Privacy Policy

Last updated: 12/9/2025

1. Introduction

Ellavox AI ("we," "our," or "us") operates a voice AI automation platform that provides intelligent business communication solutions. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our voice AI systems, web platform, and related services (collectively, the "Services").

We are committed to protecting your privacy and ensuring the security of your personal and business information. This policy applies to all users of our Services, including business customers, end-users who interact with our AI systems, and website visitors.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information (name, email address, phone number, company details)
  • Payment information (processed securely through third-party payment processors)
  • Communication preferences and settings
  • Support requests and correspondence
  • Business configuration data for AI customization

2.2 Google User Data

When you authorize our application to access your Google account, we collect and process only the following limited Google user data:

  • Google Calendar Availability: Read access to your calendar events solely to check availability and prevent scheduling conflicts
  • Calendar Event Creation: Write access to create calendar events for scheduled appointments on your behalf
  • Basic Profile Information: Your name and email address only (no profile picture or other profile data)
  • Account Authentication Data: OAuth tokens and refresh tokens necessary to maintain authorized access to your Google Calendar and basic profile information

Limited Scope: We do not access, read, or process any other Google data including Gmail, Google Drive, Google Photos, or any other Google services beyond basic calendar availability/scheduling and your name/email address.

2.3 Voice and Communication Data

  • Voice recordings and transcriptions from calls processed by our AI systems
  • Call metadata (duration, timestamp, caller information, call outcomes)
  • SMS/text messages sent and received through our platform
  • Mobile phone numbers and SMS delivery status information
  • Text messages, emails, and other communications handled by our platform
  • Customer interaction data and conversation logs
  • Lead qualification and recruitment screening data

2.4 Automatically Collected Information

  • Usage analytics and platform performance metrics
  • Device information and browser data
  • IP addresses and location data
  • Cookies and similar tracking technologies
  • Integration data from connected CRM and business systems

3. How We Use Your Information

3.1 Google User Data Usage

We use Google user data exclusively for appointment scheduling functionality. Specifically, we use your limited Google data to:

  • Availability Checking: Read your calendar events solely to check availability and prevent double-booking when scheduling appointments
  • Appointment Scheduling: Create calendar events for confirmed appointments on your behalf
  • User Identification: Use your name and email address to identify you within our system and for appointment confirmations
  • Authentication: Maintain secure access to your Google Calendar through OAuth tokens

Limited Use: We do not use Google user data for advertising, selling to third parties, marketing, analytics, or any purposes beyond basic appointment scheduling functionality. We do not access or process calendar event details, descriptions, attendees, or other metadata beyond availability times.

3.2 Service Delivery

  • Processing voice calls and communications through our AI systems
  • Sending SMS messages for service notifications, marketing, and transactional purposes
  • Providing automated customer service and lead qualification
  • Integrating with your existing business systems and workflows
  • Generating reports and analytics on communication patterns
  • Facilitating recruitment and prescreening processes

3.3 AI Training and Improvement

We use data to train and improve our AI systems, with specific policies for different data types:

  • General Data: Training and improving our voice AI models (using anonymized data from non-Google sources)
  • Google User Data: NOT used for AI model training - Google data is used solely for appointment scheduling functionality
  • Natural Language Processing: Enhancing capabilities using anonymized, non-Google data sources
  • Industry Solutions: Developing industry-specific AI solutions using aggregated, anonymized non-Google data
  • Call Routing: Improving call routing and response accuracy using voice data (excluding Google Workspace data)

Important: Google Workspace APIs and Google user data are NOT used for any AI model training or improvement, whether personalized or non-personalized.

3.4 Business Operations

  • Account management and customer support
  • Billing and payment processing
  • Security monitoring and fraud prevention
  • Legal compliance and regulatory requirements
  • Marketing communications (with your consent)

4. Voice Data and AI Processing

4.1 Voice Recording and Storage

Our AI systems may record and store voice communications to provide our services. We implement industry-standard encryption and security measures to protect voice data. Recordings are retained only as long as necessary for service delivery and legal compliance.

4.2 AI Training Data

We may use anonymized and aggregated voice data to improve our AI models. Personal identifiers are removed, and data is processed in accordance with privacy best practices. You may opt out of having your data used for AI training purposes.

