1. Who we are & scope

Controller vs. Processor: For information we collect about our own prospects and website visitors, we act as a controller. For information our business customers upload or generate in the Services (e.g., lead lists, call audio, transcripts, dispositions, calendar data, CRM data), we act as a processor/service provider processing on their instructions.

Audience: Our Services are for business users. We do not knowingly collect information from children under 16.

Territory: We operate in the United States and may process data globally through vetted subprocessors.

2. Information we collect

We collect information directly from you, automatically, and from third parties. The information we collect depends on how you interact with us.

3. How we use information

We use information for the following purposes:

• Provide and operate the Services including placing/receiving calls, generating/playing synthesized speech, transcribing audio, booking meetings, syncing with integrations, troubleshooting, and providing customer support.
• Configure & secure accounts, authenticate users, prevent fraud/abuse, enforce our Terms, and ensure the safety and integrity of the Services.
• Improve and develop new features, quality, accuracy, and performance (including quality assurance, analytics, testing, and research).
• Personalize experiences, content, and settings.
• Communicate with you about product updates, security alerts, and administrative messages.
• Marketing to business contacts consistent with applicable law (you may opt out at any time).
• Compliance with legal obligations and to protect our rights.
• AI model training: We do not permit third‑party AI vendors to train their models on your Customer Content unless you or your organization explicitly opt in. We may use de‑identified or aggregated data for internal research, benchmarking, and to improve the Services.

4. Legal bases (EEA/UK only)

Where GDPR/UK GDPR applies, we rely on: contract performance; legitimate interests(e.g., securing and improving the Services, preventing abuse, and B2B marketing); consent (where required, e.g., for certain cookies or recordings); and legal obligations.

5. How we share information

We share information under strict controls:

• Service Providers / Subprocessors: cloud hosting, telephony and messaging carriers, call routing and STT/TTS/LLM providers, analytics, error monitoring, payments, CRM/calendar connectors, and customer support tools—each bound by confidentiality and data‑processing terms.
• Business Partners you connect: If you enable an integration, we will share relevant data with that integration per your settings.
• Corporate transactions: information may be disclosed in connection with a merger, acquisition, financing, or sale of assets.
• Legal & safety: to comply with law, lawful requests, and to protect rights, safety, and property.
• Aggregated/De‑identified: we may share insights that do not identify individuals.

6. International transfers

We may transfer, store, and process information in countries other than where it was collected, including the United States. Where required, we use lawful transfer mechanisms (e.g., EU Standard Contractual Clauses) and implement appropriate safeguards.

7. Data retention

We retain information as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

• Default retention: system logs and analytics up to 36 months; support records up to 24 months.
• Customer Content: configurable by the customer. If no retention is specified, we may retain recordings and transcripts for up to 18 months to support product functionality, quality assurance, and your account history.
• Backups/archives: may persist for up to 180 days after deletion to ensure reliability and disaster recovery.

You may request deletion through in‑product tools or by contacting us; we will comply in accordance with our role and applicable law.

8. Your choices

• Marketing opt‑out: you can unsubscribe via the link in our emails or by contacting us.
• Cookies & tracking: manage cookies via browser settings and in‑product cookie controls where available.
• Recording & announcements: you control whether calls are recorded and whether announcements are played. You are responsible for enabling these features to meet applicable consent laws.

9. Your rights

Depending on your location, you may have the right to access, correct, delete, restrict, port, or object to certain processing. If we process your information as a processor on behalf of a customer, we will forward your request to that customer and assist them in responding. To exercise rights, contact us at legal@flydial.ai.

Residents of certain U.S. states (e.g., CA, CO, CT, UT, VA) have additional rights described in the U.S. State Privacy Addendum below.

10. Security

We implement technical and organizational measures designed to protect information, including encryption in transit, access controls, audit logging, environment isolation, and vendor due diligence. No system is 100% secure; please use strong, unique passwords and enable available security features (e.g., SSO, MFA).

11. Data of others that you submit

If you provide us with personal information about others (e.g., leads, prospects, or call participants), you represent that you have provided all required notices and obtained all necessary consents/permissions to do so. You must not upload sensitive personal information unless strictly necessary and lawfully permitted.

12. Children’s privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from them.

13. Changes to this Policy

We may update this Policy from time to time. The updated version will be indicated by an updated "Effective" date and becomes effective when posted. Your continued use of the Services means you accept the updated Policy.

14. Contact us

U.S. State Privacy Addendum (including California)

This Addendum supplements the Policy for residents of U.S. states with comprehensive privacy laws (e.g., CA, CO, CT, UT, VA). Terms like "sell," "share," and "sensitive personal information" have the meanings given by applicable law.

Cookie & Tracking Notice (Summary)

We use cookies and similar technologies to operate and improve the Services, remember preferences, measure performance, and conduct analytics. You can control cookies through your browser and device settings. Some features may not function properly without certain cookies.

Subprocessors (Illustrative examples)

We use carefully selected vendors to deliver the Services. Current categories include:

• Cloud & Infrastructure: cloud hosting, databases, content delivery networks.
• Telephony & Communications: telephony carriers and APIs; call quality tooling.
• AI/ML & Speech: speech‑to‑text, text‑to‑speech, and large language model providers.
• Payments: payment processing and fraud prevention.
• Analytics & Monitoring: product analytics, performance monitoring, error tracking.
• Support & Productivity: help desk, ticketing, email delivery, and project tools.

A current list of named subprocessors is available upon request and may be updated from time to time.

Regional Disclosures & Data Processing Addendum

• EEA/UK/Swiss residents: Flydial offers a Data Processing Addendum (including SCCs) upon request. We will act as processor for Customer Content and as controller for our own business operations data.
• U.S. service provider: For Customer Content, Flydial acts as a "service provider" or "processor" under applicable U.S. state privacy laws and will not use such data for any purpose other than providing the Services, maintaining/improving security, or as otherwise permitted by law or your contract.

Definitions (selected)