our services.

How We Collect SMS Consent

• Web forms: By checking the SMS consent checkbox on any KaiCalls contact, demo request, or intake form on kaicalls.com. The checkbox includes the language: "I agree to receive SMS messages from KaiCalls. Msg & data rates may apply. Reply STOP to opt out at any time."
• Verbal consent during recorded calls: By agreeing to receive text messages during a recorded phone call with one of our automated assistants.
• Text-initiated conversations: By texting our number first, you consent to receive a response and related follow-ups.

All consent is documented with the user's phone number and a timestamp for TCPA compliance.

Opting Out of SMS

You can stop receiving SMS messages at any time by replying STOP to any message, emailing support@kaicalls.com, or calling us. You will receive a final confirmation message and no further texts unless you opt in again. Reply HELP to any message for assistance.

SMS Data & Third-Party Providers

• SMS messages are sent via Twilio, our third-party messaging provider. Twilio processes phone numbers and message content solely to deliver messages on our behalf.
• We do not sell or share your phone number with third parties for marketing or promotional purposes.
• No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
• Phone numbers and SMS consent records are retained for as long as necessary for TCPA compliance and service delivery.
• Standard message and data rates from your mobile carrier may apply. KaiCalls does not charge for SMS messages.

For more details, see our full SMS Consent & Messaging Policy.

11. Your California Privacy Rights (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request disclosure of the personal information we collect, use, and share about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You may opt out of the sale of your personal information. Note: We do not sell personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, contact us at privacy@kaicalls.com.

12. European Users (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Legal Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations.
• Data Subject Rights: You have the right to access, rectify, erase, restrict processing, data portability, and object to processing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Lodge a Complaint: You may lodge a complaint with your local data protection authority.

13. Google API Services User Data Policy

Kai Calls' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google Services We Connect To

When you connect your Google account to Kai Calls, we request access to the following services based on the features you enable:

Google Calendar

Scope: calendar.events (read and write calendar events)

• What we access: Your calendar events and free/busy availability
• How we use it: Our AI voice agents check your real-time availability when a caller requests an appointment, then create a calendar event with the caller's details (name, phone, reason for visit)
• What we store: We cache availability data temporarily (up to 24 hours) for faster scheduling. Created event IDs are stored to enable rescheduling and cancellation. We do not permanently store copies of your existing calendar events.
• When it's accessed: Only during and immediately after phone calls when a caller requests an appointment

Gmail

Scope: gmail.send (send email only — we cannot read your inbox)

• What we access: The ability to send emails from your Gmail address. Email metadata and content for syncing lead communications.
• How we use it: Send follow-up emails to leads on your behalf (e.g., appointment confirmations, requested information, thank-you messages) and sync email communications to lead history
• What we store: We log email metadata (recipient address, subject line, timestamp, delivery status) for 12 months. We do not store the email body content after delivery.

Google Ads

• What we access: Local Services Ads leads and conversations
• How we use it: Import and unify leads from Google Local Services Ads into your Kai Calls dashboard for centralized lead management

Google Meet

• What we access: Meeting space creation only
• How we use it: Generate Google Meet video conference links to attach to appointments booked by the AI agent

Google Business Profile

• What we access: Reviews, ratings, posts, and business insights
• How we use it: Display and manage your Google reviews, respond to reviews, and track reputation metrics from your dashboard

Google Contacts

• What we access: Contact names, emails, and phone numbers
• How we use it: Bidirectional sync of leads between Kai Calls and Google Contacts so your leads are accessible on your phone

Google Drive

• What we access: Files created by Kai Calls only — we do not access your entire Drive
• How we use it: Store generated documents (proposals, contracts) in a dedicated Kai Calls folder in your Drive

Google Sheets

• What we access: Spreadsheet content for files you explicitly select
• How we use it: Import existing leads from Google Sheets and export lead data for reporting

User Info

Scopes: openid, email, profile

• What we access: Your email address, display name, and profile photo
• How we use it: Account identification and displaying your name/photo in the dashboard

Google Data Storage & Security

• All Google data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• OAuth tokens are stored in an encrypted vault (Supabase Vault) — we never store your Google password
• Multi-tenant isolation ensures businesses only access their own data
• Tokens are automatically refreshed; you can revoke access at any time

Google Data Sharing

• We do NOT sell, rent, or trade your Google data
• We do NOT use Google data for advertising, retargeting, or interest-based profiling
• We do NOT share Google data with third parties except as strictly necessary to deliver the features described above (e.g., Vapi processes calendar availability during a live call to book an appointment)
• We do NOT allow humans to read your Google data unless: (a) you give explicit written permission for support purposes, (b) it is necessary for security investigation or abuse prevention, (c) it is required by law, or (d) it is aggregated and anonymized so it cannot identify you
• We do NOT use Google data to determine creditworthiness or for lending purposes

Your Rights for Google Data

• Disconnect anytime: Revoke Kai Calls' access from Settings → Connections in your dashboard, or directly from your Google Account security settings
• Automatic cleanup: When you disconnect a Google service, all associated cached data and tokens are removed from our systems within 24 hours
• Data deletion: Request complete deletion of all Google-related data by emailing privacy@kaicalls.com. We will confirm deletion within 7 business days.
• Data export: Request a copy of all Google data we hold about you by emailing privacy@kaicalls.com

Limited Use Disclosure

Kai Calls' use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We limit our use of Google user data to providing and improving the user-facing features described above that are prominent in our application's user interface
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising
• We do not transfer Google user data to third parties unless: (a) it is necessary to provide or improve user-facing features prominent in our UI, (b) it is necessary for security purposes, (c) it is required to comply with applicable law, or (d) the user provides affirmative consent
• We do not allow humans to read Google user data except with the user's affirmative agreement, for security/abuse investigation, to comply with law, or when the data is aggregated and anonymized for internal operations

14. Contact Us

If you have questions or requests regarding this Privacy Policy, contact us at support@kaicalls.com or privacy@kaicalls.com.