← Back to Callio

Privacy Policy

Last updated: June 2026  ·  Algo Automations

1. Introduction

Algo Automations ("we", "us", "our") operates Callio, an AI-powered voice receptionist service accessible at [callio.app] (the "Service").

This Privacy Policy explains how we collect, use, share, and protect personal data when you use our Service. It also explains the rights you have over your data under applicable law, including the EU General Data Protection Regulation (GDPR).

By using Callio you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Data Controller

For the purposes of GDPR and equivalent legislation, the data controller is:

Algo Automations

Email: [contact@algoautomations.com]

Where we process personal data on behalf of our customers (i.e. data about their callers), we act as a data processor and our customers are the data controllers for that data.

3. Data We Collect — Business Customers

When you create and use a Callio account, we collect the following personal data:

Account data

  • Full name and email address
  • Password — stored as a secure hash via Supabase; we never see your plain-text password

Business profile data

  • Business name, industry, and timezone
  • Operating hours and after-hours policy
  • FAQs, services offered, and booking URL
  • Notification email address and WhatsApp number
  • VIP contact list (names and phone numbers you choose to provide)
  • AI receptionist name and voice preference
  • Escalation phone number

Billing data

  • Stripe customer ID and subscription status (plan, billing period, minutes used)
  • Payment card data is handled exclusively by Stripe; we do not store card numbers

Usage data

  • Login timestamps and session tokens
  • Aggregate usage metrics (minutes consumed, number of calls handled)

4. Data We Collect — Your Callers

When your Callio AI receptionist handles a phone call on your behalf, we process data about the caller. As the business operating Callio, you are the data controller for this data and are responsible for ensuring you have appropriate grounds to process it.

The following caller data is processed and stored:

  • Caller phone number (CLI)
  • Call start time, end time, and duration
  • Full call transcript — a text record of everything said by both the caller and the AI receptionist
  • Call recording — an audio file of the call, hosted by Vapi.ai
  • Call summary and outcome classification (e.g. appointment booked, message taken, escalated)
  • Information volunteered by the caller during the call: name, address, preferred appointment time, service requested, callback number, or message content

Callio is a B2B tool. We do not knowingly collect data directly from individual end consumers; that data is collected by you (the business) through your use of the Service.

5. How We Use Your Data

We use the data we collect to:

  • Provide the Service — configure your AI receptionist, handle incoming calls, and route or escalate calls according to your settings
  • Deliver call summaries — send you email and/or WhatsApp notifications after each call
  • Process payments — manage your subscription and billing via Stripe
  • Send transactional emails — welcome emails, billing receipts, and service notifications via Resend
  • Improve the Service — analyse aggregated, anonymised usage patterns to improve reliability and features
  • Comply with legal obligations — retain records as required by applicable law

We do not sell your personal data or your callers' data to third parties. We do not use caller data for advertising purposes.

6. Legal Basis for Processing (GDPR)

Processing activityLegal basis (GDPR Art. 6)
Account creation and managementArt. 6(1)(b) — performance of a contract
Delivering AI call handlingArt. 6(1)(b) — performance of a contract
Payment processingArt. 6(1)(b) — performance of a contract
Sending transactional emails and call summariesArt. 6(1)(b) — performance of a contract
Service improvement and analyticsArt. 6(1)(f) — legitimate interests
Legal compliance and record-keepingArt. 6(1)(c) — legal obligation

7. Third-Party Service Providers (Sub-processors)

We share data with the following sub-processors only to the extent necessary to provide the Service:

Vapi.ai

Real-time voice AI infrastructure, call routing, recording storage, and transcription orchestration

Data shared: Call audio, transcripts, caller number, your AI configuration

OpenAI (via Vapi)

Large language model powering AI receptionist responses

Data shared: Call transcripts, your business FAQs and configuration

Deepgram (via Vapi)

Speech-to-text transcription of call audio

Data shared: Raw call audio

ElevenLabs (via Vapi)

AI voice synthesis for the receptionist

Data shared: Text of AI responses

Supabase

Database storage and user authentication

Data shared: All account, business, and call data

Stripe

Subscription and payment processing

Data shared: Name, email, billing information

Resend

Transactional email delivery

Data shared: Email address, call summaries, caller information in call notifications

We do not share your data with any other third parties except where required by law or with your explicit consent.

8. International Data Transfers

Some of our sub-processors (including Vapi, OpenAI, Deepgram, and Resend) are based in the United States. When data is transferred from the European Economic Area (EEA) to these providers, such transfers are made under appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or the UK International Data Transfer Agreement (IDTA), as applicable.

You may request a copy of the relevant transfer mechanisms by contacting us at the address in Section 13.

9. Data Retention

  • Account and business data — retained for the duration of your active subscription and for 30 days after cancellation or account closure, after which it is permanently deleted
  • Call records and transcripts — retained for 12 months from the date of the call, then automatically deleted
  • Call recordings (audio) — stored by Vapi.ai; subject to their own retention policies
  • Billing records — retained for 7 years as required by tax and financial regulations

You may request earlier deletion of your data — see your rights in Section 11.

10. Cookies and Tracking

Callio uses only strictly necessary cookies required for the Service to function:

  • Authentication cookies — set by Supabase to maintain your logged-in session; expire when you sign out or your session ends

We do not use advertising cookies, tracking pixels, or third-party analytics services (such as Google Analytics). No cookies are set without a functional purpose.

11. Your Data Rights

Under GDPR (and equivalent laws), you have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten"), subject to our legal retention obligations
  • Right to restriction — request that we limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at the address in Section 13. We will respond within 30 days. We may ask you to verify your identity before processing your request.

You also have the right to lodge a complaint with your national data protection authority. In Ireland, this is the Data Protection Commission (DPC) at dataprotection.ie.

12. Children's Privacy

Callio is a business-to-business service and is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email to the address on your account and update the "Last updated" date at the top of this page. Your continued use of the Service after notification constitutes acceptance of the updated policy.

14. Contact Us

For any privacy-related questions, requests, or complaints, please contact us at:

Algo Automations

Email: [contact@algoautomations.com]

© 2026 Algo Automationscallio.app