Privacy Policy
Autosoft Voice — Autosoft Global LLC
Last Updated: May 9, 2026
1. Who We Are and Scope
This Privacy Policy governs data collected and processed through Autosoft Voice, operated by Autosoft Global LLC. Autosoft Voice is a general-purpose AI voice telephony platform. This Policy does not govern Autosoft Clinic. For healthcare and patient data practices, see the Autosoft Clinic Privacy Policy.
2. Our Role — Data Processor
With respect to end user and caller data, Autosoft acts as your Data Processor. You — the business using Autosoft Voice — are the Data Controller. You determine why and how caller data is collected. Autosoft processes it solely on your instructions as set out in our Data Processing Agreement (DPA), which is incorporated into your subscription agreement and meets the requirements of GDPR Article 28.
Autosoft acts as an independent Data Controller for your platform account data (name, email, billing information, usage logs).
3. Data We Collect
From callers / end users (via your AI agents):
- Call transcripts (post-call text only — automatically purged after 7 days)
- Caller phone number (ANI/DNIS), call timestamp, duration, and disposition
- Information collected per your configured call script (e.g., name, account number)
From you (platform users / administrators):
- Name, email address, and job title
- Username, hashed password, and MFA credentials
- IP address and browser/device metadata
- Dashboard audit logs
Autosoft Voice does NOT collect:
- Call audio recordings — no audio files are stored on Autosoft infrastructure
- Protected Health Information (PHI) as defined under HIPAA
- Full payment card numbers (PCI-compliant processor handles billing)
4. How We Use Data
- Service delivery: Process calls, generate transcriptions, route conversations, deliver outputs to your systems
- Platform operations: Monitor uptime, diagnose errors, maintain security
- Billing: Compute usage-based charges and generate invoices
- Customer support: Diagnose issues and provide technical assistance
- Aggregate analytics: Anonymized, non-identifying usage statistics (not Personal Data)
Autosoft does not sell caller data, use caller data for advertising, or share call data outside the sub-processor framework below.
5. AI Model Training Policy
Autosoft does not use identifiable call audio or transcripts to train AI models without your explicit written opt-in consent.
Autosoft may use strictly de-identified, aggregated transcript patterns for AI improvement. You may opt out of this at any time by contacting [email protected]. Opting out does not affect service functionality.
All AI inference sub-processors are bound by Zero Data Retention (ZDR) agreements — they do not store call audio or transcripts beyond the immediate API transaction and do not use your data to train their own foundational models.
6. Sub-Processors
Autosoft engages sub-processors in the following categories to deliver its services. All sub-processors are bound by Data Processing Agreements meeting GDPR Article 28 standards and Zero Data Retention obligations where applicable.
| Category | Function | ZDR Policy |
|---|---|---|
| AI Inference Provider | Conversational AI and voice synthesis | Yes |
| Speech Processing | Real-time transcription and voice generation | Yes |
| Telephony / SIP | PSTN call origination and termination | Yes |
| Cloud Infrastructure | Compute, networking, and storage (UK region) | Contractual DPA |
| Database | Managed relational database (UK region) | Contractual DPA |
| Email Delivery | Transactional notifications | Contractual DPA |
The named sub-processor list is available to contracted customers upon request at [email protected]. Customers are notified 30 days before any new sub-processor is added.
7. Data Retention
| Data Type | Default Retention | Configurable? |
|---|---|---|
| Call audio recordings | Not stored | N/A |
| Call transcripts | 7 days (auto-purged) | No |
| Call metadata and logs | 90 days (auto-purged) | No |
| Account data | Subscription + 90 days post-termination | No |
Early deletion requests are actioned within 30 calendar days.
8. Security
- Data in transit: TLS 1.2 minimum (TLS 1.3 preferred)
- Data at rest: AES-256-GCM encryption (application-layer, column-level for all PII fields)
- No audio recordings stored — transcripts purged automatically after 7 days
- Access: Role-based access controls (RBAC), MFA required for Autosoft production access
- Breach notification: Autosoft notifies you within 72 hours of becoming aware of a personal data breach affecting EEA residents, per GDPR Article 33(2)
9. TCPA Compliance
You are solely responsible for obtaining legally required consents for outbound automated dialing under the TCPA and applicable state laws. Autosoft provides configurable AI disclosure prompts — you must activate and validate these for your operating jurisdictions. See the Terms of Service for complete TCPA obligations.
10. Data Location and Cross-Border Transfers
Autosoft's primary infrastructure is located in the United Kingdom (London, GCP europe-west2). All data is stored within the UK.
Where personal data of EEA/UK residents is transferred outside the EEA to a country without an EU adequacy decision (e.g., to AI inference sub-processors in the US), Autosoft relies on European Commission Standard Contractual Clauses (SCCs — Commission Implementing Decision (EU) 2021/914), incorporated into all applicable DPAs and sub-processor contracts. Transfer Impact Assessments are conducted for elevated-risk jurisdictions.
11. GDPR Rights (EEA, UK, Switzerland)
Because Autosoft acts as Data Processor, end user GDPR rights are primarily exercisable against you (the Data Controller). End users who interacted with your AI system should contact you first. You may then coordinate with Autosoft.
Platform users (your employees / administrators) may exercise GDPR rights over their own account data directly with Autosoft at [email protected]. Response within 30 calendar days.
Available rights: Access (Art. 15), Rectification (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), Object (Art. 21). EEA residents may lodge complaints with their national supervisory authority.
12. CCPA / CPRA (California Residents)
Autosoft processes end user personal information as a Service Provider under CCPA/CPRA. Autosoft does not sell or share personal information for cross-context behavioral advertising. California residents may contact [email protected] to exercise rights to know, delete, correct, or limit use of sensitive personal information. Response within 45 calendar days.
13. Changes to This Policy
Autosoft may modify this Policy at any time. Material changes are communicated via email and in-platform notification at least 30 calendar days before taking effect. Continued use constitutes acceptance.
14. Contact
Autosoft Global LLC — Remote-based company, incorporated in Wyoming, USA
Privacy inquiries: [email protected]
Data Protection Officer: [email protected]
Security incidents: [email protected]
CCPA rights: [email protected]