Privacy Policy

Effective date: 15 May 2026

Last updated: 15 May 2026

1. Who we are

This Privacy Policy describes how CallChecker AI OÜ (“CallChecker“, “we“, “our“, “us“), operator of the website callchecker.app and the related call-analytics service (the “Service“), collects, uses, shares, and protects personal data.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, CallChecker AI OÜ is the data controller of personal data we collect about visitors to our website and representatives of our business customers. For personal data contained in call recordings, transcripts, and related materials uploaded or transmitted to the Service by a customer (“Customer Content“), our customer is the controller and we act as a processor on the customer’s behalf, as further described in section 4.

2. Scope

This Policy applies to:

  • the public website at callchecker.app and any subdomains;
  • the CallChecker web application, dashboards, APIs, and add-ons;
  • communications you exchange with us (email, demo requests, support tickets).

This Policy does not cover third-party websites or services that may be linked from our Service, even when integrated with it (for example, your CRM, dialer, or speech-to-text provider). Those services are governed by their own privacy notices.

3. Personal data we collect

We collect personal data in the following categories.

3.1 Information you provide directly

  • Account and contact data: name, business email, phone number, job title, employer, login credentials.
  • Demo and sales enquiries: information submitted via our contact / demo-request forms, including any free-text message you provide.
  • Billing data: billing contact name, billing address, VAT/Tax ID, and limited payment metadata (we do not store full card numbers; card data is handled by our payment processor).
  • Support communications: the content of emails, chat messages, and tickets you send us.

3.2 Customer Content processed on behalf of customers

When a customer uses the Service, the customer (or its authorised users) uploads or transmits to us call audio, video, transcripts, metadata (timestamps, participant identifiers, agent and queue IDs), CRM records, scorecards, and similar materials. This Customer Content may contain personal data about the customer’s employees (e.g., call-center agents) and the customer’s end users (e.g., callers). We process this data only as a processor on the customer’s documented instructions, in accordance with a Data Processing Agreement (DPA) executed with the customer.

3.3 Information collected automatically

  • Usage and device data: IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, features used, timestamps, approximate location derived from IP.
  • Cookies and similar technologies: see section 9.
  • Logs and diagnostics: application logs, error reports, performance traces. These may incidentally include identifiers tied to a user session.

3.4 Information from third parties

  • Integrations: when a customer connects a third-party platform (e.g., CRM, telephony, dialer, speech-to-text provider), we receive data from that platform as configured by the customer.
  • Identity / SSO providers: if you sign in via a single-sign-on provider, we receive basic profile information from that provider.
  • Public sources: publicly available business contact data used for marketing in jurisdictions where this is permitted.

4. How we use personal data and our legal bases (GDPR)

We use personal data for the purposes set out below. Where GDPR applies, the corresponding legal basis is shown.

# Purpose Legal basis
a Provide, operate, maintain, and improve the Service, including transcription, scoring, analytics, dashboards, and reporting. Performance of a contract; legitimate interests in operating and improving the Service.
b Process Customer Content to deliver the analytic outputs requested by the customer (transcribe audio, score interactions, generate reports). Acting as a processor on the customer’s instructions; performance of our contract with the customer.
c Manage accounts, authentication, security, and access control. Performance of a contract; legitimate interests in securing the Service; legal obligation.
d Communicate with you about the Service (service notices, security alerts, support). Performance of a contract; legitimate interests; legal obligation.
e Marketing and sales communications, including responding to demo requests and sending product updates to business contacts. Consent where required; otherwise legitimate interests in promoting our business. You may unsubscribe at any time.
f Billing, invoicing, fraud prevention, and recovery of amounts owed. Performance of a contract; legal obligation; legitimate interests.
g Comply with law and respond to lawful requests from public authorities. Legal obligation.
h Establish, exercise, or defend legal claims and protect our rights, property, and safety. Legitimate interests.
i Aggregated or de-identified analytics that no longer identify any individual (e.g., model quality metrics, capacity planning). Legitimate interests.

We do not sell personal data. We do not use Customer Content to train or improve general-purpose AI models for our own benefit or for any third party, except where strictly necessary to deliver the Service and only on the customer’s documented instructions.

5. AI processing and automated decisions

The Service uses automated speech-to-text and large-language-model technologies to transcribe and score calls. Outputs (transcripts, summaries, scorecards, classifications) are produced automatically and may contain errors or inaccuracies. They are intended to assist human reviewers — not to replace them — and should not be the sole basis of any decision producing legal or similarly significant effects on a data subject.

