← Back to Callora

Privacy Policy

Last updated: April 2025

1. Information We Collect

When you register and use Callora, we collect information you provide directly, such as your name, email address, organization name, and password. As you operate the Service we also collect information about the leads you discover or upload, including business names, phone numbers, addresses, and any notes you attach. We store call transcripts, call metadata, and AI-generated summaries for each outbound call placed through the platform. We automatically collect technical data such as IP addresses, browser type, and usage events to operate and secure the Service.

2. How We Use Information

We use the information we collect to provide, maintain, and improve the Service; to authenticate users; to operate the lead discovery, qualification, and calling pipeline; to process payments; to send transactional emails (welcome messages, qualified lead alerts, trial expiry reminders, password resets, and billing notifications); and to enforce our Terms. We do not sell personal information to third parties.

3. Data Storage and Security

Data is stored in managed PostgreSQL databases with encryption at rest. Passwords are hashed using bcrypt and are never stored in plain text. API keys for third-party services are encrypted at the application layer. All traffic between your browser and Callora is transmitted over TLS. We apply the principle of least privilege to engineering access to production systems.

4. Third-Party Services

Callora integrates with the following third-party services. Each receives only the data necessary to perform its specific function:

  • Google Maps Platform (Places API): receives search queries (e.g. a business category and geographic area) that you configure in a campaign. Used for business discovery.
  • Google Gemini API: receives campaign prompts, lead metadata, and call transcripts so that the AI can qualify leads and summarize conversations. Your API key is transmitted alongside each request.
  • Vapi.ai: receives phone numbers, AI caller configuration, and system prompts for the purpose of placing outbound calls. Vapi returns call recordings and transcripts to Callora.
  • Stripe: receives billing contact details and payment method information for subscription processing. Callora never stores full card details — they remain with Stripe.
  • Resend: receives email addresses and transactional email content so that notifications can be delivered to your inbox.

5. Data Retention

Account data is retained for as long as your account is active. Call logs, transcripts, and lead records are retained for the life of your organization’s account and for a reasonable period after cancellation to comply with legal obligations and to facilitate reactivation. You may request deletion of your personal data at any time.

6. Your Rights

Depending on your jurisdiction, you have rights to access, correct, port, or delete your personal information. You also have the right to withdraw consent where we rely on consent as the legal basis for processing. To exercise these rights, contact [email protected].

7. For Canadian Users

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL). You may request access to your personal information by contacting us at [email protected].

8. For Singapore Users

Personal data is handled in accordance with the Personal Data Protection Act 2012 (PDPA). To exercise your rights of access, correction, or deletion, contact our Data Protection Officer at [email protected].

9. Do Not Call Compliance

For Canadian campaigns, Callora checks numbers against the Canadian Do Not Call List (DNCL) rules and against your organization’s blacklist before calls are placed. It is your responsibility to ensure that the leads you target have a valid business relationship or legal basis for contact under applicable telemarketing laws.

10. Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or through the Service. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact Information

For privacy-related questions or requests, email us at [email protected]. We aim to respond within a reasonable period, typically within five business days.