Emaavy, Inc. (“Emaavy”, “we”, “our”, or “us”) is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI agent and workflow automation platform.
This Privacy Policy applies to all products and services offered by Emaavy, Inc., including our web application, API, AI voice agents, workflow automation platform, and any related services (collectively, the “Services”).
By accessing or using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.
Emaavy operates as both a data controller (for account and usage data) and a data processor (for customer data processed through AI agents on behalf of our customers). This distinction is important for understanding our respective obligations under applicable data protection laws.
We collect information in three ways: information you provide directly, information we collect automatically, and information received from third parties.
When you create an account, we collect your name, email address, company name, job title, and billing information. We use Stripe for payment processing and do not store full credit card numbers on our servers.
We automatically collect data about how you interact with our platform, including: pages visited, features used, agent configurations created, workflow runs executed, API call logs, error logs, browser type, IP address, device identifiers, and session duration.
When you contact our support team, participate in demos, or communicate with us via email or chat, we retain records of those communications to improve our services and resolve disputes.
Important Notice Regarding Call Data
Call recordings, voice data, and transcripts are among the most sensitive data types processed through our platform. The following provisions apply specifically to this data.
AI voice agents deployed through Emaavy may record and transcribe conversations between the agent and end users (callers). This data is processed to enable agent functionality including intent detection, response generation, CRM updates, and analytics. Customers are solely responsible for ensuring callers are informed of recording in accordance with applicable wiretapping and recording consent laws (including two-party consent laws in relevant jurisdictions).
Voice audio is transcribed through integrated STT (speech-to-text) providers including Deepgram, OpenAI Whisper, and others as configured by the customer. Transcripts are passed to LLM providers (OpenAI, Anthropic, Google, etc.) for agent reasoning. Data shared with third-party model providers is governed by their respective privacy policies and data processing agreements. We do not permit LLM providers to use your call data for training their models without your explicit consent.
Callers may disclose personally identifiable information (PII) during conversations, including names, phone numbers, addresses, financial information, and health information. Customers must configure their agents and data retention settings in compliance with all applicable regulations. Emaavy provides optional PII redaction features to automatically mask sensitive data in stored transcripts.
By default, call recordings and transcripts are retained for 90 days. Customers may configure shorter retention periods, enable auto-deletion, or export data at any time from their account settings. Enterprise customers may negotiate custom data residency and retention terms.
We use the information we collect for the following purposes:
We retain your personal information for as long as necessary to provide the Services and fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law.
| Data Type | Default Retention | Configurable |
|---|---|---|
| Account & billing data | Duration of account + 7 years | No |
| Call recordings | 90 days | Yes |
| Call transcripts | 90 days | Yes |
| Agent configuration logs | 12 months | Enterprise only |
| Usage & analytics data | 24 months | No |
| Support communications | 3 years | No |
| API access logs | 12 months | No |
Upon account termination, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.
We implement and maintain commercially reasonable technical, administrative, and physical security measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction.
Encryption at rest
AES-256 encryption for all stored data including call recordings, transcripts, and configuration files.
Encryption in transit
TLS 1.3 for all data transmitted between your browser, our APIs, and third-party providers.
SOC 2 Type II
Annual third-party audits covering security, availability, processing integrity, confidentiality, and privacy.
Access controls
Role-based access controls, least-privilege principles, and mandatory MFA for all internal systems.
Penetration testing
Annual third-party penetration tests with remediation SLAs. Results available to Enterprise customers under NDA.
Incident response
Documented incident response procedures with customer notification within 72 hours of confirmed data breach.
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
Emaavy is headquartered in India and operates infrastructure in multiple regions. If you are located outside India, your information may be transferred to, stored in, and processed in India and other countries where our service providers maintain infrastructure.
For customers in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data internationally.
Enterprise customers may request data residency in specific regions (India, EU, US) to ensure their data does not leave their preferred jurisdiction. Please contact our sales team to discuss data residency options.
Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, please submit a request to [email protected]. We will respond within 30 days. We may require verification of your identity before processing your request.
Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If we become aware that we have inadvertently collected personal information from a child under 18 without parental consent, we will take steps to delete such information as soon as possible. If you believe we have collected information from a minor, please contact us at [email protected].
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated “Last updated” date and, where the changes are significant, by sending an email to the address associated with your account at least 30 days before the changes take effect.
Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:
Address
Oakhla Industrial Area, Phase 2, A Block, Plot No. 78, 3rd Floor, New Delhi – 110020, India
Response
Within 30 business days