Privacy Policy
This is a documentation summary for reference. The full Privacy Policy is at botphonic.ai/privacy-policy (opens in a new tab).
What Data We Collect
Account Data
Information you provide when creating an account: name, email address, company name, phone number, and billing details.
Usage Data
Information about how you use the platform: features accessed, agents created, campaigns run, call volume, and session metadata (browser type, IP address, timestamps).
Call Data
Content of calls processed through the platform: call recordings, transcripts, AI-generated summaries, and captured variables. This data belongs to you and is processed on your behalf.
Contact Data
Contact lists and lead data you upload to the platform for outbound campaigns.
How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing the Service | All data categories |
| Billing and account management | Account data, usage data |
| Improving the platform | Anonymized usage and call data |
| Security and fraud prevention | Account data, usage data, IP addresses |
| Legal compliance | All data categories as required |
| Customer support | Account data, call data (with your permission) |
Data We Do Not Sell
Botphonic does not sell your personal data or your customers' data to third parties. We do not allow advertisers to access call recordings, transcripts, or contact lists.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your account + 30 days post-cancellation |
| Call recordings | 30 days (Starter), 90 days (Growth), Unlimited (Enterprise) |
| Transcripts | Same as recordings |
| Call logs and analytics | Same as recordings |
| Billing records | 7 years (for tax and legal compliance) |
| Audit logs | 90 days (Growth), Unlimited (Enterprise) |
You can delete call recordings and transcripts at any time from Learn → Call Logs.
Data Security
Botphonic employs multiple layers of security:
- Encryption in transit All data transmitted over TLS 1.2+
- Encryption at rest Call recordings and sensitive data encrypted using AES-256
- Access controls Role-based access; no Botphonic employee accesses your call data without your explicit request and consent
- Penetration testing Regular third-party penetration tests
- SOC-2 Type II Security audit in progress / completed (see Security & Compliance →)
GDPR
Botphonic complies with the General Data Protection Regulation (GDPR) for users in the European Economic Area:
- Lawful basis for processing: Contract performance and legitimate interests
- Data subject rights: Access, rectification, erasure, portability, restriction, and objection
- Data Processing Agreement (DPA): Available upon request for Enterprise customers
- Data transfers: Where data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs)
To exercise GDPR rights or request a DPA, contact: privacy@botphonic.ai
HIPAA
Botphonic offers a HIPAA-compliant infrastructure tier for healthcare customers on Enterprise plans, including:
- Business Associate Agreement (BAA)
- HIPAA-compliant data storage and encryption
- Access logging and audit trails
- Restricted data processing for PHI (Protected Health Information)
Contact sales (opens in a new tab) to enable HIPAA-compliant mode.
Cookies
Botphonic uses cookies on its website and platform for:
- Authentication (session management)
- Security (CSRF protection)
- Analytics (anonymized usage tracking via first-party analytics)
We do not use third-party advertising cookies.
Contact
For privacy questions, data requests, or to report a concern:
Email: privacy@botphonic.ai
Full Privacy Policy: botphonic.ai/privacy-policy (opens in a new tab)