Your calls, your customers, your data.
When you put a phone number in our hands, you're trusting us with the lifeblood of your business. Here's exactly what we do with it — in plain English, no security-marketing fluff.
Other businesses can't see your calls, leads, or recordings. Period.
Every text and outbound call checks consent first. STOP works the second it's sent.
Anything Kai can't handle becomes a text on your phone — never a silent miss.
What we promise
The four things you should care about most.
If you're going to hand your phone over to an AI, these are the questions that should be answered before you sign up.
Your customers stay your customers.
Your call history, transcripts, and lead list belong to you. Nobody at another business — and nobody at KaiCalls without a real reason — can browse what came through your number.
We don't share logins with anyone.
Connections to your calendar, email, or CRM use keys that only work for your business. If you fire us tomorrow, you cut those keys and we're done.
Kai won't blast your customers.
Outbound calls and texts respect Do Not Call rules, opt-outs, and quiet hours. A 'STOP' reply ends messages instantly. You won't wake up to a TCPA complaint because we got cute with automation.
If something breaks, you find out first.
If Kai can't take a call or finish one, you get a text immediately. No silent failures, no leads quietly disappearing into a log file you'll never read.
The specifics
What's actually happening behind your number.
Six concrete things that protect your business, written for the owner, not the IT department.
Your data is locked to your business.
Every login, every API call, and every report is checked against your business before it loads. Other customers can't see your numbers and you can't see theirs — even accidentally.
We verify who's talking to us.
When Twilio or your CRM sends us an update, we check it's really them before we act. Nobody can fake a call, a lead, or a text into your account.
Texts and calls follow the rules.
We check consent and opt-out status before every outbound message. Quiet hours, A2P registration, STOP replies — all enforced automatically so you stay on the right side of TCPA.
Every call has a backup plan.
If Kai can't finish a call, she transfers, texts you, takes voicemail, or schedules a callback. See the full breakdown on the fallback page.
You decide what we keep.
Recordings, transcripts, and lead data have a clear retention path. Ask us to delete something and we delete it. Close your account and your data leaves with you.
Old connections get cleaned up.
Switching CRMs? Replacing your calendar? We deactivate the old keys and routes so a forgotten integration doesn't become a back door six months later.
Law firms & healthcare
Built to handle regulated, confidential calls.
If you run a law firm or a practice that touches PHI, here's the data-handling and confidentiality posture your compliance person will ask about.
We'll sign a BAA on request.
If you handle protected health information, we'll put a Business Associate Agreement (BAA) in place before you go live. Email legal@kaicalls.com or ask in onboarding and we'll get it signed.
Attorney–client and patient calls stay confidential.
Transcripts and recordings of privileged or sensitive calls are tenant-isolated to your business, never used to train shared models, and never shared with other customers. Access is logged.
Clear data-handling path.
Calls are encrypted in transit. Recordings, transcripts, and lead data follow a defined retention window you control, and we can purge a record — or your whole account — on request.
Where your data goes
The life of a call, end to end.
No diagrams or jargon — just what happens to the information from the moment a call connects to the day you ask us to delete it.
A call comes in.
Calls are carried over your business phone number and answered by your AI agent. Audio is processed to power the conversation, and calls are encrypted in transit.
We keep only what's useful to you.
The call record, transcript, summary, and any lead details are stored against your business so you can review them in the dashboard, your CRM, or via the API. Nothing is shared with another customer.
Integrations use scoped keys.
Calendar, email, and CRM connections use credentials that only work for your business. We use trusted infrastructure and communication providers to deliver calls, texts, and email — each handling only what's needed to do its job.
You can ask us to delete it.
Recordings, transcripts, and lead data follow a retention path you control. Ask us to delete a specific record, or close your account, and the data leaves with you.
FAQ
The questions we get before businesses sign up.
If something you need isn't here, ask — a real person answers.
Who can see my calls, transcripts, and leads?+
You can. Your data is isolated to your business — every login, API call, and report is checked against your business before it loads, so no other customer can see your information. Nobody at KaiCalls browses your data without a real reason, and access is logged.
Is my data encrypted?+
Calls are encrypted in transit. Recordings, transcripts, and lead data are stored against your business and follow a defined retention path you control.
Do you use my calls to train AI models?+
Transcripts and recordings of your calls are tenant-isolated to your business and are not used to train models shared with other customers. For privileged or sensitive calls — attorney–client, patient — this isolation and confidentiality is the default.
Will you sign a BAA for HIPAA?+
Yes. If you handle protected health information, we'll put a Business Associate Agreement in place before you go live. Email legal@kaicalls.com or ask during onboarding and we'll get it signed.
Are you SOC 2 or HIPAA certified?+
We don't claim certifications we haven't earned. If you need our current security and compliance posture in writing for a vendor review, email us and we'll tell you exactly where we stand and share what your IT team needs to evaluate us.
What third parties touch my data?+
We use a small set of trusted infrastructure, telephony, and AI providers to run the phone system, each receiving only the data it needs. We can share the current list of subprocessors for a vendor-security review on request.
How do you handle outbound texts and calls?+
Every outbound message checks consent and opt-out status first. Quiet hours, A2P registration, and STOP replies are enforced automatically, so you stay on the right side of TCPA and Do Not Call rules.
What happens to my data if I cancel?+
Your data belongs to you. When you close your account, your data leaves with you, and we deactivate the integration keys and routes connected to your business.
Honest notes
A few things we want to be upfront about.
Most trust pages oversell. Here's where we stop and tell you what we're not.
- We don't claim certifications we haven't earned. If you need SOC 2 or HIPAA in writing, ask us — we'll tell you exactly where we are.
- If you run a doctor's office, law firm, or anything else regulated, loop in your own compliance person before going live. We'll help your IT team with whatever they need to check.
- Security is about what actually happens day-to-day. We'd rather show you the controls than wave around a badge.