Privacy Policy
Last updated: 21 July 2025
1. Overview
Kalimba AI Reception (“Kalimba”, “we”, “us”) provides a cloud-based virtual receptionist service that greets and routes phone calls, generates AI responses, and stores call transcripts for your review. This Privacy Policy explains how we collect, use, and protect Personal Data when you (“Customer”, “you”) or callers interact with our websites, apps, and phone services (collectively, the “Services”). By using the Services, you consent to the practices described below.
2. The Data We Collect
- Account Data. Name, business name, email address, billing address, chosen password, and plan information captured at sign-up.
- Payment Data. Encrypted card details and payment tokens processed exclusively byStripe, Inc. Kalimba never stores raw card numbers.
- Call Metadata. Caller ID, call start / end timestamps, Twilio Call SID, destination label, call duration, and billing minutes.
- Call Audio (Optional). If recording is enabled, µ-law audio streams are stored transiently in memory, relayed to OpenAI for real-time transcription, and discarded after the call finishes unless you opt-in to archival.
- Transcripts & Summaries. The AI-generated textual transcript and call summary saved as a private
call_logpost in your WordPress account. - Business Profile. Content you enter in the “Edit Prompt” wizard (hours, services, FAQs, etc.).
- Usage Data. Server logs, device/browser type, IP address, referral URLs, and cookie identifiers.
- Cookies & Similar Technologies. See Section 9 for details.
3. How We Use Data
- To provision and maintain the Services;
- To route live calls and deliver AI responses;
- To display transcripts, call summaries, and analytics in your dashboard;
- To process payments and detect fraud;
- To diagnose bugs, monitor uptime, and secure the API;
- To improve our speech/LLM prompts, models, and UX (aggregated and de-identified analytics only);
- To send transactional notices (invoices, password resets) and limited product updates (you may opt out).
4. Legal Bases (GDPR)
For users in the EEA/UK, our processing relies on:
• Contract necessity (providing the Services you requested);
• Legitimate interests (security, product improvement);
•Consent (for marketing emails, optional call recording).
5. Sharing — Third-Party Processors
We do not sell or rent Personal Data. We disclose it only to the processors below, strictly for the purposes shown.
| Provider | Role | Data Shared |
|---|---|---|
| Twilio, Inc. | Telephony & SMS | Call audio, caller ID, routing events |
| OpenAI, L.P. | Speech-to-text & LLM responses | Live audio stream, business prompt |
| Stripe, Inc. | Payment processing | Billing name, email, card token |
| Amazon Web Services | Hosting (Heroku/AWS us-east-1) | Application logs, encrypted env vars |
6. Data Retention
- Account & Billing. Kept for the life of the account + 7 years (tax & audit).
- Call Transcripts. Stored indefinitely unless you delete them in the dashboard or request erasure.
- Call Audio. Deleted automatically after 30 days (or sooner if disabled).
- Server Logs. 90 days, then aggregate metrics only.
7. Security Measures
• TLS 1.2+ encryption in transit and AES-256 at rest;
• HSTS, CSP, and automatic patching of dependencies;
• Role-based access, 2-factor auth for staff;
• Annual penetration testing;
• Separate staging v. production environments.
8. Your Rights
Depending on your region, you may have the right to access, correct, download, or delete Personal Data, object to or restrict processing, and withdraw consent at any time. Email privacy@kalimba.world to exercise these rights. We will respond within 30 days.
9. Cookies & Analytics
We use first-party cookies for session authentication and CSRF protection, plus Google Analytics 4 for aggregated traffic stats (IP anonymization enabled). You can disable cookies in your browser, but parts of the dashboard may not function.
10. Children’s Privacy
The Services are not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have, please contact us for deletion.
11. International Transfers
Data is stored in the United States. Where EU/UK data is transferred, we rely on Standard Contractual Clauses and supplementary safeguards (encryption, strict access controls).
12. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be announced via email or in-app banner at least 7 days before they take effect.
13. Contact
Questions or concerns? Email support@kalimba.world
