AI voice agents. Live in 20 min.
Legal

Privacy Policy

Effective date: June 19, 2026Last updated: June 19, 2026

Emaavy, Inc. (“Emaavy”, “we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI agent and workflow automation platform.

1. Overview

This Privacy Policy applies to all products and services offered by Emaavy, Inc., including our web application, API, AI voice agents, workflow automation platform, and any related services (collectively, the “Services”).

By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.

Emaavy operates as both a data controller (for account and usage data) and a data processor (for customer data processed through AI agents on behalf of our customers). This distinction is important for understanding our respective obligations under applicable data protection laws.

2. Information We Collect

We collect information in three ways: information you provide directly, information we collect automatically, and information received from third parties.

2.1 Account & Registration Data

When you create an account, we collect your name, email address, company name, job title, and billing information. We use Stripe for payment processing and do not store full credit card numbers on our servers.

2.2 Usage & Platform Data

We automatically collect data about how you interact with our platform, including: pages visited, features used, agent configurations created, workflow runs executed, API call logs, error logs, browser type, IP address, device identifiers, and session duration.

2.3 Communications Data

When you contact our support team, participate in demos, or communicate with us via email or chat, we retain records of those communications to improve our services and resolve disputes.

3. Call & Voice Data

Important Notice Regarding Call Data

Call recordings, voice data, and transcripts are among the most sensitive data types processed through our platform. The following provisions apply specifically to this data.

3.1 Call Recordings & Transcripts

AI voice agents deployed through Emaavy may record and transcribe conversations between the agent and end users (callers). This data is processed to enable agent functionality including intent detection, response generation, CRM updates, and analytics. Customers are solely responsible for ensuring callers are informed of recording in accordance with applicable wiretapping and recording consent laws (including two-party consent laws in relevant jurisdictions).

3.2 Speech Data & LLM Processing

Voice audio is transcribed through integrated STT (speech-to-text) providers including Deepgram, OpenAI Whisper, and others as configured by the customer. Transcripts are passed to LLM providers (OpenAI, Anthropic, Google, etc.) for agent reasoning. Data shared with third-party model providers is governed by their respective privacy policies and data processing agreements. We do not permit LLM providers to use your call data for training their models without your explicit consent.

3.3 PII in Voice Data

Callers may disclose personally identifiable information (PII) during conversations, including names, phone numbers, addresses, financial information, and health information. Customers must configure their agents and data retention settings in compliance with all applicable regulations. Emaavy provides optional PII redaction features to automatically mask sensitive data in stored transcripts.

3.4 Retention of Call Data

By default, call recordings and transcripts are retained for 90 days. Customers may configure shorter retention periods, enable auto-deletion, or export data at any time from their account settings. Enterprise customers may negotiate custom data residency and retention terms.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, operate, maintain, and improve the Emaavy platform and Services.
  • Agent Operation: To execute AI agent calls, transcribe audio, generate responses, and log outcomes on your behalf.
  • Billing & Payments: To process subscription payments, calculate usage-based charges, and issue invoices.
  • Customer Support: To respond to support requests, troubleshoot issues, and provide onboarding assistance.
  • Security & Fraud Prevention: To detect, investigate, and prevent unauthorized access, abuse, and fraudulent activity.
  • Analytics & Improvement: To analyse platform usage patterns and improve features, performance, and reliability.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Communications: To send transactional emails (receipts, alerts, system notifications) and, where permitted, product updates.

5. Sharing & Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

5.1 Integration Partners

When you configure integrations (e.g., Salesforce, HubSpot, Slack), data is shared with those platforms as directed by your agent and workflow configuration. You control which data is shared through your integration settings.

5.2 AI & Infrastructure Subprocessors

We engage subprocessors including telephony providers (Twilio, Plivo, Exotel, Telnyx), LLM providers (OpenAI, Anthropic, Google, Mistral), STT providers (Deepgram, Microsoft Azure, Amazon Web Services), TTS providers (ElevenLabs, Amazon Polly, Google TTS), and cloud infrastructure providers. A complete and current list of subprocessors is maintained at emaavy.com/subprocessors.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a legal obligation.

5.4 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to your information becoming subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as necessary to provide the Services and fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.

Data TypeDefault RetentionConfigurable
Account & billing dataDuration of account + 7 yearsNo
Call recordings90 daysYes
Call transcripts90 daysYes
Agent configuration logs12 monthsEnterprise only
Usage & analytics data24 monthsNo
Support communications3 yearsNo
API access logs12 monthsNo

Upon account termination, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Security

We implement and maintain commercially reasonable technical, administrative, and physical security measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction.

Encryption at rest

AES-256 encryption for all stored data including call recordings, transcripts, and configuration files.

Encryption in transit

TLS 1.3 for all data transmitted between your browser, our APIs, and third-party providers.

SOC 2 Type II

Annual third-party audits covering security, availability, processing integrity, confidentiality, and privacy.

Access controls

Role-based access controls, least-privilege principles, and mandatory MFA for all internal systems.

Penetration testing

Annual third-party penetration tests with remediation SLAs. Results available to Enterprise customers under NDA.

Incident response

Documented incident response procedures with customer notification within 72 hours of confirmed data breach.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

8. International Data Transfers

Emaavy is headquartered in India and operates infrastructure in multiple regions. If you are located outside India, your information may be transferred to, stored in, and processed in India and other countries where our service providers maintain infrastructure.

For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data internationally.

Enterprise customers may request data residency in specific regions (India, EU, US) to ensure their data does not leave their preferred jurisdiction. Please contact our sales team to discuss data residency options.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal information we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal information.
  • Right to Erasure: Request deletion of your personal information, subject to certain exceptions (e.g., legal retention obligations).
  • Right to Restriction: Request that we restrict the processing of your personal information in certain circumstances.
  • Right to Portability: Receive your personal information in a structured, commonly used, machine-readable format.
  • Right to Object: Object to our processing of your personal information where we rely on legitimate interests as our legal basis.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time without affecting prior processing.

To exercise any of these rights, please submit a request to [email protected]. We will respond within 30 days. We may require verification of your identity before processing your request.

10. Cookies & Tracking

We use cookies and similar tracking technologies to operate and improve the Services. Cookies are small data files placed on your device.

Strictly necessary

Essential for the platform to function. Cannot be disabled. Includes session authentication, CSRF protection, and load balancing.

Functional

Remember your preferences and settings (e.g., dashboard layout, language). Can be disabled without affecting core functionality.

Analytics

Help us understand how users navigate the platform. We use self-hosted analytics that do not share data with third parties. Can be opted out.

We do not use advertising cookies or share your data with advertising networks. You can manage cookie preferences through your browser settings or our in-app cookie preferences panel.

11. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a child under 18 without parental consent, we will take steps to delete such information as soon as possible. If you believe we have collected information from a minor, please contact us at [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated “Last updated” date and, where the changes are significant, by sending an email to the address associated with your account at least 30 days before the changes take effect.

Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

Address

Oakhla Industrial Area, Phase 2, A Block, Plot No. 78, 3rd Floor, New Delhi – 110020, India

Response

Within 30 business days