Privacy Policy
Effective Date: March 3, 2026
Calltide LLC ("Calltide," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Calltide platform, visit our website at calltide.app, or interact with our AI receptionist service.
This policy applies to: (a) business owners and employees who subscribe to and use the Calltide platform ("Clients"); and (b) individuals who call a business phone number serviced by Calltide ("Callers").
1. Information We Collect
1.1 Information from Clients (Business Owners)
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, phone number, business name, business address | Account creation, authentication, communication |
| Business Configuration | Business hours, service types, pricing catalog, employee schedules, custom AI greetings | Configuring the AI receptionist |
| Payment Information | Credit/debit card details (processed and stored by Stripe, Inc. — we do not store card numbers) | Billing and subscription management |
| Usage Data | Dashboard activity, feature usage, login timestamps, IP addresses | Service improvement, security, analytics |
| Support Communications | Emails, feedback submissions, support tickets | Customer support, product improvement |
1.2 Information from Callers
| Category | Examples | Purpose |
|---|---|---|
| Call Audio | Voice recordings of calls with the AI receptionist | Providing the AI receptionist service, generating transcripts |
| Call Transcripts | AI-generated text transcriptions of calls | Call summaries, sentiment analysis, quality assurance |
| Caller Information | Phone number, name (if provided), service requested, appointment details | Booking appointments, message delivery, CRM |
| SMS Data | Text messages sent to/from the business phone number, opt-in/opt-out status | Appointment confirmations, notifications, compliance |
1.3 Information Collected Automatically
• Device and Browser Data: Browser type, operating system, device type, screen resolution (for website visitors and dashboard users).
• Log Data: Server logs including IP addresses, access times, pages viewed, and referring URLs.
• Cookies: We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.
2. How We Use Information
We use personal information for the following purposes:
• Providing the Service: Answering calls, booking appointments, sending SMS notifications, generating transcripts and summaries, managing the client dashboard.
• AI Processing: Our AI receptionist processes call audio in real-time to understand caller intent, detect language (English/Spanish), identify emergencies, and generate responses. Post-call, we use AI to generate call summaries, sentiment analysis, and lead qualification scores.
• Billing: Processing payments, managing subscriptions, sending invoices, and handling payment recovery.
• Communication: Sending transactional emails (account confirmations, billing notifications, trial reminders), responding to support requests, and delivering product updates.
• Security: Detecting and preventing fraud, unauthorized access, and abuse.
• Compliance: Fulfilling legal obligations including TCPA consent management, GDPR/CCPA data subject requests, and record-keeping requirements.
• Product Improvement: Analyzing aggregated, anonymized usage data to improve the AI receptionist, dashboard features, and overall service quality. We do not use individual call recordings to train AI models.
3. How We Share Information
We share personal information only in the following circumstances:
3.1 Service Providers (Sub-Processors)
We use third-party service providers to operate the platform. Each processes data only as necessary to provide their service. See our Sub-Processor List for the current list.
| Provider | Purpose | Data Accessed |
|---|---|---|
| Twilio | Phone call routing, SMS delivery | Phone numbers, call metadata, SMS content |
| Hume AI | Voice AI processing | Call audio, voice data |
| Anthropic (Claude) | Call summaries, AI agents | Transcript text, conversation context |
| Turso | Database hosting | All structured data |
| Vercel | Application hosting | Request logs, IP addresses |
| Resend | Email delivery | Email addresses, email content |
| Stripe | Payment processing | Payment details, billing information |
| Sentry | Error monitoring | Error logs (no PII by design) |
3.2 To Your Business (Client-Caller Relationship)
Call recordings, transcripts, caller information, and booking details are made available to the Client whose business number was called. The Client is the data controller for their customers' data; Calltide acts as a data processor.
3.3 Legal Requirements
We may disclose information when required by law, subpoena, court order, or government request, or when necessary to protect our rights, safety, or property.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity.
We do not sell personal information. We do not share personal information with third parties for their marketing purposes.
4. Data Retention
| Data Type | Retention Period | Basis |
|---|---|---|
| Call recordings and transcripts | 12 months from call date | Service delivery, quality assurance |
| Call metadata (duration, outcome, sentiment) | 24 months from call date | Analytics, service improvement |
| SMS content | 6 months from message date | Compliance, dispute resolution |
| Consent records (TCPA, TOS acceptance) | 7 years | Legal compliance |
| Account and billing data | Duration of account + 30 days | Service delivery, billing |
| Server logs | 90 days | Security, debugging |
After the retention period expires, data is automatically and permanently deleted. Upon account cancellation, we retain data for 30 days to allow for data export, then delete it permanently.
5. Your Rights
5.1 All Users
You have the right to:
• Access the personal information we hold about you.
• Correct inaccurate personal information.
• Delete your personal information (subject to legal retention requirements).
• Export your data in a portable format.
• Opt out of SMS communications by texting STOP to any Calltide number.
5.2 California Residents (CCPA/CPRA)
In addition to the rights above, California residents have the right to:
• Know what personal information is collected, used, shared, or sold.
• Opt out of the sale or sharing of personal information. (Note: Calltide does not sell personal information.)
• Limit use of sensitive personal information.
• Non-discrimination for exercising your privacy rights.
5.3 EU/EEA Residents (GDPR)
If you are located in the EU/EEA, you have additional rights including:
• Right to restriction of processing.
• Right to object to processing based on legitimate interests.
• Right to data portability in a machine-readable format.
• Right to lodge a complaint with your local data protection authority.
Our lawful bases for processing include: performance of a contract (providing the Service), legitimate interests (security, product improvement), consent (marketing communications), and legal obligations (compliance, record-keeping).
5.4 How to Exercise Your Rights
Submit a data subject access request by emailing privacy@calltide.app or through the compliance section of your dashboard. We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA). Clients can also submit requests on behalf of their callers through the admin portal's DSAR handling system.
6. Security
We implement technical and organizational measures to protect personal information, including:
• Encryption in transit (TLS 1.2+) for all data transmission.
• Database encryption at rest.
• Passwordless authentication (magic links) to eliminate password-based attacks.
• Role-based access controls separating client and admin access.
• Rate limiting on all API endpoints.
• Input validation and prompt injection protection on AI systems.
• Automated error monitoring via Sentry.
• Regular security audits.
No system is 100% secure. If we become aware of a security breach affecting your personal information, we will notify you and applicable authorities in accordance with legal requirements (within 72 hours for GDPR-covered data).
7. Children's Privacy
Calltide is a business-to-business service. We do not knowingly collect personal information from children under 13 (or 16 in the EU). If we learn we have collected such information, we will delete it promptly.
8. International Data Transfers
Calltide is based in the United States. All data processing occurs within the United States through U.S.-based service providers. If you are accessing the Service from outside the United States, your data will be transferred to and processed in the United States.
For EU/EEA users, transfers are conducted under Standard Contractual Clauses (SCCs) as described in our Data Processing Agreement.
9. Cookies and Tracking
We use only essential cookies necessary for authentication and session management. We do not use:
• Advertising or targeting cookies
• Third-party analytics trackers
• Social media tracking pixels
• Cross-site tracking of any kind
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email and/or a notice on the dashboard at least 30 days before taking effect. The "Effective Date" at the top reflects the latest version.
11. Contact Us
For privacy questions, data requests, or concerns:
Calltide LLC
Privacy inquiries: privacy@calltide.app
General support: support@calltide.app
Phone: (830) 521-7133