Privacy Policy
Last updated: March 7, 2026 | Version 2.0
CallsForMe LLC, a Wyoming limited liability company (“CallsForMe,” “we,” “our,” or “us”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (callsforme.ai) or use our services.
This policy applies to: (a) Clients — businesses that subscribe to our platform; and (b) End Users — individuals whose information is processed through our platform on behalf of Clients (such as callers, contacts, or persons whose voices are cloned). If you are an End User whose information was processed by CallsForMe on behalf of one of our Clients, please also direct any questions to that Client, as they are the data controller for your personal information.
1. Information We Collect
Information You Provide
- Account Information: Name, email address, phone number, business name, business address, and industry provided during registration.
- Payment Information: Billing address and payment card details, processed exclusively by Stripe (our PCI-DSS-compliant payment processor). CallsForMe does not store full credit card numbers or CVVs.
- Contact Lists: Phone numbers, names, and other contact details uploaded by Clients for use in calling campaigns.
- Voice Samples: Voice recordings provided for AI voice cloning (collected only with explicit written consent via a signed Voice Cloning Consent Agreement).
- Support Communications: Messages you send us via email, chat, or our support portal.
Information Automatically Collected
- Usage Data: IP address, browser type, operating system, pages visited, referral source, session duration, and other standard web analytics.
- Call Data: Call recordings, transcripts, call metadata (duration, timestamps, phone numbers called or received), call outcome data, and AI-generated summaries.
- Voice and Biometric Data: Voice characteristics captured during call recordings, which may constitute biometric identifiers or biometric information under applicable state laws. See Section 4.
- Device Information: Device type, operating system, and browser when you access our web platform.
- Local Storage Data: Certain features of our website (including the voice consent flow) use your browser’s local storage for temporary session state. See Section 5.
Information from Third Parties
- Telephony metadata from our provider (Twilio), including caller ID data, call routing records, and call status information.
- Payment status and fraud signals from Stripe.
2. How We Use Your Information
We use the personal information we collect to:
- Provide, operate, and maintain our AI voice calling platform and related services.
- Process your transactions, manage your subscription, and send billing communications.
- Set up and operate your AI calling agent, including configuring outbound campaigns and inbound call routing.
- Generate call recordings, transcripts, and performance analytics for your review.
- Create and operate AI voice clones pursuant to signed consent agreements.
- Conduct quality assurance reviews of call handling.
- Send service-related notifications (system updates, security alerts, policy changes).
- Respond to your support requests and inquiries.
- Detect, investigate, and prevent fraud, abuse, TCPA violations, and other unauthorized activities.
- Comply with applicable laws, regulations, and legal process.
- Improve our products and services, including AI model performance, subject to Section 7.
We do not use your personal information for advertising to third parties, nor do we sell your personal information. See Section 3.
3. Data Sharing and Third-Party Processors
We do not sell your personal information to any third party. We do not share your personal information for cross-context behavioral advertising. We share data only as described below.
Sub-Processors
We engage the following third-party service providers (“sub-processors”) who process data on our behalf to deliver the services:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Vapi | Voice AI infrastructure — real-time voice agent management | Call audio streams, agent configuration | USA |
| ElevenLabs | AI voice synthesis & voice cloning | Voice samples (for cloning), text-to-speech requests | USA / EU |
| Twilio | Telephony — making and receiving calls | Phone numbers, call metadata, audio streams | USA |
| Stripe | Payment processing | Payment card data, billing address | USA |
| Supabase | Database and data storage | Account data, call records, transcripts, consent records | USA |
| Vercel | Web hosting and serverless functions | Web traffic, server-side processing | USA / Global CDN |
| Plausible Analytics | Privacy-focused website analytics (no cookies, no cross-site tracking) | Aggregated, anonymized page view data | EU (Germany) |
| Google Analytics (if enabled) | Website analytics | IP address (anonymized), page views, session data | USA |
Each sub-processor is bound by data processing agreements requiring them to process data only as directed by CallsForMe and consistent with applicable privacy law. We do not authorize sub-processors to use your personal data for their own independent marketing or product improvement purposes beyond what is specified in our agreements.
