Asisly
Start free
Legal · Privacy

Privacy Policy

We collect what we need to operate the Service and nothing more. Your call data belongs to you. Plain-English summaries are at the top of each section.

Last updated: 2026-05-10 · Effective: 2026-05-10

Summary

Asisly is an AI voice receptionist platform. We process two types of personal data: information about you (the business owner — account, billing, business profile) and information about your callers (phone numbers, transcripts, optional recordings) which is processed on your behalf as your data processor.

We do not sell personal data. We do not share data with advertisers. Call recordings are an opt-in feature on Growth tier and above and are kept 90 days by default.

1. What we collect

Plain English: Account info from you, business profile from your setup, call data from your callers.

Information you give us

  • Account. Name, email, password hash, phone number, business name.
  • Business profile. Address, hours, services, prices, website, knowledge base content, custom prompts.
  • Billing. Payment method via Stripe (we never store full card numbers — Stripe does), billing address, tax ID where applicable.
  • Voice samples. If you opt into voice cloning, the audio sample you upload.

Information from your callers

  • Caller phone number. Captured automatically by the telecom carrier.
  • Call audio. Streamed to our AI provider in real time. Recordings are not retained unless you have explicitly enabled the recordings feature (Growth tier and above).
  • Transcripts. A text transcript of each call is generated and stored for your dashboard.
  • Booking + order data. Names, contact details, services booked, timestamps — only as needed for the call's purpose.

Information collected automatically

  • Usage analytics. Dashboard logins, feature usage, error logs, IP addresses.
  • Device + browser. Standard server logs (IP, user agent, timestamps).

2. How we use it

Plain English: To provide the service, bill you, prevent abuse, improve the AI.

  • Provide the Service. Answer calls, generate transcripts, send confirmations, run your dashboard.
  • Billing. Charge subscription fees, calculate overages, send invoices.
  • Support. Respond to your help tickets, debug issues you report.
  • Improve. Aggregate, anonymized analytics to improve prompts, voices, and reliability. We do not use your call recordings or transcripts to train third-party models.
  • Security. Detect fraud, abuse, spam-calling, account takeovers.
  • Communications. Service announcements, billing notices. Marketing emails are opt-in only and have an unsubscribe link.

3. Who we share with

Plain English: Only the vendors that make Asisly work. Each has a contract obliging them to protect your data.

We share data with the following sub-processors strictly to operate the Service:

VendorPurposeData type
StripePayments & subscription billingBilling info, card token
TwilioPhone numbers, SMS delivery, call routingPhone numbers, call metadata
VapiVoice AI orchestrationCall audio, transcripts
OpenRouter / Anthropic / OpenAILarge language model inferenceTranscripts, prompts (no recordings)
ElevenLabsPremium & cloned voice synthesisSynthesized speech, voice samples
SupabaseDatabase, auth, file storageAll structured account data
ResendTransactional emailEmail address, message content
RailwayApplication hostingServer-side processing
CloudflareCDN, DDoS protectionIP, request metadata
Google (Calendar API)Calendar sync (you grant via OAuth)Booking events

We may also disclose data when required by law (subpoena, court order), to enforce our agreements, or to protect rights, property, or safety. In a merger or acquisition, data may transfer to the successor entity.

We do not sell your personal data. We do not share with advertisers or data brokers.

4. How long we keep it

Plain English: Call recordings 90 days, transcripts 2 years, account info while your account exists.

  • Call recordings: 90 days after the call (Growth+ only — recordings off by default).
  • Call transcripts: 2 years after the call, then deleted or anonymized.
  • Bookings & CRM data: Retained for the life of your account; deletable on request.
  • Billing records: 7 years (Canadian tax law requirement).
  • Account data: Until you delete the account; 30 days post-deletion grace period (60 for Pro+), then permanent deletion.
  • Voice clones: Deleted within 30 days of cancelling the voice-clone add-on.

5. Your rights

Plain English: You can see, export, correct, or delete your data anytime.

You have the right to:

  • Access your data — download via your dashboard at /account/data-export.
  • Correct inaccuracies in your account or business profile.
  • Delete your account and data via /account/delete.
  • Object to specific processing or withdraw consent.
  • Portability — export your data in JSON or CSV.

For requests on behalf of your callers (e.g. a caller asks you to delete their transcripts), you can act through your dashboard or email [email protected].

6. GDPR (EU/UK residents)

If you are in the EU, UK, or EEA, our legal bases are: contract (to provide the Service you signed up for), legitimate interest (security, fraud prevention, product improvement), and consent (marketing emails, optional features like recordings). You may lodge a complaint with your local supervisory authority. For callers, Asisly acts as a data processor and the business owner is the data controller.

7. CCPA (California residents)

You have the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. Asisly does not sell or share personal information for cross-context behavioural advertising. Submit requests via [email protected]. We will not discriminate against you for exercising these rights.

8. Children's privacy

Asisly is not directed to anyone under 18. We do not knowingly collect data from minors. If you believe we have, contact us and we will delete it.

9. Security

We use TLS 1.2+ in transit, AES-256 at rest, role-based access, and audit logging. Voice clones and recordings are encrypted with separate keys. We run regular vulnerability scans and have a responsible-disclosure program — report issues to [email protected]. No system is 100% secure; we will notify affected users within 72 hours of confirming a breach affecting their data.

10. International transfers

Asisly is hosted primarily in North America (Railway US-East, Supabase US-East, Cloudflare global). Data transferred from the EU/UK to other regions relies on Standard Contractual Clauses with our sub-processors.

11. Cookies

Our marketing site uses minimal first-party cookies for session and analytics. The dashboard uses authentication cookies only. We do not run third-party advertising trackers. A cookie banner is shown on first visit where required by law.

12. Changes to this policy

We will post material changes here and email account holders at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent change.

13. Contact

Privacy questions or rights requests:
Email: [email protected]
Mail: Aspireco Inc., Ontario, Canada