Bespoke AI Voice ("Bespoke AI Voice", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website at [www.bespokeaivoice.com] (the "Site"), use our AI automation, voice agents, CRM, and custom website services (collectively, the "Services"), or otherwise interact with us.
By accessing the Site or using the Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Site and Services.
For personal data processed on behalf of our clients through the CRM and voice agent Services, Bespoke AI Voice acts as a Data Processor. The client business that instructs us to process that data is the Data Controller. Data subject requests relating to data held within a client's CRM or call records should be directed to that client business in the first instance; we will assist our clients in responding to such requests as required by law and our Data Processing Addendum (DPA).
2. Scope of This Policy
This Policy applies to:
Visitors to our Site.
Prospective and current clients who purchase or evaluate our Services.
End users whose personal data is processed through our Services on behalf of our clients (e.g., contacts in a client's CRM, recipients of AI voice calls).
This Policy does not apply to third-party websites or services linked from our Site. We encourage you to review the privacy policies of those third parties.
3. Personal Information We Collect
3a. Information You Provide Directly
Account and Billing Information: Your name, business name, email address, phone number, billing address, and payment information. Full payment card data is processed by our third-party payment processor (e.g., Stripe) and is not stored on our systems.
Communications: Information you provide when you contact us, request a demo, fill out a form, or otherwise communicate with us.
Customer Data: Any data you upload, import, or enter into the CRM, voice agent platform, or other Services — including contact lists, call scripts, CRM records, transcripts, and other content ("Customer Data"). Customer Data may include personal data of your customers, leads, or employees. You are the Data Controller for Customer Data; we process it only per your instructions and our DPA.
3b. Voice Data and Biometric Information
Voice Recordings: Our AI voice agent Services may record calls between your AI agent and call recipients. These recordings are stored and may be transcribed and analyzed.
Voice Features and Biometrics: Our platform may extract voice features (such as tone, cadence, and voice patterns) from recordings for purposes of transcription, call analytics, routing, or quality assurance. In certain circumstances, voice patterns or voiceprints may be considered biometric data or sensitive personal information under applicable law (including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA)).
Client Responsibility for Consent: If your use of our voice Services involves recording individuals or processing their voice biometric data, you are responsible for obtaining all required consents, providing required disclosures to call recipients, and complying with applicable biometric and telephony laws before providing that data to us.
Our Commitment: We will only process voice biometric data on your documented instructions and will not sell or share it for advertising or unrelated purposes.
3c. Information Collected Automatically
When you visit our Site, we and our service providers automatically collect:
Usage Data: Pages visited, time on page, features used, clicks, and navigation paths.
Technical Data: IP address, browser type and version, operating system, device type, and referring URLs.
Cookies and Tracking Technologies: Session cookies, persistent cookies, pixels, and similar tools. See Section 9 (Cookies) for details.
3d. Information from Third Parties
Integrations: If you connect third-party tools (e.g., calendars, CRMs, communication platforms) to our Services, we may receive personal data through those integrations.
Analytics Providers: We may receive aggregated or individual usage data from analytics providers.
Publicly Available Sources: We may supplement your contact or business information with publicly available information.
4. Purposes for Which We Use Personal Information
We use the personal information we collect for the following purposes:
PurposeExamplesProviding and managing the ServicesAccount setup, CRM operation, AI voice agent delivery, custom website developmentProcessing payments and billingInvoicing, payment processing, managing subscriptionsCustomer support and communicationsResponding to inquiries, troubleshooting, notificationsService improvement and analyticsUsage analytics, error monitoring, product developmentSecurity and fraud preventionDetecting and preventing unauthorized access, abuse, or fraudModel performance monitoringReviewing AI output quality (not model training without consent — see Section 5)Legal complianceMeeting legal obligations, responding to lawful requests, enforcing our TermsMarketingSending promotional communications to existing clients and prospects (with opt-out rights)
5. AI Model Training and Use of Customer Data
Default: No Model Training Without Consent. We will not use your Customer Data to train or improve our general-purpose AI models without your explicit written consent, as documented in the Order Form or DPA.
