← Home
Legal

Privacy Policy

Last updated: 17 May 2026

All Calls Done ("we", "us", or "our") operates the All Calls Done platform and embeddable AI widget service. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using our service you agree to the practices described here.

1. Information We Collect

  • Account data. When you sign up we collect your name, email address, and any profile information you provide through our authentication provider (Clerk).
  • Business configuration. We store the settings you enter for your AI agent — business name, services offered, operating hours, widget colours, and similar configuration.
  • Widget interaction data. When a visitor interacts with your embedded widget we collect the conversation transcript, the visitor's name and contact details they voluntarily submit (leads), and technical metadata such as IP address, browser type, and timestamp.
  • Voice call data. Voice sessions are processed in real-time via LiveKit WebRTC. We do not store raw audio. Transcripts generated during the call may be retained to power call summaries and analytics.
  • Knowledge base files. Files you upload to power your AI agent are stored securely in cloud object storage (Cloudflare R2) and indexed for retrieval-augmented generation.
  • Billing data. Subscription and payment information is handled by Polar.sh. We receive confirmation of subscription status but do not store full card details on our servers.
  • Usage and log data. We collect standard server logs including API request metadata, error traces, and performance metrics to operate and improve the service.

2. How We Use Your Information

  • To provision and operate your AI agent and widget.
  • To generate leads, call summaries, and analytics shown in your dashboard.
  • To send transactional emails (account confirmation, billing receipts, service alerts).
  • To integrate with third-party services you authorise — such as Google Calendar for appointment scheduling.
  • To detect, investigate, and prevent fraud, abuse, or security incidents.
  • To improve our models and product features using aggregated, de-identified data.

3. Sharing of Information

  • We do not sell your personal data.
  • Sub-processors. We share data with trusted service providers strictly to deliver the service: Clerk (authentication), Convex (database), LiveKit (WebRTC), Deepgram (speech-to-text), Cartesia (text-to-speech), Cerebras (LLM inference), Google (Calendar API, Gemini AI), Cloudflare (hosting, R2 storage), and Polar.sh (billing).
  • Legal requirements. We may disclose information if required by law, court order, or government authority.
  • Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction with appropriate notice.

4. Data Retention

  • Account and agent configuration data is retained for as long as your account is active.
  • Lead and call records are retained for 24 months by default. You may delete individual records from your dashboard at any time.
  • Knowledge base files are retained until you delete them from the dashboard.
  • On account deletion we purge your personal data within 30 days, except where retention is required by law.

5. Security

  • All data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted using AES-256.
  • Access to production systems is restricted to authorised personnel with MFA enforced.
  • We perform regular security reviews and promptly patch known vulnerabilities.
  • Despite these measures no system is perfectly secure. If you discover a vulnerability please contact us at support@allcallsdone.com.

6. Cookies and Tracking

  • We use strictly necessary cookies to maintain your authenticated session on the dashboard.
  • We do not currently use third-party advertising or tracking cookies.
  • The embeddable widget script sets no cookies on your visitors' browsers by default.

7. Your Rights

  • Depending on your jurisdiction you may have the right to access, correct, port, or delete your personal data.
  • To exercise any of these rights email us at support@allcallsdone.com. We will respond within 30 days.
  • If you are in the EEA or UK you may also lodge a complaint with your local data protection authority.

8. Children's Privacy

  • The service is not directed at children under 13. We do not knowingly collect personal data from children. If we become aware we have done so we will delete it promptly.

9. Changes to This Policy

  • We may update this policy from time to time. Material changes will be notified via email or an in-app banner at least 14 days before taking effect. The 'Last updated' date at the top of this page will always reflect the current version.

10. Contact

  • All Calls Done · support@allcallsdone.com
Terms of Use →