1. Introduction

VoiceCharm LLC ("VoiceCharm," "we," "our," or "us") operates the voicecharm.ai website and the VoiceCharm AI receptionist platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, phone number, business name, and industry when you create an account.
Payment Information: Billing details processed securely by Stripe. We never store your full credit card number on our servers.
Business Content: Business descriptions, FAQ answers, service lists, and website content you provide to train your AI receptionist.
Communications: Emails, support requests, and other correspondence you send us.

2.2 Information Collected Automatically

Call Data: Inbound and outbound call recordings, transcripts, caller phone numbers, call duration, and timestamps.
Usage Data: Minutes consumed, feature usage, login activity, and portal interactions.
Device & Log Data: IP address, browser type, operating system, referring URLs, and pages viewed.
Cookies & Tracking: We use cookies and similar technologies to analyze traffic and personalize your experience.

2.3 Third-Party Integrations

Google Calendar: If you connect Google Calendar, we access calendar availability and create booking events on your behalf. See Section 3A below for full details on Google user data.
Vapi (Voice AI): Call audio and metadata are processed through Vapi's infrastructure to power your AI receptionist.

3. How We Use Your Information

We use collected information to:

Provide, operate, and maintain the AI receptionist Service
Process transactions and send billing-related communications
Train and customize your AI receptionist with your business information
Transcribe and summarize calls for your review
Check calendar availability and book appointments on your behalf
Send service notifications, alerts, and updates
Provide customer support and respond to inquiries
Improve service quality and user experience (note: Google user data is never used for AI/ML model training — see Section 3A)
Detect and prevent fraud, abuse, or security incidents
Comply with legal obligations

3A. Google User Data — Access, Use, Storage & Sharing

VoiceCharm's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, VoiceCharm limits its use of Google user data to providing or improving the user-facing features that are prominent in VoiceCharm's user interface (appointment scheduling via Google Calendar). VoiceCharm does not use Google user data for serving advertisements, for AI/ML model training unrelated to the product, or for any purpose other than providing and improving the appointment-scheduling functionality of the Service.

What Google data we access

When you connect your Google Calendar to VoiceCharm, we request access to:

Google Calendar events (read & write) — to check your real-time availability and create appointment bookings on your behalf
Google Calendar free/busy information (read-only) — to determine available time slots without reading event details
Google account email address — to identify and display which Google account is connected

We only request the minimum scopes necessary: calendar.events, calendar.readonly, and userinfo.email.

How we use Google data

VoiceCharm uses your Google Calendar data solely to provide and improve the core appointment-scheduling functionality of the Service:

Check your real-time availability when a caller requests an appointment
Create calendar events when appointments are booked by your AI receptionist
Display your connected Google account email in your portal settings

We do not use Google user data for:

Advertising, remarketing, or building user profiles for advertising purposes
AI/ML model training, analytics, or any form of generalized data processing
Selling, renting, or transferring to third parties for purposes unrelated to providing the Service
Any purpose other than providing or improving the user-facing appointment-scheduling features described above

How we store Google data

OAuth refresh tokens are stored encrypted in our database (Convex) and used solely to maintain your calendar connection and obtain short-lived access tokens.
Access tokens are cached temporarily (up to 1 hour) and automatically refreshed. They are never stored permanently.
Calendar event data is read in real time and is not stored, cached, or copied to our servers beyond what is needed to complete a single availability check or booking request.
Email address from your Google account is stored to display which account is connected.

How we share Google data

We do not share, sell, rent, or transfer your Google user data to any third party, except:

To Vapi (our voice AI provider) — only the available time slots (not raw calendar data) are shared so your AI receptionist can offer appointment times to callers.
As required by law, regulation, or legal process.

No other third party receives access to your Google Calendar data. We do not use Google data for any form of advertising or profiling.

Revoking access

You can disconnect your Google Calendar at any time from your VoiceCharm portal settings. You may also revoke VoiceCharm's access directly from your Google Account permissions page. Upon disconnection, we immediately delete your stored OAuth tokens and cease all access to your Google Calendar data.

Data retention for Google data

OAuth tokens are retained only while your Google Calendar connection is active. Upon disconnection or account cancellation, tokens are deleted within 24 hours. We do not retain copies of your calendar events.

4. How We Share Your Information

We do not sell your personal information. We may share data with:

Service Providers: Stripe (payments), Vapi (voice AI), Google (calendar), Resend (email), and cloud hosting providers that help us deliver the Service.
Legal Requirements: When required by law, court order, or governmental authority.
Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
With Your Consent: When you explicitly authorize sharing.

5. Data Security

We implement industry-standard security measures including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. OAuth tokens and sensitive credentials are stored encrypted. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

Call Recordings & Transcripts: Retained for 90 days by default. Contact us to request extended or shortened retention.
Account Data: Retained while your account is active and for up to 30 days after cancellation.
Payment Records: Retained as required by financial regulations (typically 7 years).
Analytics Data: Aggregated and anonymized data may be retained indefinitely for service improvement.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

Access: Request a copy of your personal data.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data ("right to be forgotten").
Portability: Request your data in a machine-readable format.
Opt Out: Unsubscribe from marketing emails at any time.
Revoke Integrations: Disconnect Google Calendar or other integrations from your portal settings.

To exercise any of these rights, email us at privacy@voicecharm.ai.

8. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

9. HIPAA Compliance

For healthcare customers requiring HIPAA compliance, VoiceCharm can execute a Business Associate Agreement (BAA). Please contact us at hello@voicecharm.ai to discuss HIPAA-compliant configurations.

10. Children's Privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If we learn we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: privacy@voicecharm.ai
General: hello@voicecharm.ai
Address: VoiceCharm LLC, San Francisco, CA