Privacy Policy

Effective Date: May 26, 2026. Last updated: May 26, 2026

DialCloud, Inc., a Delaware corporation (“DialCloud,” “we,” “us,” or “our”), is committed to protecting the privacy of everyone who visits our website at dialcloud.ai or uses our AI phone receptionist platform (collectively, the “Service”).

This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights available to you. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

Note on roles: DialCloud operates both as a data controller (for information about our own business customers and website visitors) and as a data processor (for end-caller data processed on behalf of our business customers). The relevant sections below distinguish which role applies.

1. Information We Collect

a. Account and Business Information

When you register for or use the Service, you provide:

  • Name, email address, and business phone number
  • Company name, business address, and industry type
  • Billing information (credit/debit card details, processed by Stripe; we do not store raw card numbers)
  • Google or Microsoft OAuth tokens (when you connect a calendar integration or use social sign-in)
  • Account credentials and password hash
  • Any additional information you voluntarily provide (e.g., business FAQs, service area, team member details)

b. Usage and Technical Data

When you visit our website or use the dashboard, we automatically collect:

  • IP address, browser type, and operating system
  • Pages viewed, features used, and time spent in the dashboard
  • Date and time of access, session duration, and referring URLs
  • Device identifiers and approximate geographic location (city/country level)
  • Cookie identifiers (see Section 10)

c. Call Data (Processed on Behalf of Business Customers)

As part of the AI phone answering service, we collect and process:

  • Caller phone numbers (provided by Twilio from the public telephone network)
  • Caller-provided information captured during the call (name, appointment details, service address, reason for calling)
  • Call recordings and AI-generated transcripts (when recording is enabled)
  • AI-generated call summaries and intent classifications
  • Call metadata (call duration, timestamps, call status, hold events)

This call data is collected and stored on behalf of the business customer who subscribes to DialCloud. The business customer is the data controller for their callers’ information; DialCloud acts as the data processor.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To operate the AI phone agent, route and record calls, book appointments, send SMS confirmations, and sync with connected calendars
  • Billing: To process subscription payments, generate invoices, and report usage to Stripe for metered billing
  • Communications: To send transactional emails (receipts, account notices, security alerts), trial-lifecycle emails, and product updates
  • Service improvement: To analyze aggregate, de-identified usage patterns and improve the platform, AI models, and user experience. We do not use your identifiable Customer Data to train models that benefit other customers without consent.
  • Security and fraud prevention: To detect, investigate, and prevent spam, abuse, unauthorized access, and other security threats
  • Legal compliance: To comply with applicable laws, regulations, and lawful governmental requests

3. Data Sharing and Sub-Processors

We do not sell your personal information. We share data only in the following circumstances:

Third-Party Sub-Processors

To provide the Service, we engage the following sub-processors, each bound by data-processing agreements that restrict their use of your data:

  • Twilio Inc. (San Francisco, CA): Phone number provisioning, inbound and outbound calling, SMS delivery. Call audio passes through Twilio infrastructure.
  • ElevenLabs, Inc. (New York, NY): AI voice synthesis, real-time conversational AI engine, and call transcription. Call recordings are stored on ElevenLabs servers.
  • Stripe, Inc. (South San Francisco, CA): Subscription billing, payment method storage, and invoice generation. Stripe stores payment card data under PCI-DSS compliance.
  • Resend (Resend, Inc.): Transactional email delivery (receipts, notifications, trial lifecycle emails).
  • Google LLC (Mountain View, CA): Google Calendar sync (appointment data) and optional Google Sign-In (OAuth tokens). Google processes data under the Google API Services User Data Policy.
  • Microsoft Corporation (Redmond, WA): Microsoft Calendar (Outlook/Microsoft 365) sync and optional Microsoft Sign-In (OAuth tokens).
  • Vercel Inc. / Amazon Web Services (AWS): Cloud hosting and infrastructure for the DialCloud platform and database.

Other Sharing

  • Legal requirements: We may disclose information if required by law, court order, subpoena, or governmental authority.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any material change in ownership or control.
  • With your consent: We may share your information for any other purpose with your explicit prior consent.

