← Back
Français →

Privacy Policy

Effective date: 2026-05-06 · Last updated: 2026-05-06

1. Who we are

Callara ("Callara", "we", "us") is a software-as-a-service operated from Quebec, Canada. We provide an AI phone receptionist platform that small and medium businesses use to answer their inbound calls. Our designated person responsible for the protection of personal information under the Quebec Act respecting the protection of personal information in the private sector (Loi 25) can be reached at privacy@callara.ca.

2. Two kinds of users, two kinds of data

Callara has two distinct categories of users, and we collect different information from each:

  • Customers — small/medium businesses that subscribe to Callara to answer their calls. We collect business name, owner email, business hours, services, prices, knowledge-base content, and billing information.
  • End callers — people who phone a Callara customer's business line. We collect the caller's phone number, the audio of the call, the transcript, any message they leave, and any details they share during the conversation (name, address, appointment requests, etc.).

3. What we collect

3.1 From Customers

  • Account info: business name, owner email, password hash, plan tier
  • Configuration data: hours, service area, services and pricing, voice/greeting, escalation rules, knowledge sources you upload or link
  • Billing info: handled by Stripe (we do not store card numbers); we receive billing metadata such as plan, invoices, tax info
  • Usage telemetry: minutes used, call counts, dashboard navigation events

3.2 From End Callers

  • Caller phone number (CLI / Caller ID, where transmitted)
  • Audio recording of the call
  • Speech-to-text transcript
  • Any information the caller shares with the AI (name, address, appointment details, service requests, payment intent)
  • Approximate language used during the call

4. Why we collect it (purposes)

  • Operate the service — answering calls and providing transcripts to the Customer
  • Quality monitoring — detecting hallucinations and improving prompts
  • Billing — measuring minutes used and generating invoices
  • Customer support and account administration
  • Legal compliance and fraud prevention
  • Aggregate, de-identified analytics to improve product features

5. Legal basis (Loi 25 + PIPEDA)

Under Loi 25 we rely on the consent obtained by our Customers from their callers (the customer-business is the controller of caller data; Callara processes on their behalf). Callara also relies on legitimate interest for service operation, security, and fraud prevention to the extent permitted by Canadian privacy law.

6. Data residency

Callara operates its database in Canadian data center regions (Supabase ca-central-1). Some sub-processors (including Vapi for voice orchestration, Anthropic for the language model, Cartesia for text-to-speech, and Twilio for telephony) may process data in the United States. By using Callara, our Customers acknowledge and instruct us to transfer call data to these sub-processors solely to deliver the service.

7. Sub-processors

We rely on the following sub-processors to deliver Callara:

  • Supabase Inc. — database + auth (Canada region)
  • Vapi Inc. — voice orchestration
  • Anthropic, PBC — language model inference (Claude Haiku 4.5)
  • Cartesia Inc. — text-to-speech voices
  • ElevenLabs Inc. — text-to-speech voices (optional, premium)
  • Deepgram Inc. — speech-to-text (delivered through Vapi)
  • Twilio Inc. — telephony / phone numbers
  • Stripe Inc. — billing and payments
  • Resend, Inc. — transactional email
  • Cal.com Inc. — calendar booking (Scale tier and above)
  • Vercel Inc. — application hosting and edge network
  • OpenAI, L.L.C. — text embedding for retrieval-augmented generation only

8. How long we keep data

  • Call audio: 90 days, then deleted unless the Customer extends retention
  • Call transcripts: retained while the Customer is active; deleted on request or 90 days post-cancellation
  • Customer account data: retained while the Customer is active; deleted on request or 90 days post-cancellation
  • Billing records: retained 7 years per Quebec accounting law
  • Aggregate, de-identified analytics: retained indefinitely

9. Your rights (callers and customers)

You have the right to access, rectify, port, and delete personal information we hold about you, and to withdraw consent. To exercise any of these rights, email privacy@callara.ca. We respond within 30 days. Callers can also exercise these rights against the business that operates the line they called.

10. Security

Callara encrypts data in transit (TLS) and at rest (AES-256 via Supabase). Access to production systems requires multi-factor authentication. Sensitive integration tokens are encrypted at the application layer with libsodium before being stored.

11. Recording disclosure

Callara records inbound calls. Quebec is a one-party consent jurisdiction for recordings made by a participant to the call, and the AI receptionist is a participant. Customers are responsible for any greeting customizations or jurisdictional disclosures that may be required for callers located outside Quebec. We strongly recommend including a disclosure in the greeting where multi-jurisdictional callers are expected.

12. Children

Callara is a B2B service and is not directed at children under 14.

13. Updates

We may update this policy from time to time. Material changes will be communicated to active Customers by email at least 30 days before they take effect.

14. Contact

privacy@callara.ca · Callara, Montreal, Quebec, Canada

Privacy Policy | Callara | Callara