Vocarra

Legal

Privacy Policy

Last updated: April 8, 2026

Placeholder notice: the legal entity name (Vocarra) and the contact email for privacy inquiries (legal@vocarra.ai) referenced in this Policy are placeholders and will be updated once our corporate structure and legal contact are finalized.

This Privacy Policy (the "Policy") describes how Vocarra ("we", "us", or "our") collects, uses, discloses, stores, and otherwise processes personal information in connection with: (i) this website and any successor sites we operate (the "Site"); (ii) our AI voice agent, virtual receptionist, call handling, call routing, messaging, scheduling, lead intake, and related telephony products and features, together with any software, APIs, dashboards, integrations, and professional services we make available (collectively, the "Services"); and (iii) our sales, marketing, support, and business operations. By visiting the Site, contacting us, placing a call that is answered or routed by our Services, or otherwise interacting with us, you acknowledge that you have read and understood this Policy.

This Policy is a binding statement of our practices. It is intended to be read together with our Terms of Service, any order form, master services agreement, statement of work, or data processing addendum ("DPA") you or your organization have signed with us, and any product specific notices we provide at the point of collection. In the event of a conflict between this Policy and a signed agreement covering the same subject matter, the signed agreement controls as to the parties to it.

Who this Policy applies to

We interact with several categories of people, and the way we handle information depends on the role in which you interact with us:

  • Site visitors and prospects. People who browse the Site, request a demo, download materials, or otherwise contact us about the Services.
  • Customers and customer personnel. Businesses that purchase or evaluate the Services (each a "Customer"), along with their owners, employees, technicians, dispatchers, and other authorized users.
  • End callers and other end users. Individuals who call, text, or otherwise communicate with a Customer using a phone number or channel connected to the Services, or whose information is submitted to the Services by a Customer (for example, an existing customer being called back about a service appointment).
  • Job applicants, vendors, and other third parties that interact with us in the ordinary course of business.

When we process personal information about end callers or other individuals on behalf of a Customer under a signed agreement, we act as a service provider, processor, or business associate (as those terms are defined by applicable law) to that Customer. The Customer is the controller or business responsible for that information, and its own privacy notice governs the collection and primary use of that information. This Policy describes what we do with it on the Customer's behalf and what we do with information we collect as a controller in our own right (for example, through the Site).

Information we collect

We collect information in several ways: directly from you, from your device or phone when you use the Services, from our Customers about their end callers, and from third parties that help us operate. The specific categories of personal information we may collect include:

  • Contact and identifiers. Name, business name, job title, mailing address, service address, email address, telephone number, account username, and similar identifiers.
  • Commercial information. Records of products or Services inquired about, purchased, or considered; billing records; and plan or subscription details.
  • Voice recordings and call audio. Recordings, live audio streams, and derived data (for example, voice activity markers and audio quality metrics) of calls that are answered, placed, or otherwise handled by the Services. Calls may be recorded in whole or in part.
  • Transcripts and conversational content. Machine generated and human reviewed transcripts of calls, voicemails, SMS or MMS messages, chat messages, and other communications handled by the Services, including anything the caller or Customer chooses to say or type (which may include names, addresses, phone numbers, email addresses, descriptions of property or equipment, photos, scheduling details, and any other information shared during the interaction).
  • Telephony metadata. Phone numbers (caller and called), caller ID, carrier and routing information, call start and end times, duration, disposition, hold and transfer events, DTMF (keypad) input, call recording identifiers, and similar signaling data.
  • Scheduling and service information. Requested appointment windows, job types, property information, access instructions, notes captured during intake, and other details needed to schedule or dispatch a service visit.
  • Customer relationship data. Information that Customers import, sync, or otherwise connect from their CRM, field service management, calendar, email, SMS, ticketing, billing, mapping, or review platforms.
  • Device, usage, and log data. IP address, device and browser type, operating system, unique device or session identifiers, referrer URL, pages and features used, clickstream data, timestamps, crash reports, and diagnostic information collected through cookies, SDKs, server logs, and similar technologies.
  • Approximate location. General location derived from IP address or telephone area code. We do not collect precise GPS location from the Site.
  • Marketing and preferences. Communication preferences, survey responses, feedback, and marketing engagement signals (for example, whether you opened an email).
  • Payment information. For paying Customers, billing contact details and limited payment metadata. Card numbers and bank details are collected and stored by our payment processors, not by us.
  • Authentication and account data. Credentials, security questions, tokens, API keys, and authentication logs used to access dashboards or integrations.
  • Inferences. Inferences we draw from the above to understand, for example, intent of a caller, likelihood that a lead is a new job, or which features a user prefers.

We do not ask for and do not want to receive government ID numbers, payment card numbers in call audio, health information, precise geolocation, children's information, or other sensitive categories of personal information. If such information is volunteered during a call or submitted to us, we will handle it consistent with this Policy and applicable law, but we strongly discourage sharing it.