Regarding ElevenLabs and Voice Data: CallsForMe contracts with ElevenLabs to generate voice models from provided voice samples. Our agreement restricts ElevenLabs from using client voice samples to train its general-population AI models. However, we cannot independently verify ElevenLabs’s internal practices. If the use of your voice data by ElevenLabs beyond voice model generation is a concern to you, please contact us before submitting any voice sample.
Legal and Governmental Disclosure
We may disclose your information to law enforcement, regulators, courts, or other governmental authorities when required by law, subpoena, or valid legal process, or where we believe in good faith that disclosure is necessary to prevent harm, fraud, or illegal activity.
Business Transfers
In the event of a merger, acquisition, reorganization, or sale of substantially all assets, your information may be transferred to the successor entity. We will notify you of any such transfer and any applicable changes to this policy.
With Your Consent
We may share information with third parties when you have explicitly consented to such sharing.
4. Biometric and Voice Data
Our services involve the processing of voice recordings and voice synthesis, which may be considered biometric identifiers or biometric information under applicable state laws, including:
- Illinois Biometric Information Privacy Act (BIPA) — 740 ILCS 14/1 et seq.
- Washington My Health My Data Act (MHMDA)
- Texas Capture or Use of Biometric Identifier Act (CUBI)
- California CPRA — which classifies certain voice data as sensitive personal information
We collect and process voice data solely to provide our services to Clients. Our practices with respect to biometric data:
- Purpose limitation: Voice data is collected only for the specific purpose of operating AI calling agents and, where consented to, creating custom voice clones. We do not collect biometric data for any other purpose.
- No sale: We do not sell, trade, lease, or profit from biometric data.
- Written consent for cloning: Voice cloning requires a separate, explicit, signed Voice Cloning Consent Agreement before any cloning is performed.
- Security: Voice data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Retention and deletion: Raw voice recording samples submitted for cloning are deleted within 30 days of model generation. Synthesized voice models are retained for the subscription term plus 30 days, then permanently deleted. Call recordings are retained for 90 days. See Section 11 for full retention schedule.
- Deletion requests: You may request deletion of biometric data at any time by contacting privacy@callsforme.ai.
A publicly available Biometric Data Retention and Destruction Policy is available upon request by emailing privacy@callsforme.ai (required for BIPA compliance for operations involving Illinois residents).
5. Cookies, Local Storage, and Tracking
Analytics
We use Plausible Analytics for website traffic measurement. Plausible is a privacy-first analytics tool that does not use cookies, does not track you across websites, and does not collect personally identifiable information. It is fully compliant with GDPR, CCPA, and PECR without requiring a cookie consent banner. If Google Analytics is enabled on any part of our site, it is configured with IP anonymization.
Browser Local Storage
Our website uses your browser’s local storage (distinct from cookies) for certain functionality, including temporary session state during the voice consent and onboarding flows. Unlike cookies, local storage data is not automatically sent to our servers — it stays in your browser unless you clear it. Local storage is not used for tracking, profiling, or advertising purposes. You can clear local storage data via your browser settings (Settings → Privacy → Clear Browsing Data → Cached Images and Files, or the equivalent in your browser).
Third-Party Scripts
We load scripts from the following third-party domains which may set their own cookies or use local storage:
- Stripe — for secure payment processing (uses cookies for fraud prevention)
- Google Fonts — for typography rendering (no personal data collected by us)
- Plausible.io — cookieless analytics
Your Cookie Choices
You may control cookie preferences through your browser settings. Note that disabling certain cookies (e.g., Stripe’s fraud prevention cookies) may impact checkout functionality. Clearing local storage will not affect your account but may require you to re-complete certain in-browser flows (such as voice upload tracking).
6. CallScore and Mystery Shopping Data
Our CallScore service conducts AI-powered evaluation calls (“mystery shopping calls”) to assess how a business handles inbound calls. These calls collect the following categories of information:
- Call recordings and transcripts of the evaluation call.
