Privacy Policy
Effective Date: [EFFECTIVE_DATE] Last Updated: [LAST_UPDATED_DATE]
This Privacy Policy explains how IrisCalls LLC, a limited liability company registered in the Islamic Republic of Pakistan ("IrisCalls," "we," "us," or "our"), collects, uses, stores, shares, and protects information when you use the IrisCalls AI receptionist platform, the website at https://iriscalls.com, and related services (collectively, the "Service").
This policy is designed to comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Canada's PIPEDA, and Pakistan's Personal Data Protection framework.
By using the Service, you acknowledge the practices described in this Privacy Policy.
1. WHO WE ARE (DATA CONTROLLER)
IrisCalls LLC [REGISTERED_BUSINESS_ADDRESS] [CITY], Pakistan Email: support@iriscalls.com
For privacy-related inquiries, data subject access requests, or complaints, contact: support@iriscalls.com.
2. INFORMATION WE COLLECT
We collect the following categories of information:
2.1 Information You Provide Directly
- Account Information: Name, email address, business name, phone number, password (hashed), and Google account profile (when signing in via Google OAuth).
- Billing Information: Processed by Paddle.com Market Limited, our merchant of record. We receive limited data such as billing country, transaction status, and the last four digits of the payment method. We do not store full credit card numbers.
- Communications: Messages you send to support, feedback submissions, and contact form entries.
2.2 Information Generated Through Service Use
- Call Data: Phone numbers (caller and recipient), call timestamps, duration, call status (answered, missed, voicemail), and call outcomes.
- Call Recordings (Optional): If you enable call recording, audio recordings of inbound and outbound calls.
- Call Transcripts: AI-generated text transcripts of calls processed by the Service.
- Appointment Data: Appointment details created through the Service, including client name, contact info, service type, date, time, and assigned staff.
- Usage Data: Dashboard interactions, feature usage, configuration settings, and call campaign data.
2.3 Information from Third-Party Integrations
When you connect third-party services, we access only the data necessary to provide the Service:
- Google Calendar: Read/write access to your calendar events to schedule appointments and check availability.
- Gmail: Send-only access to dispatch confirmations, reminders, and follow-ups from your connected address.
- Google Sheets: Read/write access to log call records and appointment data to spreadsheets you authorize.
- Google Drive: Limited access to store backups and exports if you enable that feature.
- Microsoft Calendar/Teams (if connected): Equivalent access for Microsoft accounts.
2.4 Automatically Collected Information
- Device and Log Data: IP address, browser type, operating system, device identifiers, referring URLs, pages viewed, and timestamps.
- Cookies and Similar Technologies: See Section 9 below.
2.5 Information About Callers (End Users)
When the Service handles calls on your behalf, we process information about the people who call your business or whom you call ("End Users"), including phone numbers, voice audio, transcripts, and any information they provide during the call (such as name, email, appointment preferences).
Customers (you) are the data controller for End User information. IrisCalls acts as a data processor on your behalf for this data.
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate the Service (handle calls, book appointments, send emails) | Contract performance |
| Process payments and manage subscriptions | Contract performance |
| Send transactional emails (confirmations, receipts, security alerts) | Contract performance |
| Improve, debug, and develop the Service | Legitimate interests |
| Train and improve AI models (using de-identified, aggregated data only) | Legitimate interests |
| Send marketing communications (newsletter, product updates) | Consent (opt-in only) |
| Detect, prevent, and respond to fraud, abuse, or security incidents | Legitimate interests / legal obligation |
| Comply with legal obligations (tax, regulatory, court orders) | Legal obligation |
| Enforce our Terms and protect our rights | Legitimate interests |
We do not use your call recordings, transcripts, or Customer Data to train AI models in any way that would identify you, your business, or your callers.
4. HOW WE SHARE YOUR INFORMATION
We do not sell your personal information. We share data only in the following circumstances:
4.1 Service Providers (Sub-Processors)
We use the following third-party service providers to operate the Service. Each is bound by data processing agreements requiring confidentiality and appropriate security measures:
| Provider | Purpose | Location |
|---|---|---|
| MongoDB Atlas | Primary database hosting | [REGION_TO_BE_CONFIRMED] |
| Vercel Inc. | Website and application hosting | Global edge network |
| Paddle.com Market Limited | Payment processing and tax remittance | United Kingdom / Global |
| Google LLC | OAuth authentication, Calendar, Gmail, Sheets, Drive integrations | United States |
| [VOICE_INFRASTRUCTURE_PROVIDER] | Telephony and voice processing | [TO_BE_CONFIRMED] |
| [AI_MODEL_PROVIDER] | Natural language and voice AI processing | [TO_BE_CONFIRMED] |
| [EMAIL_DELIVERY_PROVIDER] | Transactional email delivery | [TO_BE_CONFIRMED] |
| [ANALYTICS_PROVIDER, IF_ANY] | Product usage analytics | [TO_BE_CONFIRMED] |
An updated sub-processor list is available at https://iriscalls.com/sub-processors. We will notify customers of material changes to our sub-processor list.
4.2 Legal Compliance
We may disclose information when required by law, court order, subpoena, or to protect our rights, property, or safety, or that of our users or the public.
4.3 Business Transfers
If IrisCalls is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide options where required by law.
