Privacy Policy

Last Updated: October 31, 2025

1. Introduction

Charlie ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI voice assistant service and related calendar integration features.

By using Charlie, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account with Charlie, we collect:

  • Email address - Required for account creation and authentication
  • Name and business information - Business name, industry, description
  • Phone numbers - For connecting your voice assistant phone numbers
  • Business profile details - Business hours, contact information, preferences

2.2 Google Calendar Data

When you connect your Google Calendar account, we access:

  • Calendar events and availability information (read-only access) - To check if time slots are available before booking appointments
  • Ability to create, update, and delete calendar events (write access) - To book appointments, reschedule, and cancel meetings on your behalf
  • Your Google account email and basic profile information - To identify which Google Calendar account to connect and display in your dashboard

We only access calendar data that is necessary to provide our appointment scheduling functionality. We do not access calendar data beyond what is required for scheduling appointments.

2.3 Calendly Data (If Connected)

If you connect your Calendly account:

  • Event types and availability - To check available appointment times
  • Booking creation - To schedule appointments through Calendly
  • Your Calendly account information - Email, name, and connection status

2.4 Voice Assistant Data

When using our voice assistant service:

  • Call transcripts and recordings - Recordings and transcripts of phone calls handled by the AI assistant
  • Call metadata - Call duration, timestamps, phone numbers, call outcomes
  • Customer information collected during calls - Names, phone numbers, email addresses, and other information provided by callers

2.5 Usage Data

We automatically collect certain information about your use of the service:

  • Service usage metrics - How often you use features, which features are used most
  • Appointment booking history - Records of appointments booked through the service
  • Log files and technical data - IP addresses, browser type, device information, error logs
  • API usage statistics - Number of calls handled, features accessed

2.6 Payment Information

When you subscribe to our paid plans:

  • Payment method information - Processed securely through Stripe
  • Billing address and contact information
  • Subscription details - Plan type, billing cycle, payment history

Note: We do not store your full payment card details. All payment processing is handled by Stripe, a PCI-compliant payment processor.

2.7 Knowledge Base Data

If you upload documents or create a knowledge base:

  • Documents and files - Any documents, PDFs, or files you upload to train the AI assistant
  • Custom information - Business-specific information, FAQs, policies, or procedures you provide

3. How We Use Your Information

3.1 Core Service Delivery

We use your information to provide and improve our services:

  • Calendar Integration:
    • Check calendar availability to prevent double-booking
    • Create calendar appointments when customers book through the voice assistant
    • Sync scheduling data between Charlie and your connected calendar (Google Calendar or Calendly)
    • Display upcoming appointments in your dashboard
  • Voice Assistant Services:
    • Handle incoming phone calls and route them appropriately
    • Schedule appointments through voice interactions
    • Answer customer questions using your knowledge base
    • Take messages and capture customer information
  • Account Management:
    • Authenticate users and manage accounts
    • Manage subscriptions and billing
    • Provide customer support and respond to inquiries

3.2 Service Improvement

We use aggregated and anonymized data to:

  • Analyze usage patterns to improve our services
  • Debug technical issues and fix bugs
  • Train and improve our AI models (using anonymized data)
  • Develop new features and functionality

3.3 Communication

We use your contact information to:

  • Send service-related notifications and updates
  • Respond to support requests and inquiries
  • Send important announcements about our services
  • Provide billing and subscription updates

3.4 Legal Compliance

We may use your information to:

  • Comply with legal obligations
  • Respond to legal requests or court orders
  • Protect our rights, property, or safety, or that of our users
  • Investigate potential violations of our terms of service

4. Data Storage and Security

4.1 Storage

Your data is stored securely using industry-standard encryption and security measures:

  • Database: Data is stored in Supabase, a secure cloud database platform with encryption at rest and in transit
  • OAuth Tokens: Google Calendar and Calendly access tokens are encrypted and stored securely. We never store your Google or Calendly passwords
  • File Storage: Uploaded documents and files are stored securely with access controls
  • Backups: Regular encrypted backups are performed to ensure data availability

4.2 Security Measures

We implement multiple layers of security:

  • Encryption: All data in transit is encrypted using TLS/SSL. Data at rest is encrypted using industry-standard encryption
  • Access Controls: Only authorized personnel can access user data, and only for support purposes. Access is logged and audited
  • Authentication: Strong authentication mechanisms, including OAuth 2.0 for third-party integrations
  • Regular Audits: We regularly review and update our security practices
  • Incident Response: We have procedures in place to detect, respond to, and notify users of security incidents

4.3 Third-Party Service Providers

We use the following third-party services that store or process your data:

  • Supabase - Database and authentication provider
  • Vapi.ai - Voice assistant platform (processes call recordings and transcripts)
  • Stripe - Payment processing (handles payment information)
  • Google Calendar API - Calendar integration
  • Calendly API - Calendar scheduling (if Calendly is connected)
  • Vercel - Hosting and deployment platform

All third-party providers are required to maintain appropriate security standards.