- Behavioral scoring data — up to 85 performance signals per call (e.g., response time, hold behavior, script adherence, upsell attempts).
- Agent performance metrics and comparative scores against industry benchmarks.
- Call outcome data (e.g., whether an appointment was booked, lead qualification outcome).
CallScore data is collected on behalf of the subscribing Client for their own internal quality improvement purposes. CallsForMe may use aggregated, anonymized CallScore data to develop industry benchmarks, provided that no individual business or agent is identifiable from such data. CallScore recordings and reports are retained for 90 days unless the Client requests longer retention in writing.
7. AI Training and Model Improvement
We are transparent about how we use data to improve our AI systems:
- What we may use: Aggregated, anonymized performance data from call interactions (such as which AI responses led to positive outcomes) may be used to improve CallsForMe’s own AI models and agent configurations.
- What we do NOT do: We do not use your call recordings, transcripts, or voice samples to train general-purpose AI models. We do not share your recordings with any AI training data market or data broker.
- Voice cloning data: Voice samples submitted for cloning are processed solely to create your specific voice model and are deleted after model generation. They are not used to train a general voice synthesis model.
- Opt-out: Clients may opt out of having their call data used for AI improvement purposes by emailing privacy@callsforme.ai with the subject line “AI Training Opt-Out.” Opting out does not affect service delivery.
8. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit: All data transmitted to and from our platform uses TLS 1.2 or higher.
- Encryption at rest: All stored data, including call recordings, transcripts, and voice models, is encrypted at rest using AES-256.
- Access controls: Role-based access controls and row-level security at the database layer limit who can access your data internally.
- Incident response: We maintain an incident response plan and will notify affected Clients of any confirmed data breach within the timeframes required by applicable law.
No method of transmission or storage is 100% secure. While we strive to protect your information using commercially reasonable measures, we cannot guarantee absolute security.
9. Your Rights
Subject to applicable law, you have the following rights with respect to your personal information:
- Right to Access: Request a copy of the personal information we hold about you.
- Right to Correct: Request correction of inaccurate or incomplete information.
- Right to Delete: Request deletion of your personal information, subject to certain legal retention requirements.
- Right to Data Portability: Request your personal information in a structured, machine-readable format.
- Right to Withdraw Consent: Where processing is based on consent (such as voice cloning), you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, email us at privacy@callsforme.ai. We will acknowledge receipt within 5 business days and respond to verified requests within 45 days. If we need additional time (up to an additional 45 days for complex requests), we will notify you in writing before the initial 45-day period expires.
We may need to verify your identity before processing certain requests. We will not discriminate against you for exercising your privacy rights.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:
- Right to Know (Cal. Civ. Code § 1798.100): You may request that we disclose the categories and specific pieces of personal information collected about you, the sources of collection, the business or commercial purposes for collection, and the categories of third parties with whom we share it.
- Right to Delete (Cal. Civ. Code § 1798.105): You may request deletion of personal information we have collected about you, subject to legal exceptions (e.g., information needed to complete a transaction, comply with law, or detect security incidents).
- Right to Correct (Cal. Civ. Code § 1798.106): You may request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing (Cal. Civ. Code § 1798.120): We do not sell or share your personal information for cross-context behavioral advertising. You do not need to take any action to opt out. If our practices change, we will update this policy and provide appropriate opt-out mechanisms.
- Right to Limit Use of Sensitive Personal Information (Cal. Civ. Code § 1798.121): You have the right to direct us to limit our use and disclosure of your sensitive personal information — which includes voice data, precise geolocation, account login credentials, and other categories defined by the CPRA — to uses necessary to perform the services you have requested or as otherwise permitted by the CPRA. To exercise this right, contact us at privacy@callsforme.ai with the subject line “Limit Use of Sensitive PI.” Note: Limiting use of sensitive PI such as voice data may affect our ability to provide voice cloning features.
- Right to Non-Discrimination (Cal. Civ. Code § 1798.125): We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your rights.
