CallAmplify ("we") provides an AI phone assistant for small businesses. This policy explains how we process personal data under the GDPR, the UK GDPR and the Swiss FADP (full legal texts linked).
For our customers' account data (name, email, billing) we act as the data controller. For call data, recordings and messages of callers we act as a processor on behalf of the business using CallAmplify — that business is the controller of its callers' data.
We only use strictly necessary cookies: a session cookie for sign-in and a cookie for your language preference. No third-party advertising or tracking cookies.
Calls are recorded only with consent. At the start of each call the AI plays a notice; callers may decline to be recorded.
Performance of a contract (Art. 6(1)(b) GDPR), consent for recordings (Art. 6(1)(a)), and legitimate interests (Art. 6(1)(f)).
Render (hosting and database, Frankfurt data centre, EU), our telephony/messaging provider, Stripe (payments), Google (calendar, optional), and our email provider. Data-processing agreements are in place.
To activate a phone number we are legally required to pass your business details (company name, registration/UID number, business address, contact details) to our telecoms provider and the competent regulator (in Switzerland, BAKOM). Legal basis: legal obligation (Art. 6(1)(c) GDPR) and performance of a contract (Art. 6(1)(b)).
We keep data only as long as necessary. Conversation content (transcripts, summaries, message texts) is automatically deleted after 12 months by default; statistical metadata is retained for your reporting.
We protect data with encryption in transit (TLS) and at rest, hashed passwords, need-to-know access controls and logging of security-relevant events.
You have the right to access, rectification, erasure,
restriction and portability. Account owners can export their data at
/api/account/export and request erasure of individual contacts.
Send requests to the address below.
You also have the right to lodge a complaint with a supervisory authority — the FDPIC in Switzerland, your national data-protection authority in the EU, or the ICO in the United Kingdom.
Our processors may process data in the United States. Transfers rely on adequacy decisions (Swiss–U.S. / EU–U.S. Data Privacy Framework, UK Extension) or standard contractual clauses.
CallAmplify is a business service. People under 18 may not create an account, and we do not knowingly collect data from children.
We may update this policy. We announce material changes to account owners by email or in the app; the date above shows the current version.
Privacy: privacy@callamplify.ch