4. Call Recording Notice

All inbound calls handled through DialCloud are recorded and transcribed. The DialCloud AI agent plays the following disclosure at the start of every call:

“This call may be recorded for quality and training purposes.”

Call recordings are stored on ElevenLabs’ servers and are also accessible to the subscribing business customer through the DialCloud dashboard. Recordings are retained for 90 days by default (see Section 5). Business customers may request deletion of specific call recordings through the dashboard or by contacting [email protected]. End callers who wish to request deletion of their call recording should contact the business they called or reach us at [email protected].

The business customer (DialCloud subscriber) is responsible for ensuring their use of call recording complies with applicable federal, state, and local laws in their jurisdiction. For more information on call-recording consent requirements, see Section 7 of our Terms of Service.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer period is required by law:

  • Account data: retained for the duration of your active subscription and for 30 days after account deletion, during which you may request a data export.
  • Call recordings and transcripts: retained for 90 days by default. Business customers may configure a shorter retention period.
  • Billing records: retained for 7 years to comply with applicable tax and accounting regulations.
  • Usage and access logs: retained for 12 months for security and analytics purposes, after which they are aggregated and anonymized.
  • Appointment and contact records: retained for the duration of the business customer’s subscription and deleted within 30 days of account closure.

You may request early deletion of your data at any time (see Section 8 and Section 9 for how to exercise this right). We will process deletion requests within 30 days, subject to legal retention requirements.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS 1.3 or higher)
  • Encryption at rest (AES-256) for database and stored data
  • Role-based access controls limiting employee access to data on a need-to-know basis
  • Regular security reviews and vulnerability assessments

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

7. General Data-Subject Rights

Regardless of your jurisdiction, you may contact us to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (subject to legal retention obligations)
  • Port your data in a structured, machine-readable format
  • Restrict or object to certain processing activities

To exercise these rights, contact us at [email protected]. We will respond within 30 days. If you are a caller whose data was collected through a business that uses DialCloud, please contact that business directly or reach us and we will coordinate with the relevant business customer.

8. California Residents: CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights:

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, fraud prevention).
  • Right to Correct: You may request that we correct inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond the purposes permitted by the CPRA without consent.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a verifiable consumer request, contact us at [email protected]. We will respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent to submit requests on your behalf.

9. EEA and UK Residents: GDPR Rights

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following applies to our processing of your personal data:

Legal Bases for Processing

  • Contract: Processing necessary to perform our contract with you (e.g., providing the Service, billing)
  • Legitimate interests: Processing for fraud prevention, security, and product improvement, where our interests are not overridden by your rights
  • Legal obligation: Processing required by applicable law
  • Consent: Processing where you have given explicit consent (e.g., optional analytics cookies)

Your GDPR Rights

You have the right to: access your personal data, rectify inaccurate data, erase your data (“right to be forgotten”), restrict processing, receive your data in a portable format, object to processing based on legitimate interests, and withdraw consent where processing is based on consent.

You also have the right to lodge a complaint with your local data protection supervisory authority (e.g., the ICO in the UK, or the relevant national DPA in your EEA member state).

International Data Transfers

DialCloud is based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or other countries outside the EEA, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission. To request a copy of our SCCs or learn more about our transfer mechanisms, contact [email protected].

10. Cookies

We use cookies and similar technologies to operate the Service:

  • Session cookies: Required for authentication and maintaining your logged-in state. These cannot be disabled without breaking the Service.
  • Analytics cookies: Aggregate, anonymized usage data to help us understand how the platform is used. No cross-site tracking or behavioral advertising.

We do not use third-party advertising cookies or sell cookie-derived data. For detailed information, see our Cookie Policy.

11. Children’s Privacy

The Service is designed for use by businesses and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a child under 18, we will take prompt steps to delete it. If you believe we have collected such data, please contact [email protected].

12. Third-Party Links

Our website and dashboard may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by email or by posting a prominent notice in the dashboard at least 30 days before the change takes effect. The “Last updated” date at the top of this page will reflect the most recent revision. We encourage you to review this policy periodically.

14. Contact Us

For questions, data-subject requests, or privacy concerns, please contact us:

We will respond to all requests within 30 days.