Section 01

Who we are, what this covers.

We are SoloDial. This policy covers solodial.com and the SoloDial application. For employees and callers of our customers, read Section 07.

SoloDial ("we", "us") is the data controller for personal data we collect about visitors to solodial.com and account holders on our platform.

For personal data about your callers (for example, the phone number, name, or recording of someone who calls your business), SoloDial is a data processor acting on behalf of you, our customer, who is the data controller. This policy describes what we do with that data as a processor.

Section 02

What we collect.

Just what we need to run the service. Your account info. Your call content. Minimal analytics. No tracking across other sites.

Category	What it is	Why we have it
Account	Business name, owner name, email, phone, address.	To set up your account, send important notices, bill you.
Payment	Card on file, billing address, billing history. Card numbers are stored by our payment processor (Stripe), not by us.	To process subscription payments.
Configuration	Your AI agent's scripts, voice choice, connected calendars, connected CRMs, greeting text, business hours.	To operate the Service the way you set it up.
Call content	Recordings, transcripts, AI summaries, caller numbers, caller names (if matched via CRM), appointments booked.	So you can play back calls, see the transcript, review what happened. Processed on your behalf.
Usage	Login times, IP addresses, pages visited in the dashboard, errors encountered.	To keep the Service running, diagnose bugs, secure your account.
Cookies	A session cookie while you are logged in, and a theme preference. No third-party ad or analytics cookies.	To keep you signed in and remember your light/dark preference.

Section 03

Why we use it.

Three reasons. Run the service for you. Keep it safe. Follow the law.

We use personal data to:

Provide and operate the Service, including routing calls, generating transcripts and summaries, booking appointments, and syncing to your connected calendar and CRM.
Bill you and keep records of your subscription.
Keep the Service secure, prevent fraud and abuse, and diagnose bugs.
Respond to your support requests and send operational emails (billing notices, security alerts, service updates).
Comply with legal obligations (including responding to lawful legal process).

We do not use personal data for advertising. We do not sell personal data. We do not share personal data with data brokers.

Section 04

We do not train AI on your data.

Your calls never go into any AI training pipeline. Not ours. Not our partners'.

We do not, and will not, use Customer Data (including call recordings, transcripts, summaries, caller information, scripts, or knowledge-base content) to train, fine-tune, or otherwise improve any artificial intelligence model.

Our AI model providers (including OpenAI and Anthropic) receive call content only for the purpose of generating a real-time response, and only under their zero-data-retention enterprise terms. Providers are contractually prohibited from retaining or training on that content.

Section 05

Who we share with.

Only the vendors we need to run the service. Each one is bound by a contract.

We share personal data only with the following categories of service providers (subprocessors), each of whom processes data under a written contract consistent with this policy:

Telephony carriers (e.g., Twilio) to place and receive calls.
AI model providers (e.g., OpenAI, Anthropic) to power the receptionist's responses. Enterprise zero-data-retention terms are in effect.
Cloud infrastructure (e.g., our US-based hosting and database providers) to store and serve the Service.
Payment processor (Stripe) to process your subscription payments.
Email provider to send you operational emails.
Calendar and CRM vendors you authorize (e.g., Google Calendar, Microsoft 365, HubSpot, Salesforce, Zoho, Dynamics 365, Pipedrive), only for the purpose of syncing data you connect.

A current list of subprocessors is available on request by emailing privacy@solodial.com.

We may also disclose personal data when required by law, to respond to valid legal process, to protect our rights and property, or in connection with a merger or acquisition (in which case we will notify you before your data becomes subject to a different policy).

Section 06

How long we keep it.

As long as your account is active, plus short windows after. You can delete sooner.

Data type	How long
Account + configuration	Until you close your account.
Call recordings + transcripts	For the life of your account, unless you delete them sooner. Deletions from active systems take effect immediately; backup copies are purged within 90 days.
Billing records	Seven years for tax and audit purposes, as required by law.
Security logs	Up to 90 days, then deleted.
Cookies	Session cookies expire when you sign out. Theme preference persists until you clear it.

If you close your account, we delete Customer Data from active systems within 30 days and from backups within 90 days, except where retention is required by law.

Section 07

If you called a SoloDial customer.

If you're reading this because a business you called uses SoloDial, the business is the data controller, not us. Contact them to access or delete your data.

When you call a business that uses SoloDial to answer the phone, that business is our customer and the data controller for the recording, the transcript, the caller ID, and any other personal data about you. SoloDial is a data processor acting on their behalf.

To request access to, correction of, or deletion of your personal data, contact that business directly. If you can't reach them, email privacy@solodial.com and we'll help route the request to them.

The AI announces at the start of each call that the call is being recorded. If you do not wish to be recorded, you may hang up and contact the business by another means.

Section 08

Your rights.

You can ask what we have, correct it, or delete it. We'll do it within 30 days. Residents of California, the EU, and the UK have the same rights plus a few extras.

Depending on where you live, you may have the following rights regarding personal data we hold about you:

Access: request a copy of the personal data we hold about you.
Correction: ask us to correct inaccurate personal data.
Deletion: ask us to delete your personal data.
Portability: request an export of your data in a machine-readable format.
Objection / restriction: ask us to stop or limit certain processing.
Withdraw consent: where processing is based on consent, withdraw it at any time.

Residents of California have additional rights under the CCPA / CPRA to know what we collect, to opt out of sale (we do not sell), and to non-discrimination for exercising those rights. Residents of the European Economic Area and the United Kingdom have rights under the GDPR and UK GDPR.

To exercise any right, email privacy@solodial.com. We will verify your identity and respond within 30 days. We won't charge you a fee.

Section 09

How we protect it.

Encrypted in transit. Encrypted at rest. Access limited to the people who need it. Audit logs.

We use commercially reasonable administrative, technical, and physical safeguards to protect personal data, including:

TLS encryption for all data in transit.
Encryption at rest for recordings, transcripts, and account data.
Role-based access controls and mandatory two-factor authentication for employees.
Audit logging of administrative actions.
Regular security reviews and incident response procedures.

No system is 100% secure. If we become aware of a data breach that affects your personal data, we will notify you without undue delay and in accordance with applicable law.

Section 10

Minors.

The service is for businesses. Not for kids.

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact privacy@solodial.com and we will delete it.

Section 11

International transfers.

Our servers are in the United States. If you're outside the US, your data travels there.

SoloDial's infrastructure is located in the United States. If you access the Service from outside the US, your personal data will be transferred to, stored, and processed in the US.

For EU / UK customers, we rely on the European Commission's Standard Contractual Clauses (or the UK's International Data Transfer Addendum) as the legal basis for such transfers. These are available on request.

Section 12

Medical offices and HIPAA.

We are not HIPAA-compliant by default. If you're a covered entity, ask us about our HIPAA add-on and signed BAA before you go live.

Standard SoloDial accounts are not configured for HIPAA-regulated workloads. If you are a covered entity or business associate under HIPAA, do not transmit Protected Health Information (PHI) through a standard account.

We offer a HIPAA add-on that includes a signed Business Associate Agreement (BAA), stricter retention controls, and audit-log retention. To enable it, email privacy@solodial.com before you deploy.

Section 13

Changes to this policy.

We may update it. Material changes get a 30-day email heads-up.

We may update this policy from time to time. For material changes (for example, adding a new purpose of processing or a new category of subprocessor) we will notify you by email at least 30 days before the change takes effect. For non-material clarifications we will post the updated policy and update the "Last updated" date above.

Section 14

Contact.

Privacy questions and data-subject requests: privacy@solodial.com. General questions: hello@solodial.com. Security reports: security@solodial.com.

Your data, your rules.