Permissioned Training. If you grant written consent for us to use Customer Data for model training or improvement purposes, we will use it only for the scope described in that consent and the DPA.
Withdrawal of Consent. You may withdraw model training consent at any time per the DPA. Withdrawal will prevent future use of new Customer Data for training; however, it cannot retroactively remove data that has already been incorporated into trained model weights.
De-identified Data. We may use de-identified, aggregated, or anonymized derivatives of Customer Data (where re-identification is not reasonably possible) to monitor performance, improve quality thresholds, and develop new features — unless the Order Form or DPA explicitly prohibits this.
6. Legal Bases for Processing (California and U.S. Clients)
For clients and end users in California, processing is carried out in compliance with the CCPA/CPRA. Depending on context, we rely on the following legal bases:
Performance of a Contract: Processing necessary to provide the Services under our agreement with you.
Legitimate Interests: Service improvement, fraud prevention, marketing to existing clients, and security monitoring — where our interests are not overridden by your rights.
Consent: Where we ask for and receive your consent (e.g., model training, optional analytics, voice biometric processing where required).
Legal Obligation: Processing required to comply with applicable law (e.g., tax records, legal holds).
7. Sharing and Disclosure of Personal Information
We do not sell your personal information. We share personal information only in the following circumstances:
7a. Subprocessors and Service Providers
We engage trusted third-party service providers (subprocessors) to assist in delivering the Services. These providers are contractually required to use your data only for the purposes we specify. A current list of subprocessors is available at [Subprocessor List URL].
Examples of subprocessor categories include:
CategoryExample ProvidersCloud Hosting and InfrastructureAmazon Web Services (AWS), Google Cloud Platform (GCP)AI and Machine Learning ServicesOpenAI, AnthropicTelephony and VoiceTwilioCRM PlatformGoHighLevelPayment ProcessingStripeAnalyticsGoogle Analytics, [Other Analytics Provider]Email and Communications[Email Provider]
We will notify you of material changes to our subprocessor list in accordance with our DPA and will provide enterprise customers with prior-notice options or objection rights.
7b. Business Transfers
If Bespoke AI Voice is involved in a merger, acquisition, reorganization, or sale of all or substantially all of its assets, personal information may be transferred as part of that transaction. We will notify affected parties as required by law.
7c. Legal and Regulatory Disclosures
We may disclose personal information when required by law, regulation, or legal process (e.g., court order, subpoena) or to protect the rights, property, or safety of Bespoke AI Voice, our clients, or others.
7d. With Your Consent
We may share information with your consent or at your direction for other purposes.
8. International Data Transfers
Bespoke AI Voice is based in California and primarily serves clients in the United States. Personal data may be stored or processed outside your home jurisdiction. Where international transfers occur, we implement appropriate safeguards (such as Standard Contractual Clauses or other lawful transfer mechanisms) to ensure adequate protection of personal information.
9. Cookies and Tracking Technologies
9a. Types of Cookies We Use
TypePurposeStrictly NecessaryRequired for the Site and Services to function (e.g., login sessions, security tokens). These cannot be opted out of.FunctionalRemember your preferences and settings (e.g., language, region).Analytics and PerformanceCollect aggregated usage data to help us understand how the Site is used and improve it (e.g., Google Analytics).Advertising and Third-PartyDeliver relevant advertising or enable third-party integrations (only with your consent).
9b. Consent
Non-essential cookies (analytics, advertising) are not loaded until you provide consent via our cookie banner. Our banner allows granular cookie choices — you may accept all, reject non-essential, or customize your preferences.
You can change your cookie preferences at any time via the cookie settings link in our Site footer.
9c. Global Privacy Control (GPC)
In compliance with California law, our Site recognizes and honors Global Privacy Control (GPC) browser signals. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of your personal information and will suppress non-essential tracking accordingly without requiring additional action from you.
9d. Managing Cookies
You may also control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Site and Services.
