Privacy Policy

1. Information We Collect

We collect information you provide directly: name, email address, business name, and password when you create an account. We also collect call data (recordings, transcripts, caller information), usage data (call counts, minutes used), and technical data (IP address, browser type, device information).

2. How We Use Your Information

We use your information to provide and improve the Service, process calls through our AI system, generate call summaries and lead information, send transactional emails (welcome, usage alerts, billing), and comply with legal obligations.

3. Call Data Processing

When calls are received, audio is processed in real-time using speech-to-text (Deepgram), language model processing (Groq), and text-to-speech (Deepgram). Call recordings and transcripts are stored securely and are accessible only through your dashboard. We do not sell or share call data with third parties.

3a. SMS Processing and the Synthfy Shared Sender

Outbound SMS messages sent on behalf of our customers are routed through a single shared Synthfy toll-free number registered under SignalWire Toll-Free Verification. We log the recipient phone number, sending customer, message body, and delivery status for the purposes of supporting the customer’s dashboard, billing usage, and honoring opt-out requests.

If you reply STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to a Synthfy-delivered message, we record the opt-out and the originating number is suppressed across the entire Synthfy platform — not just for the customer who messaged you. Inbound replies to the shared Synthfy number are routed to the most recent customer who sent you an outbound message in the prior 30 days, so a single conversational thread reaches the right business.

Inbound SMS to a customer’s own Synthfy phone number is processed and stored only for that customer; no other Synthfy customer can see your message. We do not use SMS content to train AI models, and we do not sell SMS metadata to third parties.

4. Data Storage and Security

Your data is stored on secure servers hosted by Railway (application) and our infrastructure providers. We use encryption in transit (TLS/SSL) and implement industry-standard security measures. Database access is restricted and monitored.

5. Third-Party Services

We use the following third-party services to operate: SignalWire (telephony), Deepgram (speech processing), Groq (AI language model), PayPal (payment processing), and Postmark (email delivery). Each service processes only the minimum data necessary for its function.

5a. Single Sign-On (SSO) Data Collection

When you choose to sign up or log in using Google or Microsoft (Single Sign-On), we securely receive your authenticated email address and basic profile information from the provider. This data is strictly used to create your Synthfy account, authenticate your login sessions, and send essential transactional emails. We do not use your SSO profile data for targeted advertising.

5b. Google & Microsoft Calendar Integration

If you choose to connect your Google Calendar or Microsoft Outlook Calendar, Synthfy requests access to read your calendar events and free/busy schedule to prevent double-booking, and to create new calendar events when our AI virtual receptionist successfully schedules an appointment on your behalf. We store your Calendar OAuth refresh tokens securely and do not use your calendar data for any purpose other than facilitating your AI receptionist's scheduling capabilities.

5c. Google & Microsoft API Services Limited Use Disclosure

Synthfy's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Similarly, any data retrieved via the Microsoft Graph API is strictly governed by the Microsoft Identity Platform Terms of Use and is never sold to third parties or used for targeted advertising.

6. Your Rights

You have the right to access your personal data through your dashboard, request deletion of your account and associated data, export your call logs and transcripts, opt out of non-essential communications, and request correction of inaccurate data. To exercise these rights, contact us at support@synthfy.us.

7. CCPA Compliance

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.

8. Data Retention

We retain your data for as long as your account is active. Call recordings and transcripts are retained for 90 days after account closure. Account data is deleted within 30 days of account deletion request. Billing records are retained as required by law.

9. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Your continued use of the Service after changes constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy, please contact us at support@synthfy.us.