4.3 Third-Party AI Services

We may utilize third-party AI and machine learning services to enhance our platform capabilities. These providers are contractually bound to protect your data and use it only for the specified purposes.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

5.1 Google User Data Sharing

We do not sell Google user data to third parties. We do not transfer or disclose Google user data to third parties except in the following limited circumstances:

  • Service Providers: We may share Google user data with trusted service providers who assist in delivering our services, such as cloud hosting providers, but only under strict contractual obligations to protect your data
  • Legal Requirements: We may disclose Google user data when required by law, court order, or to protect our rights, property, or safety
  • User Consent: We may share Google user data with your explicit consent for specific purposes you authorize

We do not transfer Google user data to third parties for advertising, marketing to other users, selling to data brokers, or any other commercial purposes unrelated to providing our application functionality.

5.2 Service Providers

  • Cloud infrastructure and hosting providers
  • Payment processing services
  • AI and machine learning service providers
  • Customer support and communication tools
  • Analytics and monitoring services

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5.4 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

6. Data Security

6.1 Google User Data Protection

We implement specific security measures to protect Google user data, including:

  • OAuth 2.0 Security: We use Google's OAuth 2.0 protocol for secure authentication and authorization
  • Token Encryption: All OAuth tokens and refresh tokens are encrypted both in transit and at rest
  • Secure API Access: All Google API calls are made over HTTPS with proper authentication
  • Limited Access: We only request and access the minimum Google user data necessary for our application functionality
  • Data Isolation: Google user data is stored separately and securely from other application data
  • Regular Security Reviews: We conduct regular security assessments of our Google integration

6.2 General Data Protection

We implement comprehensive security measures to protect all your information, including:

  • End-to-end encryption for voice communications and sensitive data
  • Secure cloud infrastructure with regular security audits
  • Access controls and authentication mechanisms
  • Regular security training for our personnel
  • Incident response and breach notification procedures
  • Compliance with industry security standards and frameworks

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any material breaches as required by law.

7. Data Retention and Deletion

7.1 Google User Data Retention

We retain minimal Google user data only for as long as necessary to provide appointment scheduling services:

  • Calendar Availability Data: Temporarily cached only during active scheduling sessions, then immediately purged
  • Name and Email: Retained while your account is active for user identification and appointment confirmations
  • OAuth Tokens: Automatically expire and are refreshed according to Google's security protocols
  • No Persistent Storage: We do not permanently store calendar event details, descriptions, or other calendar metadata

Data Deletion: When you revoke our access to your Google account or delete your account with us, we immediately delete all Google user data from our systems. You can also request deletion of your Google data at any time by contacting us at privacy@ellavox.ai.

7.2 General Data Retention

We retain other information for as long as necessary to provide our services and comply with legal obligations:

  • Account information: Retained while your account is active and for a reasonable period thereafter
  • Voice recordings: Typically retained for 30-90 days unless longer retention is required for business purposes or legal compliance
  • Transaction records: Retained for tax and accounting purposes as required by law
  • Marketing data: Retained until you opt out or request deletion

You may request deletion of your data at any time, subject to legal and contractual retention requirements.

8. Google OAuth Authorization and Consent

8.1 Authorization Process

When you choose to connect your Google account to our application, you will be redirected to Google's secure authorization servers where you can review and approve the specific permissions we are requesting. We only request access to:

  • Read access to your Google Calendar events (for availability checking only)
  • Write access to create calendar events (for appointment scheduling only)
  • Basic profile information (name and email address only - no profile picture)

8.2 Consent and Control

Your consent to access Google user data is entirely voluntary and can be revoked at any time. You maintain full control over your Google data integration:

  • Revoke Access: You can revoke our access to your Google account at any time through your Google Account settings
  • Selective Permissions: Google's authorization process allows you to grant or deny specific permissions
  • Data Portability: You can request a copy of your Google data that we have processed
  • Account Disconnection: You can disconnect your Google account from our application through your account settings

8.3 Google User Data and AI/ML Model Training

Clear Statement: We do NOT use Google user data for any AI or machine learning model training, development, or improvement:

  • No AI Training: Your Google Calendar data is never used to train, develop, or improve any AI or ML models
  • No Voice AI Enhancement: Your Google profile information (name and email) is not used to enhance or personalize AI systems
  • Scheduling Only: Google data is used exclusively for basic appointment scheduling functionality - checking availability and creating calendar events
  • No Data Processing: We do not analyze, process, or derive insights from your Google data beyond basic scheduling operations
  • No Aggregation: Your Google data is never combined with other users' data or used for any analytical purposes

