Privacy Policy
Last updated: May 17, 2026
CallCoveAI is operated by First Commit LLC (“First Commit LLC,” “we,” “us”). This Privacy Policy explains what information we collect through CallCoveAI, how we use it, and the choices you have. It applies to customers who sign up for the service and to end-users who call a phone number operated by a CallCoveAI customer.
1. Information we collect
Account information. When you create an account we collect your name, email, organization, and, if you sign in with Google, the basic profile fields Google shares with us (name, email, profile picture, Google account ID). We do not request access to your Gmail, Calendar, Drive, or contacts.
Call content. When a caller reaches a CallCoveAI-powered phone number, we process the audio in real time, generate a transcript, and may store an audio recording if the customer has enabled recording. We surface a verbal disclosure to callers when recording is on.
Usage and diagnostic data. We collect logs, metrics, and traces about how the platform performs, including call duration, latency, error rates, and the providers used per call (telephony, speech-to-text, language model, text-to-speech).
Marketing communications. If you opt in to marketing emails (during sign-up or from your account settings), we record the opt-in timestamp, source, and IP/user-agent metadata. Every marketing email contains a one-click unsubscribe link. You can also revoke consent at any time from Account settings.
Billing information. Payments are processed by Stripe. We store the last four digits and expiry of cards plus Stripe customer / subscription identifiers; we never see or store the full card number.
2. How we use information
- Operate and improve the CallCoveAI service.
- Authenticate users and prevent fraud or abuse.
- Bill customers for usage and answer billing questions.
- Communicate with customers about their account and service updates (transactional).
- Send marketing emails only to recipients who have opted in, and only until they unsubscribe.
- Detect and investigate security incidents.
- Comply with legal obligations.
We do not sell personal information. We do not train third-party large language models on customer call content, and our LLM provider contracts prohibit our providers from doing so on our behalf.
3. Sub-processors
To run the service we rely on a small set of vetted vendors: Amazon Web Services (infrastructure), Telnyx and Twilio (telephony), Deepgram (speech-to-text), Anthropic (language model), Cartesia and ElevenLabs (text-to-speech), LiveKit (real-time media), Stripe (billing), Upstash (cache), Grafana Cloud and Sentry (observability), and AWS SES (email). Each handles data only as required to deliver the service. A current list with links is maintained in our trust portal.
4. Data retention
Call recordings move to lower-cost storage after 7 days and to archive after 30 days; we delete them after 1 year unless the customer has configured a different retention window. Transcripts follow the same schedule. Account and billing records are kept while your account is active and for up to 7 years afterward for tax and accounting purposes. Marketing consent audit records are retained for at least 4 years after unsubscribe to support CAN-SPAM and TCPA compliance.
5. Security
We encrypt data in transit (TLS 1.2+) and at rest. Production access is limited to authorized personnel, gated by SSO and short-lived credentials, and logged. We do not currently support HIPAA workloads and do not sign Business Associate Agreements at this time. Do not transmit protected health information through CallCoveAI.
6. Your choices and rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain uses. To exercise these rights, email privacy@callcove.ai. We will respond within 30 days.
You can revoke CallCoveAI’s access to your Google account at any time from Google Account → Security → Third-party apps.
7. Children
CallCoveAI is not directed to anyone under 16, and we do not knowingly collect their personal information.
8. International transfers
Our infrastructure runs in the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S.
9. Changes to this policy
We will post material changes to this policy on this page and update the “Last updated” date. Continued use of the service after a change means you accept the updated policy.
10. Contact
Privacy questions or requests: privacy@callcove.ai. General contact: Contact page.
This document is a working draft and is pending review by qualified legal counsel before launch.