Privacy Policy

Last updated: April 12, 2026

1. What We Are

Allison Voice ("we," "us," "our") is an AI voice agent platform. Businesses use Allison Voice to create AI-powered phone agents that answer calls, schedule appointments, handle customer inquiries, and more. This Privacy Policy explains how we collect, use, store, and protect information when you use our platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, business name, timezone, and phone number(s) you configure for your agent. If you subscribe to a paid plan, we process payment information through Square (we do not store card numbers directly).

Knowledge Base Content

You provide business information to train your agent: facts, FAQs, policies, documents, intents, escalation rules, and integration configurations. This content is stored in our database and used exclusively to power your agent.

Call Data

When your AI agent handles a phone call, we process and store: caller phone numbers, call duration, conversation transcripts, AI-generated call summaries, and any data collected during the call (names, appointment details, etc.). Discovery calls with Allison (our consultation agent) are also recorded and transcribed to generate your initial agent configuration.

Usage Data

We track AI minutes consumed per call for billing purposes. We also log tool executions (when your agent calls external APIs during a conversation) for audit and debugging.

Email Data

We log outbound emails sent by the platform (confirmations, summaries, notifications) including recipient address, subject, and delivery status. We validate email addresses using ZeroBounce to protect our sending reputation.

3. How We Use Your Information

  • To provide and operate the Allison Voice platform
  • To power your AI voice agent with the knowledge you provide
  • To process and transcribe phone calls handled by your agent
  • To auto-generate agent configurations from discovery calls
  • To calculate and bill AI minutes usage
  • To send transactional emails (confirmations, summaries, billing)
  • To provide customer support (including via our AI support agent)
  • To improve the platform (aggregated, non-identifying data only)

4. Third-Party Services

Your data is processed by the following subprocessors (third-party service providers acting on our documented instructions) as part of normal platform operation:

  • Twilio — Telephony infrastructure. Processes phone numbers, call audio, and call metadata. Twilio Privacy Policy
  • Deepgram — Speech-to-text and text-to-speech processing. Receives call audio for transcription and generates spoken responses. Deepgram Privacy Policy
  • Anthropic (Claude) — Large language model powering agent conversations. Receives conversation transcripts and knowledge base content to generate responses. Anthropic Privacy Policy
  • OpenAI — Embedding generation for document search (RAG). Receives text content from uploaded documents. OpenAI Privacy Policy
  • Square — Payment processing for subscriptions. Square Privacy Policy
  • Supabase — Database hosting and authentication. Supabase Privacy Policy
  • Amazon Web Services (SES) — Email delivery. AWS Privacy Policy
  • ZeroBounce — Email validation. Receives email addresses for deliverability verification. ZeroBounce Privacy Policy

When you connect third-party integrations (Google Calendar, HubSpot, Calendly, etc.), your agent may read from and write to those services as you authorize. We store encrypted OAuth tokens for these connections but do not access your data in those services beyond what's needed for the functions you configure.

5. Google API Services User Data

Allison Voice's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect Google Calendar through our platform, we request access to the following Google API scopes:

  • calendar.events — To check availability, create appointments, reschedule, and cancel calendar events on your behalf during phone calls.
  • calendar.readonly — To list your available calendars so you can choose which ones your agent uses.
  • userinfo.email — To display which Google account is connected in your dashboard (e.g., "Connected as jane@example.com") and prevent accidental duplicate connections.
  • userinfo.profile — To display your Google account name alongside the connection status for easier account identification.

How we use Google user data: Your Google Calendar data is accessed exclusively to provide appointment scheduling functionality through your AI voice agent. When a caller requests a booking, your agent checks calendar availability and creates events. We store encrypted OAuth tokens to maintain the connection. We do not store copies of your calendar events in our database — we read them in real time during calls. Your Google profile information (email and name) is stored only to identify which account is connected in your dashboard.

What we do NOT do with Google user data:

  • We do not use Google user data for advertising or marketing purposes.
  • We do not sell, rent, or share your Google user data with third parties.
  • We do not use Google user data to build user profiles for purposes unrelated to providing the service.
  • We do not use Google user data to determine credit-worthiness or for lending purposes.
  • We do not copy, cache, or persist Google Calendar event data in our database. Event data is read and written in real time during active calls; no event content is stored between calls.
  • No Allison Voice employee or contractor reads your Google user data unless you provide explicit consent for a specific support request, or it is necessary for security investigation or legal compliance.

Subprocessors: To understand caller requests and determine appropriate actions, your AI agent uses large language models operated by Anthropic (Claude) and OpenAI. These providers are subprocessors acting on Allison Voice's documented instructions under contractual agreements; they do not retain, use, or transfer your Google user data for their own purposes.

Data retention: Your Google profile information (email, name) is retained only for the duration of the integration — disconnecting Google Calendar from your dashboard or deleting your Allison Voice account removes it. Google Calendar event data is not retained at all; it is read in real time during calls and never stored in our database.

Revoking access: You can disconnect Google Calendar at any time from the Integrations page in your dashboard. This immediately disables all calendar-related functionality for your agent. You can also revoke access from your Google Account permissions page.

6. Data Isolation and Security

  • Structural tenant isolation — Each organization's data is isolated at the database level using row-level security policies and server-side enforcement triggers. It is structurally impossible for one client's agent to access another client's data.
  • Encryption — Integration credentials and OAuth tokens are encrypted at rest using AES-256-GCM. Connections to all services use TLS.
  • Admin authentication — Platform administrators use two-factor authentication (password + email OTP) with server-side session management.
  • Audit logging — All tool executions during calls are logged with timestamps for accountability.

7. AI Disclosure

All Allison Voice agents identify themselves as AI at the beginning of every call. We believe in transparency with callers. Our discovery agent (Allison) also discloses that calls may be recorded to build agent configurations.

8. Data Retention

We retain your data for as long as your account is active. Call transcripts and summaries are retained for the duration of your subscription. If you cancel your account, we will delete your data within 30 days unless legally required to retain it. You may request data export or deletion at any time by contacting us.

9. Your Rights

  • Access — You can access all your data through the dashboard at any time.
  • Deletion — You may request deletion of your account and all associated data.
  • Export — You may request an export of your data.
  • Correction — You can update your information through the dashboard or by contacting us.

10. Cookies

We use session cookies for authentication (Supabase auth cookies and admin session cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children's Privacy

Allison Voice is a business platform and is not directed at individuals under the age of 18. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform. Your continued use of the platform after changes constitutes acceptance.

13. Contact

For privacy questions or data requests, contact us at team@allisonvoice.com.