If an individual is subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on them, they have the right to obtain human intervention, express their point of view, and contest the decision. Requests should be directed to the relevant customer (acting as controller) or, where appropriate, to us at [email protected].

6. How we share personal data

We share personal data only as described below.

  • Sub-processors and service providers who help us run the Service, including cloud hosting, storage, speech-to-text and AI/LLM providers, error monitoring, analytics, email delivery, payment processing, and customer support. A current list of sub-processors processing Customer Content is available on request to [email protected] and is incorporated by reference into our DPA.
  • Customers and their authorised users. Within a customer’s tenant, users with appropriate permissions can access Customer Content and account data for that tenant.
  • Corporate transactions. If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, personal data may be transferred as part of that transaction, subject to standard confidentiality obligations.
  • Legal and safety. We may disclose personal data where we believe in good faith that disclosure is necessary to comply with applicable law, lawful requests from public authorities, court orders, or to protect the rights, property, or safety of CallChecker, our customers, or others.

We do not share personal data with third parties for their own independent marketing purposes.

7. International data transfers

The Service is operated from, and data may be processed in, jurisdictions outside the data subject’s country of residence, including the United States and the European Union. Where personal data is transferred from the EEA, the UK, or Switzerland to a country that has not been recognised as providing an adequate level of protection, we put in place appropriate safeguards, typically the European Commission’s Standard Contractual Clauses (and the UK Addendum or Swiss equivalent where applicable), together with supplementary technical and organisational measures as required. A copy of the safeguards can be requested at [email protected].

8. Retention

We retain personal data only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Customer Content (call recordings, transcripts, scoring data): retained for the period configured by the customer in its account or specified in the customer’s contract. On termination of the customer’s subscription, Customer Content is deleted or returned in accordance with the DPA, subject to backup retention windows.
  • Account and billing records: retained for the term of the relationship and thereafter for the period required by applicable tax, accounting, and statute-of-limitations rules (typically up to 7–10 years depending on jurisdiction).
  • Marketing data: retained until you opt out or the contact becomes stale.
  • Logs and security data: retained for up to 12 months unless a longer period is needed to investigate an incident.

9. Cookies and similar technologies

We use cookies and similar technologies on the website and within the application to:

  • keep you signed in and remember your preferences (strictly necessary);
  • measure traffic and improve performance (analytics);
  • understand the effectiveness of marketing campaigns (marketing — only where you have consented, where consent is required).

Where required by law, we will request your consent through a cookie banner before setting non-essential cookies. You can withdraw consent or change preferences at any time. Most browsers also allow you to block or delete cookies via the browser settings.

10. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Access — obtain confirmation of, and a copy of, the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete personal data.
  • Erasure — request deletion of personal data (“right to be forgotten”).
  • Restriction — request that we limit how we use your personal data.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Portability — receive your personal data in a portable format and have it transmitted to another controller, where technically feasible.
  • Withdraw consent — where processing is based on consent, withdraw consent at any time without affecting prior processing.
  • Not be subject to solely automated decisions with legal or similarly significant effects, as described in section 5.
  • Complain to a supervisory authority in your jurisdiction.

For residents of California, the rights under the CCPA/CPRA include the right to know, delete, correct, opt out of sale or share of personal information (we do not sell or share for cross-context behavioural advertising), and the right not to be discriminated against for exercising your rights.

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before responding. For Customer Content, we will normally forward your request to the relevant customer (the controller) and assist them in responding.

11. Security

We implement reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encryption at rest for Customer Content, role-based access controls, network segmentation, audit logging, vulnerability management, and personnel confidentiality obligations.

No method of transmission or storage is completely secure. If we become aware of a personal data breach affecting your personal data, we will notify you in accordance with applicable law.

12. Children

The Service is intended for business use and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will take appropriate steps to delete it.

13. Third-party links and integrations

The Service may interoperate with, or link to, third-party services. We are not responsible for the privacy practices of those third parties. Please review their privacy notices before providing personal data.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will revise the “Last updated” date and, where appropriate, provide additional notice (such as by email or an in-app banner). Your continued use of the Service after a change takes effect constitutes acceptance of the revised Policy.

15. Contact

For any question about this Policy or our processing of personal data, including to exercise your rights or to request our sub-processor list or transfer safeguards, contact us at:

CallChecker AI OÜ
Narva mnt 5, 10117 Tallinn, Estonia
Email: [email protected]