Privacy Policy

Welcome to CallMined. This Privacy Policy explains how CallMined LLC ("CallMined," "we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our services, website, and platform (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Services.

We collect the following types of information:

We use the information we collect to:

• Provide and Improve Services: Deliver transcription, analysis, and coaching insights; improve AI algorithms and platform functionality.
• Account Management: Create and manage your account, process payments, and provide customer support.
• Communications: Send service updates, notifications, marketing materials, and promotional offers (with your consent).
• Security and Fraud Prevention: Protect against unauthorized access, fraud, and security threats.
• Compliance: Comply with legal obligations, enforce our Terms of Service, and resolve disputes.
• Analytics: Analyze usage patterns to understand how users interact with our Services.

We process the data we collect for legitimate business purposes and contractual purposes, including:

• Providing Services: To deliver transcription, sentiment analysis, and performance insights
• Improving AI Models: To train and enhance our machine learning algorithms and speech recognition
• Personalizing Experience: To customize your dashboards and coaching recommendations
• Support and Communication: To provide customer support, updates, and service announcements
• Analytics and Research: To understand usage patterns and improve our Services
• Security and Fraud Prevention: To detect, prevent, and address security threats
• Compliance: To comply with legal obligations and enforce our agreements

Where applicable under the EU GDPR or similar laws, our legal basis for processing your information includes:

• Contractual necessity: To perform the Services
• Legitimate interests: To maintain security and improve our Services (we'll assess necessity and balance this against your interests)
• Consent: Where you have provided explicit consent (which you may withdraw at any time)
• Legal compliance: To comply with applicable legal obligations

You (and your organization) retain ownership of all Customer Data (call data, transcripts, recordings) processed by us. As a data processor / Business Associate and you (or your organization) is the data controller / Covered Entity. Data is yours and is not sold or shared.

We do not sell, rent, or share Customer Data with third-parties for advertising or marketing.

Customer Data is retained only for the duration of your active subscription (as otherwise required by law or legal proceedings).

Upon termination or as your request, Customer Data is deleted or securely anonymized within a commercially reasonable period; consistent with SOC-2 deletion policies.

CallMined implements administrative, physical, and technical safeguards aligned with SOC 2 Type II and HIPAA requirements, including:

• Encryption of data in transit and at rest (TLS 1.3, AES-256)
• Multi-factor authentication and role-based access controls
• Regular vulnerability scans and penetration testing
• Ongoing monitoring and incident response procedures
• Annual third-party audits and compliance assessments

We also maintain appropriate safeguards for managing data when processing on-demand (e.g., support access for troubleshooting, with customer consent or as required by law).

We may engage trusted third-party service providers to host infrastructure, perform data processing, or support functions (such as cloud hosting providers, analytics vendors, or customer support tools).

All third-party providers are contractually obligated to implement equivalent security and confidentiality safeguards and may process data only in the extent necessary to provide the contracted services in a manner consistent with this policy.

We may change processors over time subject notice, provided the level of protection remains substantially equivalent.

CallMined uses AI and machine learning models to generate call transcripts, sentiment assessments, and performance insights.

• If human-AI oversight: Our AI-driven insights are not used for solely automated legal assessments or employment evaluation.
• Model Training: We periodically train our models based on general usage patterns without accessing or employing evaluation.
• Data Minimization: We aim to process only the data necessary to deliver the service and maintain accuracy.
• Transparency: Insights provided by AI include an indication that they were produced through automated processing.

For questions on how AI is used, you may contact us per Section 16 (Contact Info), and we will verify your identity before responding.

For customers subject to HIPAA, CallMined can execute a Business Associate Agreement (BAA) and comply with applicable requirements under the Health Insurance Portability and Accountability Act of 1996, including:

• Using and disclosing Protected Health Information (PHI) only as permitted by the BAA
• Implementing appropriate safeguards to protect PHI
• Reporting breaches as required
• Ensuring subcontractors also comply with HIPAA

We do not access PHI except as necessary to provide the Services and as authorized by the covered entity.

All primary processing and storage occur within the United States.

If international transfers become necessary, CallMined will implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or approved transfer mechanisms.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal obligations).
• Data Portability: Request a copy of your data in a machine-readable format.
• Opt-Out: Opt out of marketing communications or certain data processing activities.
• Restriction: Request restriction of processing in certain circumstances.
• Object: Object to processing of your personal information based on legitimate interests.

To exercise these rights, contact support@callmined.ai. We may verify your identity before responding.

The Services are intended for business use and we do not knowingly collect personal information from children under 18 years of age. If we become aware we have collected data from a child without parental consent, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy.