Privacy Policy

Last updated 2026-05-18

CommunicaAI is a Sagentica product. This Privacy Policy explains how we collect, use, and protect personal information when you use communicaai.com (the "Site") and our AI call-center services (the "Services").

1. Roles

For data you submit when evaluating or buying the Services (account info, billing): we are the controller. For voice and conversation data flowing through your deployed CommunicaAI tenant: we act as a processor under your direction, subject to our Data Processing Addendum (DPA) and, where applicable, our Business Associate Agreement (BAA).

2. Information we collect

2.1 You give us

• Account info (name, email, business), payment info (Stripe).
• Your scripts, knowledge-base documents, voice samples (for cloning), and integration credentials.

2.2 Through deployed services

• Inbound caller audio + transcripts (processed in-flight).
• Call metadata (duration, caller phone number where law permits, resolution status, escalation triggers).
• Stored only as long as your tenant retention policy specifies (30 days default, configurable).

2.3 Automatically (marketing site)

• Browser, hashed/truncated IP, country, page URL, referrer, anonymized session id.

3. How we use it

• Provide the Services per your instructions.
• Improve speech-to-text accuracy for our voice models only with your explicit opt-in — opt-out is default.
• Process payments, detect fraud, comply with legal obligations.

4. Sharing

We use carefully-vetted subprocessors (Twilio, Whisper/Deepgram, Groq, Anthropic, ElevenLabs, Stripe, Clerk, hosting) under DPAs. Subprocessor list maintained at /legal/subprocessors (forthcoming). We don't sell personal information.

5. International transfers

Infrastructure is in Canada and the US. International transfers use Standard Contractual Clauses where applicable.

6. Retention

• Account data: while active + 7 years.
• Call recordings + transcripts: per tenant policy, 30 days default, configurable.
• Marketing analytics: 24 months.

7. Your rights

GDPR / CCPA / similar — access, correction, deletion, restriction, portability, objection. [email protected].

8. Security

TLS in transit, encryption at rest (AES-256), key rotation, role-based access, audit logging. SOC 2 in progress. HIPAA-eligible architecture available on Enterprise.

9. Children

Not directed at children under 16. Voice services are configurable to refuse callers identifying as minors.

10. Contact

[email protected]

A Sagentica product built on the QAICX platform.