PRIVACY POLICY

1. Introduction

SmartCall AI ("SmartCall", "we", "us", or "our") respects your privacy and is committed to protecting personal data in accordance with:

• The EU General Data Protection Regulation (GDPR) 2016/679
• The Turkish Personal Data Protection Law (KVKK No. 6698)
• Other applicable data protection regulations

This Privacy Policy explains how we collect, use, process, store, and protect personal data when you use our websites, voice AI systems, telephony integrations, dashboards, APIs, and related services (collectively, the "Services").

By using the Services, you acknowledge that you have read and understood this Privacy Policy.

2. Scope of Application

This Policy applies to:

• Business customers using SmartCall AI services
• Callers interacting with SmartCall-powered AI voice agents
• Website visitors
• Users of integrations (CRM, calendar, PBX, SIP, etc.)

SmartCall primarily operates as a data processor on behalf of its business customers. In certain cases (account registration, billing, website analytics), SmartCall acts as a data controller.

3. Information We Collect

A. Information You Provide (Account Data)

• Name, surname
• Company name
• Email address
• Phone number
• Billing information
• Subscription details
• Configuration preferences

B. Call Data

When SmartCall AI answers or processes calls:

• Call metadata (date, time, duration, caller ID)
• Call recordings (audio)
• AI-generated transcripts
• AI-generated summaries
• Extracted appointment details
• Notes, tags, and structured outputs

C. Device & Technical Data

• IP address
• Browser type
• Operating system
• Session logs
• API usage logs
• Authentication logs

D. Integration Data

When you connect third-party tools (e.g., Google Calendar, CRM, PBX, SIP providers):

• Calendar events
• Contact records
• Appointment details
• Integration tokens (securely stored)

4. Legal Basis for Processing (GDPR & KVKK)

Under GDPR and KVKK, we process personal data based on:

• Performance of a contract
• Legitimate interests
• Legal obligations
• Explicit consent (where required)

Call recordings and AI analysis are processed under the instruction of the business customer, who is responsible for obtaining necessary caller consent.

5. How We Use Information

We use personal data to:

• Operate and maintain the Services
• Answer, record, transcribe, and analyze calls
• Schedule appointments
• Provide dashboards and analytics
• Improve AI models (in anonymized or aggregated form)
• Provide billing and invoicing
• Ensure security and fraud prevention
• Comply with legal obligations
• Provide technical support

We do not sell personal data.

6. Call Recording & Consent Responsibility

SmartCall AI records and processes voice interactions.

The business customer using SmartCall is solely responsible for:

• Informing callers about recording
• Obtaining required consent
• Complying with local call recording laws
• Ensuring lawful data processing under GDPR and KVKK

SmartCall disclaims liability for non-compliance by customers regarding recording disclosures.

7. Sensitive Data Restrictions

Unless explicitly agreed in writing:

The Services must not be used to process:

• Health data (PHI)
• Financial card data (PCI)
• Government-classified data
• Biometric identifiers beyond voice recordings
• Special categories of personal data under GDPR Article 9

Use of SmartCall for regulated categories is at your own risk unless a separate Data Processing Agreement (DPA) is executed.

8. Data Sharing

We may share data with:

A. Service Providers

• Cloud hosting providers
• Telephony carriers
• Payment processors
• Infrastructure vendors
• Analytics providers

All service providers are bound by confidentiality and data processing agreements.

B. Third-Party Integrations

Data may be shared when you connect external systems (CRM, Google Calendar, PBX providers, etc.).

C. Legal Authorities

When required by law, regulation, or court order.

D. Business Transfers

In case of merger, acquisition, restructuring, or asset sale.

We never sell personal data.

9. International Data Transfers

SmartCall may process data in:

• European Union
• Türkiye
• United States
• Other jurisdictions where infrastructure providers operate

For EU users, transfers outside the EEA are protected through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions
• Appropriate safeguards

For Turkish users, cross-border transfers comply with KVKK requirements.

10. Data Retention

• Call recordings and transcripts are retained according to customer-defined settings.
• Billing and contractual records may be retained as required by law.
• Upon account termination, data may be deleted, anonymized, or archived in compliance with retention obligations.

11. Data Security

We implement appropriate technical and organizational measures, including:

• Encryption in transit (TLS)
• Encryption at rest (where applicable)
• Role-based access control
• Audit logging
• Secure API authentication
• Infrastructure monitoring

However, no system is completely secure. SmartCall cannot guarantee absolute security.

12. Your Rights (GDPR & KVKK)

Depending on your jurisdiction, you may have the right to:

• Access your data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent
• File a complaint with a supervisory authority

EU residents may contact their local Data Protection Authority.

Turkish residents may apply under Article 11 of KVKK.

Requests may be submitted to:

info@smartcalltech.com

We may verify identity before responding.

13. Data Processor Agreement (DPA)

For business customers subject to GDPR or KVKK, SmartCall provides a Data Processing Agreement upon request.

14. Children's Privacy

The Services are not intended for individuals under 18.

We do not knowingly collect data from minors.

15. Changes to This Policy

We may update this Privacy Policy periodically.

Material changes will be notified via dashboard or email.

16. Contact Information

SmartCall AI

Email: info@smartcalltech.com