10. TCPA and Telemarketing Compliance
Client Responsibility: If you use our voice agent Services to place automated calls or send text messages, you are solely responsible for complying with the Telephone Consumer Protection Act (TCPA), Telemarketing Sales Rule (TSR), and all other applicable federal and state telemarketing laws, including obtaining, documenting, and retaining prior express written consent from call recipients.
Disclosures: Our voice agent platform is configured to disclose the automated nature of a call where required by law. Clients must provide accurate script and identity information.
Opt-Out and Do-Not-Call: Our platform supports real-time opt-out by call recipients. Clients are responsible for supplying and maintaining accurate Do-Not-Call (DNC) lists and for honoring opt-out requests immediately.
Consent Recordkeeping: Clients must retain records of prior express written consent for the period required by applicable law and must be able to produce those records upon request or audit.
11. Data Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, as required by law, or as agreed in the Order Form or DPA. General retention guidelines:
Data TypeDefault RetentionAccount and billing informationDuration of the account plus 7 years (for tax and legal compliance)Customer Data in CRMDuration of the subscription plus the retrieval period specified in the Order Form / DPAVoice recordings and transcriptsAs specified in the Order Form / DPA (default: [X months])Site usage and analytics data[X months] from collectionMarketing and contact dataUntil opt-out or deletion request is received
Upon account termination, Customer Data will be available for export during the retrieval period. After expiry, data will be deleted or anonymized except where retention is required by law.
12. Security
We implement administrative, physical, and technical safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, or destruction. These measures include:
Encryption of data in transit using TLS.
Encryption of data at rest where applicable.
Role-based access controls and least-privilege access policies.
Activity logging and monitoring.
Vulnerability assessments and security testing.
Incident response planning and breach notification procedures.
No security measure is perfect. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at [email protected].
Enterprise clients may request available security evidence (e.g., SOC 2 report or ISO 27001 attestation) under a confidentiality agreement.
13. Your Privacy Rights
13a. California Residents (CCPA / CPRA)
California residents have the following rights regarding their personal information:
Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.
Right to Access: Obtain a copy of the specific personal information we hold about you.
Right to Deletion: Request that we delete your personal information, subject to legal exceptions.
Right to Correction: Request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: We do not sell personal information. If we ever share personal information for cross-context behavioral advertising, you have the right to opt out.
Right to Limit Use of Sensitive Personal Information: Request that we limit our use of sensitive personal information (including voice biometric data) to purposes permitted by law.
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
13b. All Users
All users may:
Access and Correct personal information held about them.
Delete personal information by submitting a request (see Section 13c below).
Export Customer Data from the CRM using the platform's built-in export features or by contacting us.
Opt Out of marketing communications at any time by clicking "unsubscribe" in any email or contacting us.
We will verify your identity before fulfilling requests to protect your privacy. We will respond within the timeframes required by applicable law (e.g., 45 days under CCPA/CPRA, with a possible extension of an additional 45 days if needed).
14. Data Portability and Deletion (CRM)
Data Export: Clients may export Customer Data from the CRM at any time through the platform's export features.
Data Deletion ("Right to Be Forgotten"): Clients and end users may request deletion of their personal data by using the CRM's account-level delete function or by contacting [email protected]. We will process deletion requests in accordance with the DPA and applicable law.
Subprocessor Deletion: On verified deletion requests, we will instruct our subprocessors to delete the relevant data to the extent technically feasible and legally permissible.
15. Children's Privacy
The Services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will promptly delete it. If you believe we may have collected such information, please contact us at [email protected].
16. Data Processing Addendum (DPA)
For clients who provide us with personal data to process on their behalf (e.g., through the CRM or voice agent Services), our full Data Processing Addendum governs the roles, purposes, security measures, subprocessors, data subject rights assistance, international transfers, and retention and deletion of that data. The DPA is available at [DPA Link] or attached to the Order Form. The DPA forms part of our agreement with you and is incorporated into this Privacy Policy by reference.
17. Third-Party Links
Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before sharing personal information with them.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy with a new effective date and, where required by law, notify you by email or prominent notice on the Site. Your continued use of the Site or Services after the effective date of the updated Policy constitutes your acceptance of the changes.
19. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: