Privacy Policy — AloCall

On this page

Who we are
Data we collect
How we use it
Legal basis
Call recordings
Sharing & processors
International transfers
Retention periods
Security
Your rights
Cookies
Children
Changes to policy

1. Who we are

AloCall ("we", "us", "our") is the controller of your personal data under the EU General Data Protection Regulation (GDPR) and other applicable privacy laws. You can reach our data protection team at hey@alocall.ai.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have. It applies to our website, dashboard, and AI voice agent service (collectively, the "Service").

2. Data we collect

We collect several categories of personal data:

Data you provide directly

Account data: name, email address, company, phone number, billing address, password
Payment data: processed by our payment provider (we never store full card numbers)
Configuration data: tour descriptions, pricing, booking scripts, brand voice preferences
Support correspondence: messages, screenshots, attachments sent to our team

Data collected automatically

Usage data: pages visited, features used, clicks, session duration, referrer URLs
Device data: IP address, browser type, operating system, screen resolution, language
Dashboard analytics: login times, API calls, configuration changes

Data collected through voice agents

Call audio: recordings of inbound and outbound calls handled by your voice agent
Transcripts: text transcriptions of those calls, including caller statements
Call metadata: phone numbers, duration, timestamps, outcome (booking, transfer, etc.)
Booking information: names, dates, preferences and other details provided by callers

3. How we use it

We process personal data to:

Provide and operate the Service, including call handling and transcription
Authenticate users and protect accounts from unauthorized access
Process payments and manage subscriptions
Improve the quality of our AI models (using anonymized data where possible)
Respond to support requests and communicate service updates
Detect, prevent and investigate fraud, abuse or security incidents
Comply with legal obligations and enforce our Terms of Service

We do not sell your personal data, and we do not use Customer call content to train general-purpose AI models available to other customers.

4. Legal basis for processing

Under GDPR, we rely on the following legal bases:

Performance of a contract: to deliver the Service you subscribed to
Legitimate interests: to operate, secure, and improve our Service
Consent: for optional features like marketing emails or analytics cookies
Legal obligation: to meet accounting, tax, and regulatory requirements

5. Call recordings & transcripts

When you deploy an AloCall voice agent on your phone line, the Service processes the audio of incoming and outgoing calls to generate real-time responses. As the data controller for your callers, you are responsible for:

Disclosing at the start of each call that the caller is speaking with an AI agent and that the conversation may be recorded, as required by local law
Obtaining any necessary consent from callers
Having a lawful basis for processing caller data

AloCall acts as a data processor on your behalf and will process call data only according to your documented instructions, including the configuration options you choose in your dashboard.

We share personal data only with trusted service providers who help us operate the Service. Each of them is bound by a Data Processing Agreement. Categories include:

Cloud infrastructure: hosting, databases, storage (e.g. AWS, Google Cloud)
AI & voice providers: text-to-speech, speech-to-text and language models
Telephony: providers who route calls to and from your phone numbers
Payment processing: regulated PCI-DSS compliant providers
Analytics & monitoring: product and error tracking tools
Booking integrations: when you connect Rezdy, Bókun, FareHarbor, Ventrata, or similar

We may also disclose data to comply with legal obligations, protect our rights, or in connection with a merger, acquisition or sale of assets (with prior notice where required).

7. International transfers

AloCall is based in the European Union and primarily stores data within the EU. When we transfer personal data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and additional technical measures.

8. Retention periods

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law:

Account data: for the duration of your subscription plus 12 months after termination
Call recordings: 90 days by default, configurable in your dashboard (minimum 24 hours)
Transcripts & metadata: up to 24 months for analytics and reporting
Invoices & billing records: 10 years as required by Italian and EU tax law
Support tickets: 24 months after resolution

9. Security

We take the security of your data seriously. Our measures include:

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Role-based access controls and least-privilege principles
Regular security audits and third-party penetration testing
Automated backups and disaster-recovery procedures
Strict employee access logging and 2FA for all staff

No system can be 100% secure. If we become aware of a personal data breach likely to result in a risk to your rights, we will notify you and the competent supervisory authority within 72 hours, as required by GDPR.

10. Your rights

Under GDPR and equivalent laws, you have the following rights:

Access

Obtain a copy of the personal data we hold about you.

Rectification

Correct inaccurate or incomplete information.

Erasure

Request deletion where legally possible.

Restriction

Limit how we use your data in specific cases.

Portability

Receive your data in a portable machine-readable format.

Objection

Object to processing based on legitimate interests.

Withdraw consent

At any time, where processing is based on consent.

Complain

Lodge a complaint with your supervisory authority.

To exercise any of these rights, email hey@alocall.ai. We respond within 30 days.

11. Cookies

Our website uses a minimal number of cookies:

Essential cookies: required for authentication and security (always active)
Preference cookies: remember your language and settings
Analytics cookies: help us understand how the site is used (only with your consent)

You can change your preferences at any time via your browser settings or the cookie banner.

12. Children

The Service is not intended for individuals under 16 years of age. We do not knowingly collect data from children. If you believe we have collected data about a child, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be announced via email or in-app notification at least 30 days before they take effect. The "Last updated" date above always shows the most recent revision.

Questions or requests?

Contact our data protection team at hey@alocall.ai. For complaints you may also reach out to the Italian data protection authority, the Garante per la protezione dei dati personali.