8.4 Google Workspace APIs and Non-Personalized AI Models

Explicit Confirmation: We explicitly affirm that Google Workspace APIs are NOT used to develop, improve, or train non-personalized AI and/or ML models. Specifically:

  • We do not use Google Workspace API data to train general-purpose AI models that serve other users
  • We do not contribute Google Workspace data to shared AI training datasets
  • We do not use Google Workspace data to improve AI models that are not directly related to your personal use of our application
  • Any AI/ML processing of Google Workspace data is limited to personalized features that enhance your individual experience
  • We do not aggregate Google Workspace data across users for non-personalized model training

8.5 Compliance with Google Policies

Our application complies with Google's API Services User Data Policy and Limited Use requirements. We are committed to:

  • Using Google user data only for the purposes disclosed in this privacy policy
  • Not selling, transferring, or using Google user data for advertising purposes
  • Implementing appropriate security measures to protect Google user data
  • Providing transparent information about our data practices
  • Complying with all Google Workspace API usage restrictions

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request access to your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Opt-out: Opt out of marketing communications and AI training data use

To exercise these rights, please contact us at privacy@ellavox.ai. We will respond to your request within the timeframe required by applicable law.

10. International Data Transfers

Our services may involve the transfer of information to countries outside your jurisdiction. We ensure that such transfers comply with applicable data protection laws through:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by data protection authorities
  • Other appropriate safeguards as required by law

11. SMS and Text Messaging

11.1 SMS Opt-In and Consent

By providing your mobile phone number and agreeing to receive SMS messages from Ellavox AI, you expressly consent to receive text messages, including automated marketing messages, service notifications, and transactional communications. This consent is not required as a condition of purchase.

11.2 Types of SMS Messages

You may receive the following types of SMS messages from us:

  • Service Messages: Account notifications, appointment confirmations, and service updates
  • Marketing Messages: Promotional offers, product updates, and company news (with your explicit consent)
  • Transactional Messages: Order confirmations, billing notifications, and customer support communications
  • AI-Generated Messages: Automated responses and communications from our voice AI systems

11.3 Message Frequency and Charges

Message frequency varies based on your interaction with our services and the type of messages you've opted to receive. Standard message and data rates may apply as determined by your mobile carrier. We are not responsible for any charges incurred from your mobile carrier.

11.4 Opt-Out Procedures

You can opt out of receiving SMS messages at any time by:

After opting out, you may receive a confirmation message, and no further messages will be sent unless you re-opt in. Please note that opting out of marketing messages will not affect transactional or service-related communications necessary for your account.

11.5 TCPA Compliance

We comply with the Telephone Consumer Protection Act (TCPA) and other applicable telecommunications regulations. We will not send automated marketing messages to your mobile device without your prior express written consent. You have the right to revoke this consent at any time using the opt-out methods described above.

11.6 Carrier and Device Limitations

SMS delivery is subject to your mobile carrier's network availability and may be affected by factors outside our control. We are not liable for delayed or undelivered messages. Supported carriers include major U.S. wireless carriers. If you change your mobile number, please update your contact information to continue receiving messages.

12. Children's Privacy

Our services are not intended for children under the age of 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information (with certain exceptions)
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing in-app notifications for significant changes

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

15. Cookie Policy

15.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized content.

15.2 Types of Cookies We Use

  • Essential Cookies: Required for basic website functionality and security
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness

15.3 Managing Cookies

You can control cookie settings through your browser preferences. Please note that disabling certain cookies may affect website functionality. Most browsers allow you to:

  • View and delete cookies
  • Block cookies from specific websites
  • Block third-party cookies
  • Clear all cookies when you close your browser

15.4 Third-Party Cookies

We may use third-party services that set their own cookies, including Google Analytics, marketing platforms, and customer support tools. These third parties have their own privacy policies governing their use of cookies.

16. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Ellavox AI

Email: privacy@ellavox.ai

Phone: 1-800-322-4334

Address: Saint Louis, MO

We will make every effort to resolve your privacy concerns in a timely and satisfactory manner.