Legal
Privacy Policy
- Who we are
- What we collect
- Call recording & transcription
- Why we collect it
- Legal bases
- Subprocessors & sharing
- Retention
- Security
- Your rights
- Cookies & sessions
- Children's privacy
- Changes to this policy
- Contact us
1. Who we are
CallOrb is an AI voice receptionist service that answers phone and web calls on behalf of business customers ("Customers," "you," if you are a business using CallOrb), operated by CallOrb, a product of Deebits ("CallOrb," "we," "us," "our"). This policy also describes how we handle information belonging to callers who interact with a Customer's CallOrb assistant ("Callers," "you," if you are calling a business that uses CallOrb).
This policy applies to the CallOrb website, the onboarding and dashboard application, and the voice/call experience served from our hosted call pages and website widgets.
2. What we collect
We collect different categories of information depending on whether you are a Customer running an assistant or a Caller talking to one.
From Customers (account data)
- Account and contact information: name, business name, email, phone number, password (hashed).
- Business configuration: services, prices, hours, greeting, fact sheet content, branding, and other assistant settings you provide.
- Billing information, processed by our payment processor (we do not store full card numbers).
- Notification preferences and destinations (email address, WhatsApp/SMS number, Telegram handle) used to deliver lead summaries.
- Usage data: call volume, minutes used, login activity, device/browser metadata, and diagnostic logs.
From Callers (caller & conversation data)
- Caller audio captured through the microphone during a call with an CallOrb assistant.
- Transcripts of the conversation, generated automatically from that audio.
- Lead data extracted from the conversation — for example name, callback number, and the reason for the call ("intent") — which is shared with the Customer.
- Technical metadata about the call: timestamps, duration, approximate connection/network information, and device/browser type.
Cookies & session data
We use strictly necessary cookies or local storage to keep you logged into the dashboard and to maintain a call session. See Cookies & sessions below.
3. How call recording & transcription works
When a Caller starts a call with an CallOrb assistant, the microphone audio is streamed in real time to our backend and to our AI subprocessor (see Subprocessors) to generate a spoken response. As part of this process:
- Audio is transcribed into text so the AI can understand the request and so a written record is available to the Customer.
- Depending on the Customer's plan and configuration, the audio and/or transcript may be stored to produce the call summary, populate the Customer's lead dashboard, and improve reliability (e.g., debugging failed calls).
- A short notice is shown to Callers before or as the microphone activates, disclosing that they are speaking with an AI, that the call is transcribed, and that continuing constitutes consent to that transcription — see the notice on the call page itself.
- Where local law requires two-party/all-party consent to record a call, Customers are responsible for ensuring the greeting and/or this notice satisfies that requirement for their jurisdiction and, where required, for obtaining additional consent.
4. Why we collect it
- To operate the AI receptionist: understand the Caller's request and generate a relevant spoken response.
- To extract and deliver lead information (name, phone, intent) to the Customer by email, SMS/WhatsApp, or other configured channel.
- To provide the Customer a dashboard of calls, transcripts, and leads.
- To bill Customers based on plan and usage (e.g., answered minutes).
- To maintain, secure, debug, and improve the service, including detecting abuse and technical issues.
- To communicate with Customers about their account, billing, and service updates.
- To comply with legal obligations and enforce our Terms of Service.
5. Legal bases for processing
Where applicable data protection law requires a legal basis (for example under PIPEDA in Canada or comparable frameworks), we rely on:
- Contract — processing Customer account data and Caller conversation data is necessary to provide the service the Customer has signed up for.
- Consent — Callers are notified that the call is with an AI and is transcribed, and continuing the call constitutes consent to that processing; Customers may also rely on this notice to help satisfy call-recording consent obligations in their jurisdiction.
- Legitimate interests — for security, fraud prevention, service improvement, and analytics, balanced against individual privacy interests.
- Legal obligation — where we must retain or disclose information to comply with law.
6. Subprocessors & sharing
We share information with a limited set of service providers ("subprocessors") who process it on our behalf, strictly to deliver the CallOrb service. We do not sell personal information.
| Subprocessor | Purpose | Data involved |
|---|---|---|
| Google (Gemini API) | AI model that understands Caller speech and generates the assistant's spoken/text responses | Caller audio, transcript text |
| Resend | Transactional email delivery (lead summaries, account notifications) | Customer email, lead summary content |
| Twilio | SMS/voice delivery for lead notifications and, in phase 2, inbound phone calling | Customer phone number, lead summary content, call audio (phase 2) |
| Telegram | Optional lead notification channel, if configured by the Customer | Lead summary content |
| Hosting & database provider | Application hosting, data storage, and infrastructure | All account, call, transcript, and lead data described above |
| Payment processor | Billing and subscription management | Billing contact info and payment details (not stored by us) |
We may also disclose information: (a) to comply with a legal obligation, court order, or governmental request; (b) to protect the rights, property, or safety of CallOrb, our Customers, or the public; or (c) in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.
7. Retention
- Customer account data is retained for as long as the account is active, and for a limited period after closure for legal, billing, and dispute-resolution purposes.
- Call audio is retained only as long as needed to generate the transcript and summary, and — where the Customer's plan stores recordings — for the retention period configured on that plan, after which it is deleted or anonymized.
- Transcripts and lead data are retained for the life of the Customer account so the Customer can access their call history, unless the Customer deletes them earlier or requests deletion.
- We will delete or anonymize personal information upon a valid deletion request (see Your rights), except where we must retain it to comply with law, resolve disputes, or enforce agreements.
8. Security
We use industry-standard safeguards — including encryption in transit, access controls, and hashed credentials — to protect the information we hold. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Your rights
Depending on your location, you may have the right to access, correct, export, or delete the personal information we hold about you, to object to or restrict certain processing, and to withdraw consent where processing is based on consent.
- Customers can access and export most account, call, and lead data directly from the dashboard, and can request full account deletion.
- Callers who wish to access, correct, or delete a transcript or lead record associated with a specific call should contact the business they called, or contact us directly and we will coordinate with the relevant Customer.
To exercise any of these rights, email hello@deebits.com. We will respond within a reasonable time and in accordance with applicable law.
10. Cookies & session data
We use strictly necessary cookies/local storage for authentication (keeping Customers logged into the dashboard) and to maintain an active call session (e.g., a session identifier used to connect the browser to our voice backend). We do not currently use third-party advertising or cross-site tracking cookies. If that changes, this policy will be updated.
11. Children's privacy
CallOrb is intended for business use and is not directed at children. We do not knowingly collect personal information from children under 13 (or the relevant minimum age in your jurisdiction). If you believe a child has provided us with personal information, contact us and we will take appropriate action.
12. International data transfers
We and our subprocessors may process and store information in Canada, the United States, or other countries where our providers operate. Where required, we rely on appropriate safeguards for cross-border transfers.
13. Changes to this policy
We may update this policy as our service, subprocessors, or legal obligations change. Material changes will be reflected by updating the "Last updated" date above, and where appropriate, by additional notice to Customers.
14. Contact us
Questions about this policy or how we handle your information can be sent to hello@deebits.com.