Call recording, monitoring, and consent

A core function of the Services is answering, recording, transcribing, and analyzing telephone calls placed to or from a Customer's business phone number. Call recording and monitoring are subject to federal and state laws, and some jurisdictions (including so called "two party" or "all party" consent states) require that every party to a call consent to being recorded.

Where we act as a service provider to a Customer, the Customer is responsible for: (i) determining whether and how calls may be recorded, monitored, or transcribed under applicable law; (ii) providing any legally required notice or disclosure to callers (for example, a recorded greeting stating that the call may be recorded); (iii) obtaining any legally required consent from callers; and (iv) honoring caller requests not to be recorded. Customers represent and warrant to us that they have the authority to enable call recording on the phone numbers and channels they connect to the Services and that they will use the Services in compliance with all applicable wiretap, eavesdropping, recording, telemarketing, robocall, and electronic communications laws.

As a caller, if you do not consent to a call being recorded or transcribed, you can end the call or ask the business you are contacting not to record. If you believe a call involving you was recorded without required consent, please contact us using the details at the end of this Policy and we will work with the responsible Customer to investigate.

AI processing, model training, and automated decision making

The Services use artificial intelligence, including large language models, automatic speech recognition, text to speech synthesis, and related technologies, to understand callers, generate spoken and written responses, summarize conversations, classify intent, draft messages, extract structured data, and assist with scheduling and dispatch. Some of these components are operated by us directly; others are provided by trusted third party model and infrastructure providers that process data on our behalf under contractual confidentiality, security, and data protection obligations.

We do not sell personal information, and we do not use Customer content (including call audio, transcripts, CRM data, and end caller information) to train publicly available or general purpose AI models for the benefit of unrelated third parties. Subject to any more restrictive terms in a signed agreement, we may use de identified, aggregated, or otherwise non personal data derived from use of the Services to: (i) maintain, evaluate, debug, secure, and improve the Services; (ii) tune prompts, voices, and response quality for a specific Customer's deployment; (iii) develop and improve our own internal models and features; and (iv) produce statistics and benchmarks. Where a Customer's signed agreement restricts these uses further, that agreement controls.

The Services may make or assist with automated decisions that have practical effects (for example, classifying a call as a new job vs. a spam call, routing a call to voicemail, proposing an appointment slot, or drafting a follow up message). These decisions are intended to support, not replace, human judgment by the Customer. If you are subject to an automated decision and wish to request human review, contact the Customer you interacted with, or contact us and we will help route the request.

How we use information

We use personal information for the following purposes and on the legal bases noted in parentheses where the GDPR or similar laws apply:

  • To provide, operate, secure, and support the Site and the Services, including answering and routing calls, generating transcripts and summaries, syncing with Customer systems, authenticating users, and responding to support requests (performance of a contract; legitimate interests).
  • To communicate with you about demos, quotes, onboarding, training, product updates, service notices, billing, and customer support (performance of a contract; legitimate interests).
  • To send marketing communications about the Services and related offerings where permitted by law, and to measure the effectiveness of those communications (consent where required; otherwise legitimate interests). You can opt out at any time as described below.
  • To monitor, evaluate, debug, secure, and improve the Services, including training and tuning models for your own deployment and developing new features (legitimate interests; compliance with legal obligations).
  • To detect, investigate, and prevent fraud, abuse, spam, harassment, unauthorized access, and other harmful or illegal activity, and to enforce our Terms of Service (legitimate interests; compliance with legal obligations).
  • To comply with applicable laws, regulations, subpoenas, court orders, law enforcement requests, and other legal process (compliance with legal obligations).
  • To establish, exercise, or defend legal claims, and to protect the rights, property, or safety of Vocarra, our Customers, end callers, or the public (legitimate interests; compliance with legal obligations).
  • For any other purpose disclosed to you at the time of collection or to which you consent.

Telephone, SMS, and messaging communications

If you give us your phone number through the Site, request a demo, or become a Customer, you agree that we (and service providers acting on our behalf) may contact you at that number, including by automated dialing systems, prerecorded or artificial voice messages, and SMS or MMS text messages, for purposes related to your inquiry, the Services, billing, and support. Message and data rates may apply. You can opt out of marketing calls or texts at any time by replying STOP to any marketing text, asking to be removed during a call, or contacting us. Transactional and Service related messages may continue even if you opt out of marketing.

If you are a Customer using the Services to place or receive calls or texts on your behalf, you are responsible for complying with the Telephone Consumer Protection Act (TCPA), the CAN SPAM Act, state telemarketing and do not call laws, carrier rules, 10DLC and toll free messaging registration requirements, and any other laws governing calls and messages you originate through the Services, including obtaining any required prior express written consent from recipients.

