ClaudeCall — Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes what ClaudeCall ("we", "us") collects, why, who we share it with, and what control you have over your data.

What we collect

Account information. Email, first name, company name, password hash, API key. We do NOT store plaintext passwords — Supabase Auth handles password hashing.

Billing information. Payment method tokens (we never store raw card numbers — Stripe holds those). Billing events: subscription charges, overage charges, refunds.

Lead lists. Phone numbers, names, addresses, and any other fields you upload via the lead-upload endpoint or via Claude. These are your customer-supplied lead lists.

Call data. Audio recordings, full transcripts, call duration, outcome, lead, campaign, started/ended timestamps, and call cost.

Usage data. Login times, API requests, MCP tool calls, dialer ticks, log lines associated with your account.

We do NOT collect: location data, device identifiers beyond standard request metadata, browsing behavior outside the ClaudeCall app, or anything via third-party tracking pixels.

How we use the data

  • Providing the Service. Making calls, generating transcripts, billing, the Claude-based MCP integration, the web app.
  • Improving call quality. Script generation, classifier tuning, voice-agent behavior research. We aggregate and anonymize where possible.
  • Fraud and abuse prevention. Detecting unauthorized API key usage, abusive calling patterns, suspected DNC violations.
  • Support requests. Responding to questions, resolving issues, debugging things on your behalf.

We do NOT use your lead lists, transcripts, or recordings to train third-party models or sell data to advertisers.

Third-party data sharing

We use the following sub-processors. Each has its own privacy policy.

We do not share your data with anyone outside this list except (a) when required by law (subpoena, court order), or (b) in connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case we'll provide notice.

Data retention

  • Call recordings are retained for 90 days after the call (Retell's default retention).
  • Transcripts are retained indefinitely for product improvement and your historical reference.
  • Account data is retained as long as your account is active.

You may request deletion at any time via amabilerealty@gmail.com. We'll process deletion within 30 days. Some data may persist in encrypted backups for up to 60 additional days before being permanently expunged.

Your rights

You have the right to:

  • Access all data we hold about you.
  • Export your data in a machine-readable format (JSON).
  • Delete your account and all associated data.
  • Correct inaccurate data on your account.
  • Object to specific uses of your data, subject to our ability to continue providing the Service.

To exercise any of these rights, email amabilerealty@gmail.com.

Security

  • TLS encryption for all data in transit.
  • Encryption at rest (managed by Supabase).
  • Row-Level Security policies enforce per-tenant isolation at the database level.
  • API keys are stored as random secrets and validated server-side; the auth middleware checks every authenticated request.

We don't currently offer SOC 2 or ISO 27001 attestations. We're a small operation. If you need formal compliance assurances for an enterprise contract, contact us.

Children's data

ClaudeCall is not intended for users under 18 and we do not knowingly collect data from minors. If you believe we have collected data from a child, contact us immediately and we'll delete it.

Changes to this policy

We'll update this Privacy Policy as our practices evolve. Material changes will be communicated by email and via in-app notification.

Contact

Privacy questions, data requests, or anything else: amabilerealty@gmail.com.