Calleeon logo

Privacy Policy

Effective: October 23, 2025. Last updated: October 23, 2025.

1. Who We Are

This Privacy Policy explains how AIBZPRO LLC (“we,” “our,” or “Calleeon”) collects, uses, and protects personal data when delivering our AI-powered voice automation services and operating this website.

Registered Address: Georgia, Tbilisi, Saburtalo district, Bakhtrioni street, N 22, flat N75.
Identification Number: 405697946.

2. Scope

This policy applies to:

  • End-users interacting with our AI voice agents (calls, SMS, emails, or chat).
  • Website visitors submitting forms or booking demos.
  • Customers using our platform or API for management of AI agent calls.

3. Data We Collect

  • Direct information: name, phone number, email, business details, and consent preferences.
  • Communication content: call transcripts, audio recordings (where permitted by consent/law), and voice agent logs.
  • Technical metadata: IP address, device type, call duration, voice synthesis model used, and latency metrics.
  • Billing data: payment details, invoices, and taxes handled through authorized processors.

4. How We Use the Data

We process data to:

  • Deliver, route, and record AI-based calls and messages.
  • Train and optimize agent scripts, detection logic, and outcomes.
  • Provide reporting, analytics, and ROI insights.
  • Ensure system integrity, fraud prevention, and troubleshooting.
  • Comply with telecommunication, privacy, and anti-spam regulations.

5. Legal Basis for Processing

Depending on jurisdiction:

  • EU/UK GDPR: consent (Art. 6(1)(a)), contract performance (Art. 6(1)(b)), or legitimate interest (Art. 6(1)(f)).
  • PDPA (Singapore/Malaysia): implicit or express consent per PDPA provisions.
  • US: federal and state consent and marketing rules (TCPA, CCPA/CPRA).

6. Data Processors & Infrastructure Partners

We partner with secure, certified providers:

  • Vapi: AI call routing and dialog infrastructure (SOC 2-aligned).
  • Twilio: telephony APIs, call and SMS delivery (SOC 2, ISO 27001, PCI DSS).
  • ElevenLabs: voice synthesis and cloning infrastructure (enterprise-grade encryption and consent-based cloning).
  • Google Cloud / Vertex AI: LLM processing, model reasoning, and hosting (SOC 2, ISO 27001, ISO 27701).

All subprocessors operate under Data Processing Agreements with confidentiality, encryption, and breach-notification terms that meet GDPR Art. 28 requirements.

7. Call Recording & Consent

  • We record calls only when required for quality or user-requested reporting.
  • A spoken or written consent prompt is played where recording is legally restricted (e.g., two-party states or EU GDPR zones).
  • Clients are responsible for configuring local-compliant consent scripts.

8. International Data Transfers

Data may transit through secure servers in the US, EU, and Singapore depending on carrier routing. Transfers from the EU/UK follow Standard Contractual Clauses (SCCs). We uphold data minimization and anonymization wherever feasible.

9. Data Retention

  • Transcripts and analytics: 90 days (default)
  • Recordings: 30 days (unless extended by contract)
  • Account metadata: retained for the subscription term + 6 months.

Customers can request deletion or retention extension at any time.

10. Data Security

We implement controls informed by SOC 2, ISO 27001, and PCI DSS v4.0, including encryption at rest (AES-256), encryption in transit (TLS 1.2+), access reviews, logging & SIEM monitoring, secure SDLC, and breach response within 72 hours where required.

11. Your Rights

Depending on your jurisdiction, you have the right to access, rectify, delete, restrict, or port your data, and to withdraw consent or object to processing. To exercise these rights, contact privacy@calleeon.com.

12. Updates to this Policy

We may update this Policy to reflect changes in regulations or services. The latest version will always be accessible at calleeon.com/privacy.