Privacy Policy
Overview
TheyCalled provides AI-powered phone answering services for small businesses. This policy describes how we collect, use, store, and protect information in connection with our website and services, including our use of Google API services.
Website Visitors
This website does not use cookies, tracking scripts, or analytics. We do not collect any personal information from visitors to this site.
Our Phone Answering Service
When we provide phone answering services to a business, we process calls on behalf of that business. This includes receiving and routing calls, taking messages, and managing appointment scheduling. The business that contracts our service is responsible for how caller information is used and stored in accordance with their own privacy practices.
Data We Collect and Process
In the course of providing our services, we collect and process the following categories of information:
Call data: Caller names, phone numbers, call transcripts, and the content of phone conversations processed through our AI receptionist.
Appointment data: Booking details including scheduled dates and times, service types, and customer contact information.
Account data: Business name, email address, phone number, and service configuration provided by our business clients during setup.
Payment data: Billing name, billing address, and subscription details. Credit card numbers and payment credentials are transmitted directly to our payment processor (Stripe) and are never stored on our servers.
Google user data: When a business connects their Google Calendar, we access calendar event data and free/busy information as described in the Google API Data section below.
Google API Data
TheyCalled offers an optional Google Calendar integration that allows businesses to sync appointments with their Google Calendar. This section describes how we handle Google user data accessed through Google API services.
Data Accessed: When a business authorizes the Google Calendar integration, we request access to the following Google data through OAuth 2.0:
— Calendar events (read and write access via the calendar.events scope), including event titles, times, descriptions, and attendees.
— Calendar free/busy information (read-only access via the calendar.readonly scope), used to check availability before scheduling.
Data Usage: Google Calendar data is used solely to:
— Check calendar availability when scheduling appointments during phone calls.
— Create calendar events for new bookings made through our AI receptionist.
— Update or cancel calendar events when bookings are modified or cancelled.
We do not use Google user data for advertising, marketing, or any purpose unrelated to providing our phone answering and appointment scheduling service.
Data Sharing: Google user data is not sold, rented, or shared with any third parties. Google Calendar data is only accessed by our application servers to perform the scheduling functions described above. No human personnel access Google user data except as necessary for technical support at the explicit request of the business client.
Data Storage and Protection: Google OAuth tokens (access tokens and refresh tokens) are stored in our encrypted database hosted on Amazon Web Services (AWS). Access to stored tokens is restricted to our application services and authorized personnel only. All data is transmitted over HTTPS/TLS encryption. We use AWS security infrastructure including network isolation, encryption at rest, and access controls to protect all stored data.
Data Retention and Deletion: Google OAuth tokens and calendar data are retained only while the Google Calendar integration remains active. When a business disconnects their Google Calendar integration, we revoke the OAuth tokens and delete all stored Google credentials within 24 hours. When a business terminates their TheyCalled account, all associated Google data and tokens are deleted within 30 days. Businesses can disconnect their Google Calendar integration at any time through their account settings or by contacting us at hello@theycalled.com.
TheyCalled's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
SMS and Text Message Data
When our AI receptionist sends SMS messages on behalf of a business client (such as appointment confirmations or reminders), we collect and process the following:
— Phone numbers: The caller's phone number, used to deliver SMS messages related to their appointment or inquiry.
— Message content: The text of sent and received SMS messages, including appointment details and opt-out requests.
— Delivery status: Whether a message was successfully delivered, failed, or undeliverable.
— Opt-out status: Whether a caller has opted out of receiving SMS messages by replying STOP.
SMS data is transmitted via Twilio and is subject to Twilio's Privacy Policy. Phone numbers and SMS opt-out preferences are not sold, shared with third parties, or used for marketing or promotional purposes. SMS data is retained for the duration of the business client's service agreement and deleted within 30 days of account termination.
How We Use Your Data
We use the information we collect to:
— Provide and operate our AI phone answering service.
— Schedule, update, and manage appointments on behalf of our business clients.
— Sync appointments with connected third-party calendars.
— Send transactional SMS messages such as appointment confirmations and reminders on behalf of our business clients.
— Improve the quality and accuracy of our AI receptionist.
— Provide customer support to our business clients.
We do not sell personal information to third parties.
Data Security
We use industry-standard technical and organizational measures to protect the information processed through our services, including:
— Encryption in transit (TLS/HTTPS) and at rest (AES-256).
— Database-level access controls and tenant isolation.
— Secure cloud infrastructure hosted on Amazon Web Services (AWS).
— Regular security reviews and access audits.
Access to client data is limited to authorized personnel necessary to provide and maintain our services.
Payment Processing
We use Stripe as our payment processor to handle subscription billing and payment transactions. When you provide payment information (such as credit card number, billing name, and billing address), this data is transmitted directly to Stripe and is not stored on our servers.
Stripe may independently collect additional information such as device data and behavioral signals for fraud prevention purposes. Stripe processes payment data as a data processor acting on our behalf, and also as an independent controller for its own fraud prevention and compliance obligations.
For details on how Stripe handles your data, please see the Stripe Privacy Policy.
We retain transaction records (such as payment amounts, dates, and subscription status) for up to 7 years as required for tax and accounting purposes.
Third-Party Services
We use the following categories of third-party providers to deliver our services:
— Payment processing: Stripe for subscription billing and payment transactions.
— Telecommunications: Twilio for phone call routing, voice services, and SMS message delivery.
— AI and language processing: OpenAI for conversational AI, Deepgram for speech-to-text, and ElevenLabs for text-to-speech.
— Cloud infrastructure: Amazon Web Services (AWS) for hosting, database, and storage.
— Calendar integrations: Google Calendar (optional, authorized by the business client).
These providers process data only as necessary to support our services and are bound by their own privacy and data protection policies.
Data Retention and Deletion
We retain call and appointment data for the duration of our service agreement with each client. Upon termination of service, client data is deleted within 30 days unless otherwise required by law or agreed upon with the client.
Business clients may request deletion of their data at any time by contacting us at hello@theycalled.com. We will process deletion requests within 30 days. Callers who wish to have their personal information removed may also contact us at the same email address.
Your Rights
Depending on your jurisdiction, you may have the right to access, correct, or delete your personal information, or to restrict or object to its processing. To exercise any of these rights, please contact us at hello@theycalled.com.
Changes to This Policy
We may update this policy from time to time. Any changes will be reflected on this page with an updated effective date.
Contact
If you have questions about this privacy policy or how we handle information, please contact us at hello@theycalled.com.