Privacy Policy

Effective date: May 19, 2026 · Last updated: May 19, 2026

1. Who we are

Call AGENT 007 (“CallAgent,” “we,” “us,” or “our“) operates the AI voice receptionist service at callagent007.com and app.callagent007.com (collectively, the “Service“). This Privacy Policy explains how we collect, use, share, and protect information when you use the Service.

Our address:
Call AGENT 007
954 Av. Juan Ponce de León
San Juan, PR 00907
Puerto Rico, United States

If you have questions about this policy or how we handle your information, contact us at hello@callagent007.com.

2. Information we collect

We collect the following categories of information:

2.1 Information you provide directly

• Account information: business name, contact email, phone number, plan selection, and (for paid plans) billing details processed by our payment provider.
• Business configuration: the agent prompt, knowledge base content, business hours, transfer numbers, calendar integrations, and notification preferences you set in your dashboard.
• Customer communications: if you contact our support team by email, we retain the content of those communications.

2.2 Information from callers

When a caller interacts with an AI agent you’ve configured, we collect:

• Caller phone number (for voice calls placed through Twilio).
• Audio recordings and transcripts of the call, generated by our voice provider Retell AI.
• Information the caller shares with the agent during the call (name, contact details, the purpose of the call, appointment preferences, etc.).
• Call metadata: start/end time, duration, disposition, and analytics derived from post-call analysis.

2.3 Information from connected third-party services

• Google Calendar (if you connect it): OAuth tokens, your primary calendar’s free/busy information, and events we create on your behalf. See section 4 for our limited use of this data.
• Cal.com (if you connect it): your Cal.com API key and event-type IDs.
• Website content (during onboarding): publicly available text from the website URL you provide, scraped to generate your agent’s initial knowledge base.

2.4 Information collected automatically

• Log data: IP address, browser type, pages visited, request timestamps, referring URLs.
• Authentication state: session cookies and tokens to keep you logged in.
• Limited analytics: aggregated, non-identifying usage metrics. We do not deploy advertising trackers.

3. How we use information

• To provide, operate, and maintain the Service for you and your callers.
• To handle calls on your behalf — including answering questions, transferring to a human, and booking appointments through your connected calendar.
• To process payments and manage your subscription.
• To send transactional emails (account notifications, billing receipts, security alerts).
• To improve the Service: analyze aggregate usage, debug issues, and develop new features. We do not use customer call recordings or transcripts to train third-party AI models.
• To comply with legal obligations and enforce our Terms of Service.

4. Google API Services User Data Policy

CallAgent’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when you connect Google Calendar:

• Scopes we request:
  • https://www.googleapis.com/auth/calendar.events — to create new calendar events when a caller books an appointment.
  • https://www.googleapis.com/auth/calendar.events.freebusy — to check your calendar’s free/busy windows so the agent can offer available time slots during a call.
• How we use Google user data: exclusively to provide the appointment-booking feature you opted into. Free/busy windows are read at call time to surface available slots; new events are written when a caller confirms a booking.
• How we store Google user data: we store your OAuth refresh token in encrypted form (AES-256-GCM at rest) so the agent can act on your behalf during calls. We do not cache calendar events or free/busy data on our servers.
• What we do NOT do with Google user data:
  • We do not use Google user data for advertising or to develop, improve, or train generalized AI/ML models.
  • We do not transfer Google user data to third parties except as necessary to provide the booking feature (e.g., to display the booked-event metadata back to you in your dashboard, or to allow our voice provider to confirm the booking to the caller during the same call).
  • We do not allow humans to read your Google user data unless we have your explicit consent, it is needed for security purposes (e.g., investigating abuse), or it is required by law.
• Revoking access: you can disconnect Google Calendar from your dashboard at any time, and you can revoke our access directly from your Google Account at myaccount.google.com/permissions. When you disconnect, we delete the stored OAuth refresh token. Existing events we created on your calendar remain unless you delete them.

5. How we share information

We share information only as needed to provide the Service. We engage third-party service providers (“subprocessors”) in the following categories:

• Cloud infrastructure and database providers — to host the application, store customer and caller data, and authenticate users.
• Telephony and communications providers — to route inbound and outbound calls, provision phone numbers, and process call audio.
• Voice AI and speech-processing providers — to operate the AI agent, including transcription, language understanding, and text-to-speech.
• Payment processing providers — to handle subscription billing, refunds, and credit-card data. We never see your card number ourselves.
• Transactional email providers — to deliver account notifications and billing receipts.
• Web-content collection providers — to retrieve publicly available content from the website URL you provide during onboarding, used to generate your initial agent prompt.
• AI language-model providers — to draft an initial agent prompt during onboarding based on the descriptors you supply.
• Calendar integration providers — only if you choose to connect a calendar, to read free/busy windows and create new events on your behalf. See section 4 for our specific Limited Use commitments regarding Google Calendar.

Each subprocessor receives only the data necessary to perform its function, is bound by contractual confidentiality and security obligations, and is not authorized to use that data for any other purpose. A current named list of our subprocessors is available on request to customers under a Data Processing Agreement: email hello@callagent007.com.

We may also disclose information when required by law, in response to a valid subpoena or government request, to protect the security of our Service or our users, or in connection with a merger or asset sale (with continuing notice obligations).

6. How long we keep your data

• Account data: kept while your account is active. After cancellation, retained for up to 30 days then permanently deleted.
• Call recordings & transcripts: retained while your account is active to provide the post-call review feature. Deleted on the same schedule as the rest of your account.
• Onboarding intake records: retained for up to 30 days then deleted.
• Billing records: retained for the period required by tax law (typically 7 years).

7. Your rights

Depending on where you live, you may have the following rights:

• Right to know what personal information we hold about you.
• Right to access a copy of that information.
• Right to deletion of your information, subject to legal retention requirements.
• Right to correction of inaccurate information.
• Right to opt out of any sale or sharing of personal information — we do not sell or share personal information for cross-context behavioral advertising.

You can exercise the right to know and the right to deletion directly from your dashboard at Settings → Account. For other requests, email hello@callagent007.com. We respond within 45 days as required by the California Consumer Privacy Act (“CCPA”).

If you are in the European Economic Area or United Kingdom, you also have rights under the General Data Protection Regulation including the right to lodge a complaint with your local data protection authority.

8. Security

We use industry-standard safeguards including TLS encryption in transit, AES-256-GCM at-rest encryption for sensitive credentials (API keys, OAuth tokens), strict access controls, audit logging, and least-privilege Row Level Security policies on our database. No system is perfectly secure; if we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.

9. International transfers

Our infrastructure is hosted in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service you consent to this transfer.

10. Children’s privacy

The Service is not intended for individuals under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Cookies

We use first-party cookies and equivalent local storage only for: (a) authenticating your session, (b) remembering your preferences (dark mode, last tab visited), and (c) detecting fraudulent or abusive sign-up attempts. We do not use advertising or cross-site tracking cookies.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we’ll revise the “Last updated” date at the top of this page. If the changes are material we’ll provide additional notice (such as an email or an in-app banner). Your continued use of the Service after the new policy takes effect constitutes your acceptance of the revised terms.

13. Contact us

For any questions, requests, or complaints regarding this Privacy Policy or our handling of your personal information:

Call AGENT 007
954 Av. Juan Ponce de León
San Juan, PR 00907
Puerto Rico, United States
Email: hello@callagent007.com
Web: callagent007.com