Legal

Privacy Policy

Last updated: June 17, 2026

1. Scope and Relationship to Customers

At VirtualCall.AI, we provide developer-first conversational voice agent infrastructure. This Privacy Policy describes how we collect, use, and share personal data. For purposes of this policy:

  • "Customer" refers to the business, organization, or developer utilizing VirtualCall.AI APIs, SDKs, or dashboard to construct voice experiences.
  • "End-User" refers to any individual who interacts with a telephone number, SIP trunk, web application, or custom voice agent powered by VirtualCall.AI.

Under applicable data protection laws (such as GDPR), VirtualCall.AI acts as a Data Controller for account administrative information (such as registration and payment data). However, for call transcripts, audio recordings, phone logs, and conversation metadata, VirtualCall.AI acts strictly as a Data Processor on behalf of our Customers, who remain the Data Controllers.

2. Data Collection and Telemetry Processing

As a voice agent platform, we process specific categories of digital media and telemetry:

a. Customer Account Information

When a Customer registers for our services, we collect account details including name, work email address, company name, phone number, credentials, billing information, and API access tokens.

b. Voice Media and Transcripts (End-User Data)

To deliver real-time voice synthesis and reasoning, our infrastructure processes:

  • Audio Streams: Real-time call audio received via SIP, WebRTC, or telephone networks.
  • Transcripts: Text transcriptions generated by our Automatic Speech Recognition (ASR) systems during call execution.
  • Metadata: Telemetry logs, call duration, latency statistics, intent analysis metrics, carrier routing details, and network packet headers.

3. Third-Party Subprocessors and AI Engines

To execute low-latency voice interactions, we route data through specialized, enterprise-grade subprocessors. We maintain data processing agreements (DPAs) with all subprocessors to ensure compliance with strict privacy and security standards:

  • Speech-to-Text (ASR) & Text-to-Speech (TTS): We partner with low-latency engine providers (such as Deepgram, ElevenLabs, Cartesia, and OpenAI) to translate speech audio to text and synthesize text responses back to speech.
  • Large Language Models (LLMs): Text transcripts are routed to selected LLM hosting providers (such as OpenAI, Anthropic, and open-weights compute engines) to execute conversational logic and formulate agent responses.
  • Telephony Carriers: Telephone connectivity is established via cloud communication carriers and SIP trunking networks.

4. Zero Model-Training Commitment

We believe your conversational intelligence and business operations are entirely your own.VirtualCall.AI does not train, fine-tune, or adapt any AI models (ASR, TTS, or LLM) using your audio recordings, conversation transcripts, call telemetry, or proprietary system context.Furthermore, our DPAs with ASR, TTS, and LLM subprocessors ensure that they are legally prohibited from utilizing data routed through our API endpoints for their model development or training.

5. Data Retention and Deletion Controls

We provide Customers with granular controls to manage their data footprint. Through the VirtualCall.AI dashboard or API parameters, Customers can configure custom retention policies:

  • Auto-Deletion: Configure transcripts, audio files, and telemetry logs to automatically purge from our databases immediately upon call completion, after 24 hours, or at custom defined intervals.
  • On-Demand Deletion: Trigger immediate deletion of specific logs, recordings, or developer datasets using our management APIs.
  • Backup Policy: Deleted items are permanently erased from our active databases and will cycle out of secure system backups within 30 days.

6. Security and HIPAA Compliance

VirtualCall.AI maintains rigorous operational security safeguards designed to meet enterprise and healthcare standards:

  • Encryption in Transit: All media streams and API traffic are encrypted using TLS 1.3, HTTPS, and secure RTP (SRTP) protocols.
  • Encryption at Rest: Call audio, transcripts, and telemetry databases are encrypted using industry-standard AES-256 configurations.
  • HIPAA BAA: For healthcare clinics and medical platform integrations, VirtualCall.AI supports signed Business Associate Agreements (BAAs). In HIPAA-compliant mode, media routing is sandboxed on isolated, secure nodes with enforced zero-retention policies.

7. International Data Transfer and Regulations

VirtualCall.AI routes data globally via secure, regional server deployments. We comply with major international privacy frameworks, including:

  • GDPR: Standard Contractual Clauses (SCCs) are integrated into our DPAs for Customers transporting EU citizen telemetry data.
  • CCPA: We do not "sell" or "share" personal data or End-User metrics to third-party data brokers for commercial advertisement.

8. Contact Information

If you have questions regarding this Privacy Policy, your data rights, or our security practices, please contact our privacy compliance team at privacy@virtualcall.ai.