4.4 With Your Consent
We may share information for other purposes with your explicit consent.
5. INTERNATIONAL DATA TRANSFERS
IrisCalls is based in Pakistan, and our service providers operate globally. Your information may be transferred to, processed in, and stored in countries outside your country of residence, including the United States, the United Kingdom, the European Union, and other regions where our sub-processors operate.
For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions where applicable;
- Other lawful transfer mechanisms.
You can request a copy of the safeguards we use by emailing support@iriscalls.com.
6. DATA RETENTION
We retain your information only as long as necessary for the purposes described in this Policy:
| Data Type | Retention Period |
|---|---|
| Account information | For the duration of your account, plus [RETENTION_PERIOD_AFTER_CLOSURE] after account closure |
| Call recordings (if enabled) | [CALL_RECORDING_RETENTION_PERIOD], unless you configure a different retention or delete sooner |
| Call transcripts and logs | [TRANSCRIPT_RETENTION_PERIOD] |
| Appointment data | For the duration of your account |
| Billing records | At least 7 years (for tax and accounting compliance under Pakistani law) |
| Marketing preferences and consents | Until you withdraw consent |
| Server logs and security logs | Up to 12 months |
After the retention period, data is deleted or fully anonymized. You may request earlier deletion in accordance with Section 7.
7. YOUR RIGHTS
Depending on your jurisdiction, you have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Rectification: Request correction of inaccurate or incomplete information.
- Erasure ("Right to be Forgotten"): Request deletion of your personal information, subject to legal retention obligations.
- Restriction: Request that we limit how we process your information.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests, including direct marketing.
- Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
- Lodge a Complaint: File a complaint with a data protection authority in your jurisdiction.
How to Exercise Your Rights
Email support@iriscalls.com with your request. We will respond within 30 days. We may need to verify your identity before fulfilling the request.
Rights for End Users (Callers)
If you are an End User (someone who called or was called by an IrisCalls customer), the customer is the data controller for your information. Please direct your request to that business directly. If they are unresponsive, you may contact us at support@iriscalls.com and we will assist where possible.
California Residents (CCPA/CPRA)
California residents have additional rights including the right to know what personal information is collected, the right to delete, the right to correct, the right to opt out of the "sale" or "sharing" of personal information, and the right to non-discrimination. We do not sell or share personal information for cross-context behavioral advertising. To exercise your rights, email support@iriscalls.com.
8. SECURITY
We implement industry-standard technical and organizational measures to protect your information, including:
- Encryption in transit using TLS 1.3.
- Encryption at rest using AES-256 for sensitive data.
- Access controls and authentication for our systems and personnel.
- Secure password storage using industry-standard hashing algorithms.
- Regular security reviews, vulnerability scans, and dependency updates.
- Sub-processor agreements requiring equivalent security standards.
No system is 100% secure. If we become aware of a security breach affecting your personal information, we will notify you and applicable regulators within the timeframes required by law (e.g., 72 hours under GDPR).
9. COOKIES AND TRACKING
We use cookies and similar technologies on iriscalls.com for:
- Strictly necessary cookies: Required for authentication and session management. These cannot be disabled.
- Functional cookies: Remember your preferences (language, theme).
- Analytics cookies: Measure how visitors use our site (only with your consent in regions requiring it).
- No advertising cookies: We do not use third-party advertising or retargeting cookies.
You can manage cookie preferences through our cookie banner or your browser settings. Blocking strictly necessary cookies may break Service functionality.
10. CHILDREN'S PRIVACY
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, contact support@iriscalls.com and we will delete it.
11. AI AND AUTOMATED PROCESSING
The Service uses artificial intelligence to process voice calls, generate transcripts, and produce email content. This processing is automated. You acknowledge that:
- AI outputs may contain errors, mishear words, or misclassify intent.
- AI does not make legal, medical, or financial decisions on your behalf.
- You remain responsible for reviewing and acting on AI-generated outputs.
You have the right under applicable law (such as GDPR Article 22) to request human review of decisions made solely by automated processing where those decisions have legal or similarly significant effects on you. The IrisCalls Service is not designed to make such decisions; it is a communication tool.
12. CALL RECORDING NOTICE
Call recording is optional and disabled by default. If you (the IrisCalls customer) enable recording:
- You are solely responsible for complying with applicable call recording laws in your jurisdiction, including obtaining required consent from callers.
- IrisCalls provides configurable disclosure prompts, but you must verify they meet your local legal requirements.
- IrisCalls does not access, listen to, or share your call recordings except as necessary to operate the Service or comply with law.
13. THIRD-PARTY LINKS AND SERVICES
The Service may contain links to third-party websites, integrations with third-party platforms (Google, Microsoft, etc.), and embedded content. We are not responsible for the privacy practices of those third parties. Review their privacy policies separately.
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least 14 days before they take effect. The "Last Updated" date at the top reflects the latest revision.
Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
15. CONTACT US
For questions, complaints, or to exercise your privacy rights:
IrisCalls LLC [REGISTERED_BUSINESS_ADDRESS] [CITY], Pakistan Email: support@iriscalls.com Website: https://iriscalls.com
By using IrisCalls, you acknowledge that you have read and understood this Privacy Policy.