Categories of Personal Information We Collect (CCPA)
- Identifiers (name, email, phone number, IP address, account ID)
- Commercial information (subscription plan, billing records, transaction history)
- Audio and electronic data (call recordings, voice data, transcripts)
- Biometric information (voice characteristics, voice models — sensitive personal information under CPRA)
- Internet and network activity (website usage, page views, session data)
- Geolocation data (approximate, derived from IP address)
- Professional and employment information (business name, industry, role)
- Inferences (AI-generated call performance scores and analytics)
How to Submit a California Rights Request
Email privacy@callsforme.ai or write to: CallsForMe LLC, 32565 Golden Lantern St, Ste B #4040, Dana Point, CA 92629. We will respond to verifiable requests within 45 days (extendable by an additional 45 days with notice).
11. Data Retention
| Data Category | Retention Period | Deletion Method |
|---|---|---|
| Call recordings | 90 days (extendable on written request) | Automated deletion; client dashboard export available |
| Call transcripts and metadata | 90 days (extendable on written request) | Automated deletion |
| Raw voice recordings (pre-cloning) | Up to 30 days after model generation, then deleted | Automatic upon model completion |
| AI voice cloning models | Duration of subscription + 30 days | Deleted 30 days after account closure or consent revocation (whichever first) |
| Account and profile data | Duration of subscription + 12 months | Deleted upon written request or 12 months post-closure |
| Payment records | 7 years (as required by law) | Retained per IRS/legal requirements; PCI data deleted by Stripe |
| Voice consent records | Duration of subscription + 5 years | Required for legal defense; request deletion after account closure |
| Contact lists (uploaded by Clients) | Duration of subscription + 30 days | Deleted 30 days after account closure |
| CallScore recordings and reports | 90 days | Automated deletion; export available |
| Support communications | 3 years | Deleted upon request or 3 years from last contact |
You may request early deletion of your data at any time by contacting privacy@callsforme.ai, subject to our legal retention obligations.
12. International Users
CallsForMe is operated in the United States and is designed for use by U.S.-based businesses. Our servers and primary data infrastructure are located in the United States. If you are accessing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.
We do not currently target or market our services to individuals or businesses in the European Union or European Economic Area. If you are located in the EU/EEA, you should not use our services unless you are doing so expressly on behalf of a U.S.-based business entity, and you acknowledge that your data will be processed in the United States without the protections afforded by EU data protection law (including the GDPR) that would apply to an EU-based processing operation.
For questions about cross-border data transfer, contact privacy@callsforme.ai.
13. Call Compliance and Recording Consent
All calls handled through our platform comply with applicable federal and state laws, including the Telephone Consumer Protection Act (47 U.S.C. § 227) and the FCC’s February 2024 Declaratory Ruling on AI-generated voices. Outbound AI-generated calls disclose their automated nature at the start of each call. The inbound AI receptionist is designed to identify itself as AI-powered when directly asked by a caller.
Clients are responsible for complying with applicable call recording consent laws in their jurisdiction. In two-party consent states (including California, Florida, Illinois, Maryland, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington), all parties to a recorded conversation must consent to the recording. CallsForMe’s call recording operates at the platform level; Clients are responsible for ensuring their callers receive appropriate notice.
CallsForMe does not represent itself as a HIPAA-covered entity or business associate. Healthcare clients with compliance requirements should contact us before use to determine suitability. Our services are not designed for processing protected health information (PHI) as defined by HIPAA.
14. Children’s Privacy
Our services are not directed to or intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us at privacy@callsforme.ai and we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. For material changes (those that significantly affect how we use or share your data), we will notify you by email and by posting a prominent notice on our website at least 30 days before the changes take effect. For non-material changes, we will update the “Last updated” date at the top of this policy. Your continued use of our services after the effective date of any update constitutes your acceptance of the revised policy.
16. Contact Us
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have a concern about how we handle your data, please contact us:
- Email: privacy@callsforme.ai
- Phone: (844) 643-9225
- Mail: CallsForMe LLC, 32565 Golden Lantern St, Ste B #4040, Dana Point, CA 92629
We will acknowledge receipt of privacy rights requests within 5 business days and respond within 45 days.