Cookies and similar technologies

The Site uses cookies, web beacons, pixels, local storage, and similar technologies to recognize your browser, remember your preferences, measure how visitors use the Site, and support analytics and (where applicable) marketing. Some of these are strictly necessary for the Site to function; others are optional and can be disabled. You can control cookies through your browser settings and, where offered, through an on site preferences banner. Disabling certain cookies may limit Site functionality. We honor Global Privacy Control (GPC) signals as a valid request to opt out of sale or sharing where applicable law requires it.

How we share information

We do not sell personal information in exchange for money. We disclose personal information only as described below:

  • With Customers. We share call audio, transcripts, messages, lead details, scheduling information, and related data with the Customer whose phone number or account the interaction is associated with. If you called a business that uses the Services, that business will receive records of the interaction.
  • With service providers and subprocessors. We use trusted third parties to host infrastructure, deliver telephony and messaging, provide AI and speech models, transcribe audio, send email, run analytics, process payments, provide customer support tooling, monitor security, and handle similar operational functions. These providers are bound by written agreements to use personal information only to provide services to us, to protect it, and not to sell it.
  • With integrations you authorize. If a Customer connects a CRM, calendar, field service platform, or other third party system to the Services, we will exchange data with that system according to the connection the Customer configures. The Customer is responsible for choosing which integrations to enable and for the practices of those third parties.
  • In corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, personal information may be transferred as part of that transaction subject to standard confidentiality protections.
  • For legal reasons. We may disclose personal information when we believe in good faith that disclosure is necessary to comply with a legal obligation, respond to lawful requests from public authorities, enforce our agreements, protect the safety of any person, address fraud or security issues, or protect our rights or property.
  • With your consent. We may share personal information for any other purpose with your consent or at your direction.

Data retention

We retain personal information for as long as needed to fulfill the purposes described in this Policy, including to provide the Services, maintain business and financial records, resolve disputes, enforce our agreements, and comply with legal obligations. Specific retention periods depend on the type of information, the Customer's settings, and the terms of the applicable agreement. Where we process personal information on behalf of a Customer, the Customer's instructions (and its retention settings in our dashboard) govern how long call recordings, transcripts, and related records are kept, subject to limits we may set for security, backup, and legal reasons. When personal information is no longer needed, we will delete or de identify it.

Data security

We implement administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit, access controls, logging, least privilege principles, employee training, and regular review of our vendors. No method of transmission over the internet or electronic storage is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly of any suspected unauthorized use.

International data transfers

We are based in the United States and primarily process personal information in the United States. If you access the Site or Services from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States or other jurisdictions whose data protection laws may differ from those of your jurisdiction. Where required by law, we use appropriate safeguards (for example, Standard Contractual Clauses) to protect personal information when it is transferred across borders.

Your privacy rights

Depending on where you live, you may have the right to: request access to personal information we hold about you; request correction of inaccurate information; request deletion; request a copy in a portable format; object to or request that we restrict certain processing; opt out of targeted advertising, "sale" or "sharing" of personal information as those terms are defined in your jurisdiction, and certain profiling; and withdraw consent where processing is based on consent. We do not engage in cross context behavioral advertising or "sale" of personal information as those concepts are commonly understood, but we honor opt out requests regardless.

To exercise a right, contact us using the details below. We will verify your request, typically by confirming information already associated with your account or inquiry, and respond within the time period required by applicable law. You may also designate an authorized agent to submit a request on your behalf, subject to verification. You have the right not to be discriminated against for exercising a privacy right. If you are an end caller whose information we process on behalf of a Customer, we will, where appropriate, direct your request to the Customer or assist the Customer in fulfilling it.

California residents: this Policy, read together with the sections above, serves as our notice at collection and Shine the Light disclosure under the California Consumer Privacy Act and California Privacy Rights Act. We have described the categories of personal information we collect, the sources, the purposes, the categories of recipients, and your rights. Nevada, Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and other state law residents have similar rights, and we extend the relevant rights to you regardless of residency where reasonably possible.

Children's privacy

The Site and Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take reasonable steps to delete it.

Third party websites and services

The Site and Services may contain links to, or integrations with, third party websites, apps, and services that we do not own or control. This Policy does not apply to those third parties. We encourage you to review their privacy policies before providing personal information to them.

Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be highlighted on the Site or communicated to active Customers by reasonable means. Your continued use of the Site or Services after the effective date of the updated Policy constitutes acceptance of it.

Contact

If you have questions about this Policy, wish to exercise a privacy right, or want to report a concern, please contact us by email at legal@vocarra.ai or by phone at +1 (267) 230-9207. Written requests may also be sent to the mailing address we will publish here once our business entity is finalized. If you are an end caller, please also reach out to the business you contacted, since its own privacy notice governs the primary use of your information.