Privacy Policy

Account data: When you create an account, we collect your email address and profile information through Supabase Auth.

Caller profile: If you use AI Calling, we store your display name, website, and caller context that you provide. These are used to identify you on AI calls and voicemail greetings.

Phone numbers: We store information about your purchased phone numbers (including Twilio SID, capabilities, region, and country) and any verified caller IDs you add.

Call records: We maintain call logs including from/to numbers, duration, timestamps, and Twilio call SID for your account history.

Call recordings: When you enable call recording on outbound calls or AI calls, dual-channel audio is recorded by Twilio and stored on their servers. We store a reference to the recording and provide playback through our app.

Call transcripts: When you record a call, the audio is automatically sent to a third-party speech recognition service (Deepgram) for transcription. We store structured transcripts including speaker identification, text, and timestamps alongside the call record.

Call screening data: When call screening is enabled, we store the screening interaction data including the caller's stated identity and intent, a conversation identifier, and timestamp.

Call forwarding: If you configure call forwarding, we store your forwarding phone number and enabled/disabled preference on your profile.

Location data: When you make or receive calls, we may collect your device's GPS coordinates to associate a location with the call record. Location data is used to display your calls on the Call Map feature. Location collection requires your permission and can be disabled through your device's system settings.

SMS content: We store message bodies, sender/recipient numbers, timestamps, and delivery status for messages sent and received through the service.

Consent records: We maintain SMS consent status and timestamps to comply with telecommunications regulations.

Voicemail: We store voicemail recordings, transcriptions, duration, and caller information for voicemails left on your VeraDial number. Voicemail audio is recorded and transcribed by Twilio.

Voicemail greetings: If you create a custom voicemail greeting, we store the greeting audio file. For AI-generated greetings, we also store the text you write and the voice you select; audio is generated by a third-party AI provider (ElevenLabs or Cartesia, depending on the voice type). For recorded greetings, your uploaded audio is converted to MP3 format on our server. All greeting audio is stored in cloud storage (Supabase Storage).

Voice cloning: If you create a cloned voice, we collect the voice sample you record, your consent acknowledgment, and metadata about the resulting voice model. The raw voice sample is processed server-side and sent to Cartesia to create the clone; VeraDial does not retain the raw sample after successful clone creation. We store the Cartesia voice identifier, clone name, consent record, and generated greeting audio made with that clone until you delete the clone, the greeting, or your account.

AI Call data: When you use AI Call, we store the phone number called, your call goal and notes, call duration, the AI provider used, and the full conversation transcript and summary generated by the AI agent. If you enable recording on an AI call, the recording is stored by Twilio and referenced in your account. Call audio is processed in real-time by the selected AI provider (ElevenLabs, OpenAI, Google, or xAI) and is not stored by VeraDial.

Contact memory: If you explicitly turn on Contact Memory in Profile > Contact Memory, we generate a rolling AI summary for each phone number you interact with, using your call transcripts, voicemail transcriptions, AI call transcripts and summaries, and SMS message content from your own account. Summaries, a suggested next-call goal, and the phone number are stored in your account. Summarization is performed by a third-party AI provider (Google Gemini). When Contact Memory is disabled, existing summaries are not read through the feature and new summaries are not generated; existing summaries remain stored unless you delete your account.

Push notification tokens: We store device push tokens to deliver notifications to your device. Tokens are automatically deleted when you sign out or your session expires.

Billing: Purchase and subscription history is managed through RevenueCat and the Apple App Store / Google Play Store. We store your subscription status, billing period, and credit balance. We do not store payment card details directly.

Error and crash data: We collect error reports and crash data through Sentry to diagnose and fix issues with the app. This may include device information, OS version, and stack traces. No message content or call audio is included in error reports.

Product analytics: We collect anonymized product analytics through PostHog to understand how the app and website are used, including screen views, navigation paths, feature engagement, paywall and purchase events, website page views, demo funnel events, and app store click events. Sensitive fields such as email, phone numbers, message content, transcripts, recording URLs, raw URLs with query strings, location, goals, notes, and prompts are stripped before analytics events are sent. GeoIP is disabled. On /demo and /demo/live only, we may use masked website session replay through PostHog to diagnose demo-funnel issues; all text and input values are masked, replay respects Do Not Track / Global Privacy Control, and internal traffic is excluded where flagged. Session replay is not used in the mobile app or on non-demo website pages.

Demo callers (/demo and /demo/live): When you call our public demo line to try the AI receptionist, your phone number may be processed and hashed (salted SHA-256) for demo analytics, fraud prevention, and conversion attribution. Raw caller phone numbers are not stored in our demo database — only the hash is recorded alongside the demo code your call consumed. Operational call routing logs may contain phone metadata for limited retention. This applies only to inbound calls to our demo number — calls to your own VeraDial number(s) are covered by the call sections above.

We share data with the following third-party services as necessary to provide VeraDial's features. Each service processes only the data required for its specific function. We require service providers that process personal data for VeraDial to protect that data under privacy and security obligations that provide the same or equal protection required by this Privacy Policy.

