Privacy Policy — Twallia
Legal

Privacy Policy

Twallia Inc.  ·  Last updated: June 7, 2026  ·  Effective: June 7, 2026

Twallia is an AI-powered voice receptionist platform. Because our service handles phone calls and voice recordings on behalf of businesses, we take privacy seriously. This policy explains what data we collect, why, and how it is protected.

1. Who We Are

Twallia ("Twallia", "we", "our", "us") operates the platform at twallia.com and the associated services, including the AI voice receptionist, appointment booking engine, and business dashboard at cms.twallia.com.

For questions about this policy, contact us at privacy@twallia.com.

2. Information We Collect

Account information

  • Name, email address, and password when you create an account
  • Business name, website URL, and phone numbers you register
  • Billing and payment details processed securely by Stripe

Call and voice data

  • Audio from inbound and outbound phone calls handled by your AI agent
  • Real-time transcripts of those calls
  • AI-generated call summaries and detected caller intent
  • Call metadata: duration, timestamp, phone numbers, cost

Calendar and appointment data

  • OAuth tokens to access your connected Google or Outlook calendar
  • Appointment records including date, time, customer name, and notes

Usage and technical data

  • IP address, browser type, and device information
  • Pages visited and features used within the dashboard
  • API usage, call counts, and minute consumption for billing purposes

Customer data you provide

  • Customer lists uploaded for outbound call campaigns
  • Lead information captured by the AI during calls or via chat widget

3. How We Use Your Information

  • To operate and deliver the AI voice receptionist service
  • To process and transcribe phone calls in real time
  • To book, confirm, and manage appointments on your behalf
  • To run outbound call campaigns you configure
  • To send you account notifications, verification codes, and invoices
  • To calculate and display usage and billing information
  • To improve service quality, detect errors, and prevent abuse
  • To comply with legal obligations

We do not sell your personal data or your customers' data to third parties.

4. Third-Party Services

Twallia relies on the following sub-processors to deliver the service. Each is bound by their own data protection agreements.

Twilio Phone number provisioning, call routing, SMS, and audio media streams
OpenAI Real-time voice AI (GPT-4o Realtime) and call summary generation
Google Gemini Alternative real-time voice AI provider
MongoDB Atlas Primary database hosting for all account and call data
Stripe Payment processing and subscription management
Brevo (Sendinblue) Transactional email for verification codes and notifications
Google / Microsoft Calendar OAuth integration for appointment booking (user-initiated)
Coolify / Hetzner Server infrastructure and deployment hosting

5. Call Recording & Caller Consent

Twallia processes audio in real time to power the AI voice agent. By using our platform to answer or place calls, you as the business owner are responsible for ensuring that applicable call recording laws in your jurisdiction are followed, including notifying callers that they may be speaking with an AI and that the call may be recorded or processed.

We recommend enabling the built-in call-start disclosure in your agent profile settings. Twallia provides a disclaimer prompt feature for this purpose.

6. Data Retention

  • Call transcripts and summaries: Retained for the lifetime of your account, or until you delete them from the dashboard
  • Audio recordings: Not stored by Twallia; audio is streamed in real time to the AI provider and is not persisted on our servers
  • Account data: Retained until you request account deletion
  • Billing records: Retained for 7 years as required by law
  • Calendar tokens: Deleted immediately upon disconnecting your calendar integration

7. Data Security

We implement industry-standard security measures including TLS encryption for all data in transit, encrypted storage for credentials and OAuth tokens, API key access controls, and rate limiting on all endpoints. Access to production data is restricted to authorised personnel only.

Despite these measures, no system is completely secure. Please notify us immediately at security@twallia.com if you believe your account has been compromised.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities
  • Export your data in a portable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email privacy@twallia.com. We will respond within 30 days.

9. Cookies

We use essential cookies only — specifically an authentication cookie (portal_token) that keeps you logged in to the dashboard. We do not use advertising or tracking cookies. Google Analytics is used on the marketing site to understand aggregate traffic patterns; no personally identifiable information is sent.

10. Children's Privacy

Twallia is a business-to-business service. We do not knowingly collect data from individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Continued use of the service after the effective date constitutes acceptance of the revised policy.


Questions about this Privacy Policy?

privacy@twallia.com