5. Third-Party Services and Integrations

5.1 Google Calendar API

When you connect Google Calendar:

  • What we access: Calendar events, availability, and basic profile information
  • How we use it: To check availability and create/update appointments
  • Google's Privacy Policy: Your use of Google Calendar API is subject to Google's Privacy Policy
  • Data Sharing: We do not share your calendar data with other third parties

5.2 Calendly API

When you connect Calendly:

  • What we access: Event types, availability, and booking capabilities
  • How we use it: To check availability and schedule appointments
  • Calendly's Privacy Policy: Subject to Calendly's Privacy Policy
  • Data Sharing: We do not share your Calendly data with other third parties

5.3 Vapi.ai

We use Vapi.ai to power our voice assistant:

  • What they process: Call recordings, transcripts, and voice interactions
  • How it's used: To enable voice assistant functionality
  • Data retention: Call data is retained according to your subscription plan settings
  • Vapi.ai's Privacy Policy: Subject to Vapi.ai's Privacy Policy

5.4 Supabase

We use Supabase for database and authentication:

  • What they store: User accounts, calendar connections, call logs, and other service data
  • Security: Supabase maintains SOC 2 Type II certification and implements industry-standard security measures
  • Supabase's Privacy Policy: Subject to Supabase's Privacy Policy

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who assist in operating our service:

  • Cloud hosting and database providers (Supabase, Vercel)
  • Payment processors (Stripe)
  • Voice assistant platform (Vapi.ai)
  • Analytics and monitoring services

All service providers are contractually obligated to:

  • Use your information only for the purposes we specify
  • Maintain appropriate security measures
  • Comply with applicable privacy laws

6.2 Legal Requirements

We may disclose your information when:

  • Required by law, court order, or governmental authority
  • Necessary to protect our rights, property, or safety
  • Necessary to protect the rights, property, or safety of our users
  • Required to investigate potential violations of our terms of service

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Your information may be transferred as part of the transaction
  • You will be notified via email of any such change in ownership
  • Your information will continue to be protected under this Privacy Policy

6.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7. Your Rights and Choices

7.1 Access

You can access and view your personal data through your Charlie dashboard or by contacting us.

7.2 Correction

You can update or correct inaccurate information:

7.3 Deletion

You can request deletion of your account and associated data:

Note: Some information may be retained as required by law or for legitimate business purposes (e.g., transaction records).

7.4 Data Portability

You can request your data in a machine-readable format (JSON or CSV).

7.5 Disconnect Integrations

You can revoke access to connected services at any time:

  • Google Calendar: Disconnect through your dashboard settings or Google account settings
  • Calendly: Disconnect through your dashboard settings or Calendly account settings

When you disconnect, we will:

  • Immediately revoke access tokens
  • Stop accessing your calendar data
  • Delete stored connection information

7.6 Opt-Out of Communications

You can opt out of marketing emails while continuing to receive service-related notifications.

To exercise any of these rights, please contact us at: sarvesh@altius.so

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services.

8.1 Active Accounts

  • Account information is retained while your account is active
  • Calendar connections are retained until you disconnect
  • Call transcripts and recordings are retained according to your subscription plan settings

8.2 Deleted Accounts

If you delete your account:

  • Your account information is deleted immediately
  • Call transcripts and recordings may be retained for up to 90 days for backup purposes
  • We may retain anonymized, aggregated data for analytical purposes
  • Google Calendar and Calendly tokens are revoked and deleted immediately
  • Payment and billing records may be retained as required by law (typically 7 years)

8.3 Legal Requirements

We may retain certain information longer if required by:

  • Legal obligations
  • Court orders or legal proceedings
  • Regulatory requirements

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at sarvesh@altius.so and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses
  • Adequate security measures
  • Compliance with applicable data protection laws

By using our service, you consent to the transfer of your information to countries where we operate.

11. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about what personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise your California privacy rights, contact us at: sarvesh@altius.so

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Access your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your data
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise your GDPR rights, contact us at: sarvesh@altius.so

Legal Basis for Processing:

  • Performance of Contract: Processing necessary to provide our services
  • Legitimate Interests: Improving our services, security, fraud prevention
  • Consent: Where you have given explicit consent
  • Legal Obligations: Compliance with applicable laws

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Authenticate users and maintain sessions
  • Remember your preferences
  • Analyze usage patterns
  • Improve service performance

Types of cookies we use:

  • Essential cookies: Required for the service to function
  • Analytics cookies: Help us understand how users interact with our service
  • Preference cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices
  • Changes in applicable laws
  • Improvements to our services
  • Feedback from users

How we'll notify you:

  • Post the new Privacy Policy on this page
  • Update the "Last Updated" date
  • Send an email notification for material changes
  • Display a notice in the dashboard for significant updates

Your continued use of our service after changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.

16. Effective Date

This Privacy Policy is effective as of October 31, 2025, and will remain in effect except with respect to any changes in its provisions, which will take effect immediately upon being posted on this page.

By using Charlie, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.