1. Scope & Roles
This Policy applies to personal data we process when you visit our websites, create an account, use the Services, contact support, or otherwise interact with us. It is designed to meet the requirements of applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and rules thereunder, and, where applicable to our users, the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
Two roles. For account, billing, and usage data of our customers, Crawlink acts as the data fiduciary/controller. For Customer Content that our customers submit through the Services (such as their contact lists, call recordings, and end-user data), the customer is the controller/data fiduciary and Crawlink processes that data on the customer's behalf and instructions. If you are an end user of one of our customers, please direct privacy requests to that customer first; we will support them in responding.
2. Information We Collect
2.1 Information you provide
- Account data: name, email address, password (stored hashed), organization name, role, and profile details.
- Billing data: billing contact, plan, transaction history, and payment details (card data is handled by our payment processors; we do not store full card numbers).
- Customer Content: contacts, call recordings, transcripts, messages, prompts, and other materials you or your users submit through the Services.
- Communications: support requests, survey responses, and other correspondence with us.
2.2 Information collected automatically
- Usage data: features used, pages viewed, API calls, timestamps, and interaction logs.
- Device and connection data: IP address, browser type, operating system, device identifiers, language, time zone, and approximate location derived from IP.
- Security data: sign-in events, device fingerprints, token issuance and refresh events, and audit logs used to protect accounts.
- Cookies and similar technologies: as described in Section 5.
2.3 Information from third parties
- Sign-in providers: if you sign in with Google or another identity provider, we receive your name, email, and profile identifier from that provider as permitted by your settings.
- Service providers and partners: payment confirmation from processors, fraud signals, and analytics data.
3. How We Use Information
- to provide, operate, maintain, and secure the Services, including authentication, session management, and fraud prevention;
- to process transactions, manage subscriptions, and send invoices and billing notices;
- to provide customer support and respond to enquiries;
- to monitor, analyse, and improve the performance, reliability, and usability of the Services;
- to develop new features and, where lawful, to improve our models and automated systems using aggregated or de-identified data;
- to send service, security, and administrative communications;
- to send marketing communications where permitted, with the ability to opt out at any time;
- to comply with legal obligations, enforce our Terms of Service, and protect the rights, property, and safety of Crawlink, our users, and the public;
- for any other purpose disclosed to you at the time of collection or with your consent.
4. Legal Bases for Processing
Where applicable law requires a legal basis, we rely on:
- Contract: processing necessary to provide the Services you have requested;
- Consent: where you have given consent, such as for certain cookies or marketing — you may withdraw consent at any time without affecting prior processing;
- Legitimate interests: securing and improving the Services, preventing fraud and abuse, and growing our business, balanced against your rights;
- Legal obligation: compliance with tax, accounting, and other laws.
6. AI Processing
The Services use artificial intelligence to power features such as voice agents, transcription, and content generation. Audio, transcripts, and prompts you submit may be processed by our AI systems and by vetted AI infrastructure providers under contractual confidentiality and data protection obligations, solely to provide the Services. Where we use data to improve models, we use aggregated or de-identified data, or obtain the permissions required by applicable law. You are responsible for informing your end users about AI interactions and call recording where the law requires such notices.
8. International Data Transfers
We are based in India and use infrastructure providers that may store or process data in other countries. Where personal data is transferred across borders, we take steps designed to ensure it receives an adequate level of protection, including contractual safeguards such as standard contractual clauses where required, and we transfer data only to jurisdictions permitted under applicable law, including the Digital Personal Data Protection Act, 2023.
9. Data Retention
We retain personal data for as long as needed to provide the Services and for legitimate business or legal purposes, such as maintaining accounts, complying with tax and accounting obligations, resolving disputes, and enforcing agreements. Customer Content is retained while your account is active; after termination, you may request export for a limited period as described in our Terms of Service, after which we delete or de-identify it within a reasonable time, unless retention is required by law. Security and audit logs are kept for limited periods appropriate to their purpose.
10. Security
We implement reasonable technical and organisational security practices designed to protect personal data, including encryption in transit, hashed passwords, HttpOnly and Secure session cookies, token rotation, device-bound refresh flows, access controls, and audit logging. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; you are responsible for keeping your credentials confidential and for the security of devices you use to access the Services.
11. Your Rights
Subject to applicable law, you may have the right to:
- access the personal data we hold about you and receive a summary of processing;
- correct inaccurate or incomplete personal data;
- delete or erase your personal data;
- receive a portable copy of personal data you provided;
- object to or restrict certain processing, including direct marketing;
- withdraw consent at any time where processing is based on consent;
- nominate, in accordance with Indian law, another individual to exercise your rights in case of death or incapacity;
- lodge a complaint with a supervisory or data protection authority, including the Data Protection Board of India, your EU/UK supervisory authority, or your state attorney general, as applicable.
To exercise these rights, contact us at support@hellocall.ai. We may need to verify your identity before acting on a request, and we will respond within the timelines required by applicable law. We will not discriminate against you for exercising your rights.
12. Children's Privacy
The Services are intended for business use by adults and are not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will delete it.
13. Third-Party Links & Services
The Services may contain links to, or interoperate with, third-party websites and services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies before providing them with personal data.
14. Marketing Communications
Where permitted, we may send you information about features, offers, and updates. You can opt out at any time by using the unsubscribe link in our emails or contacting support@hellocall.ai. We will continue to send essential service and security communications, which are not promotional.
15. Data Breach Notification
In the event of a personal data breach affecting your data, we will notify the relevant authorities and affected individuals where and when required by applicable law, and will take reasonable steps to contain and remediate the incident.
16. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date above reflects the latest revision. For material changes we will provide notice through the Services or by email. Your continued use of the Services after a change becomes effective constitutes acknowledgement of the revised Policy.
17. Grievance Officer & Contact
In accordance with Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you may contact our Grievance Officer with any concerns about this Policy or the handling of your personal data:
Grievance Officer
Crawlink Networks Pvt Ltd
Registered office and corporate details: crawlink.com
Email: support@hellocall.ai
We endeavour to acknowledge grievances promptly and to resolve them within the timelines prescribed by applicable law.