Twilio: Voice calls, SMS delivery, phone number provisioning, call recording, and voicemail recording and transcription. Twilio processes call audio and message content. Twilio Privacy Policy

Supabase: Authentication, database hosting (US-West-2 region), and file storage for voicemail greeting audio. Supabase Privacy Policy

RevenueCat: In-app purchase management and subscription tracking. RevenueCat Privacy Policy

ElevenLabs: AI voice processing for AI Call, ElevenLabs-backed Call Screening, and Voicemail Greetings. For AI calls and ElevenLabs screening, call audio and your instructions or screening prompts are processed to generate the AI agent's responses. For voicemail greetings, your greeting text is converted to speech audio. ElevenLabs Privacy Policy

Cartesia: Voice cloning and cloned voice text-to-speech for voicemail greetings. When you create a cloned voice, your recorded sample is sent to Cartesia to create the voice model. When you generate a greeting with that clone, your greeting text and selected voice identifier are sent to Cartesia to generate audio. Cartesia Privacy Policy

OpenAI: AI voice processing for AI Call and, when selected through LiveKit screening, Call Screening. When OpenAI is selected as the AI provider, call audio and your instructions or screening prompts are processed in real-time by OpenAI's Realtime API to generate the AI agent's responses. OpenAI Privacy Policy

Google (Gemini): AI processing for AI Call, LiveKit-routed Call Screening when Gemini is selected, and Contact Memory. For AI calls and screening, call audio and your instructions or screening prompts are processed in real-time by Google's Gemini API to generate the AI agent's responses. For Contact Memory, text from your call transcripts, voicemail transcriptions, AI call summaries, and SMS messages is sent to Google's Gemini API to generate per-contact summaries. Google receives this content only when the corresponding feature is used. Google Privacy Policy

xAI (Grok): AI voice processing for AI Call and, when selected through LiveKit screening, Call Screening. When xAI is selected as the AI provider, call audio and your instructions or screening prompts are processed by xAI's Grok API to generate the AI agent's responses. xAI Privacy Policy

LiveKit: Real-time audio routing and SIP connectivity for AI calls and LiveKit-backed call screening. When LiveKit transport is used, call audio is routed through LiveKit's infrastructure to connect the AI agent with the phone call. LiveKit processes call audio in transit but does not store it. LiveKit Privacy Policy

Google Maps: The Call Map feature uses Google Maps to display your call locations. When you use Call Map, Google receives map tile requests and your viewport region. Google Maps is subject to Google's Privacy Policy.

Deepgram: Speech-to-text transcription for recorded calls. When you record a call, the audio is sent to Deepgram for automatic transcription. Deepgram Privacy Policy

Sentry: Error tracking and crash reporting. We send error reports and diagnostic data to Sentry to identify and fix technical issues. Sentry does not receive message content or call audio. Sentry Privacy Policy

Expo: Push notification delivery. Device push tokens are sent through Expo's push notification service, which routes them to Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM) for delivery to your device. Expo Privacy Policy

PostHog: Product analytics for the app and website. We send anonymized event data, including screen views, feature usage, paywall and purchase events, website page views, demo funnel events, and app store click events, to PostHog to understand how VeraDial is used and improve the product. Sensitive fields are stripped before analytics events are sent; GeoIP is disabled; masked website session replay is limited to /demo and /demo/live and is not used in the mobile app or on non-demo website pages. PostHog does not receive message content, call audio, transcripts, contact details, or unmasked form input values; analytics events strip raw website URLs with query strings. PostHog Privacy Policy

Vercel: Website hosting and analytics. We use Vercel Analytics and Speed Insights to understand website performance. These tools collect anonymous usage data and do not use cookies for tracking. Vercel Privacy Policy

Firecrawl: Website content extraction for the demo receptionist builder. When you submit a business URL in the public demo flow to generate an AI receptionist preview, Firecrawl fetches the public web page and returns extracted text and metadata so the demo can be tailored to your business. Firecrawl receives the URL you submit and the page content it extracts. Firecrawl Privacy Policy

Apple / Google: App distribution and payment processing via the App Store and Google Play Store.

VeraDial sends push notifications for incoming messages, new voicemails, missed calls, AI call completions, and low credit balance alerts.

For your privacy, notifications display only the sender or caller number — no message content, voicemail transcriptions, or AI summaries appear on your lock screen.

You can disable notifications at any time through your device's system settings. Push tokens are stored on our server and are automatically deleted when you sign out or your session expires.

We use industry-standard measures to protect your data, including encryption in transit (TLS/HTTPS), authenticated API access, and secure credential storage. Authentication tokens are validated using public-key cryptography (ES256 via JWKS).

While we take reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Your data is stored and processed in the United States (US-West-2 region, Oregon). If you are located outside the United States, your data will be transferred to and processed in the United States. By using VeraDial, you consent to this transfer.

Our third-party service providers may process data in their own data centers, which may be located in different regions. See Section 3 for details on each provider.

California residents (CCPA): You have the right to know what data we collect, request deletion, and opt-out of the sale of personal information. We do not sell your personal data.

Canadian residents (PIPEDA): You have the right to access your personal information held by VeraDial, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. We collect and use personal information only for purposes that a reasonable person would consider appropriate.

EU/EEA residents (GDPR): You have the right to access, rectify, erase, and port your data.

To exercise your rights, email support@veradial.com.

VeraDial is NOT a replacement for traditional phone service. 911 and emergency calling is not supported. Do not rely on VeraDial for emergency communications.