Privacy Policy

This Privacy Policy explains how your personal data is collected, used, disclosed, and protected when you use Caplo, a platform developed and operated by Caplo.

Your privacy is important to us. This policy complies with applicable United States federal and state privacy laws, including the California Consumer Privacy Act (CCPA) where applicable, and other relevant data protection regulations.

We collect and process the following categories of personal data when you interact with Caplo:

1.1. Account Data

• Full name

• Email address

• Phone number

• Company name

• Country and language preferences

1.2. Payment and Financial Data

• Transaction details (top-up history, usage-based charges)

• Partial payment identifiers (via third-party processors)

• Invoices and billing data (required for tax and compliance)

Note: All payment data is processed by certified third-party providers in compliance with PCI-DSS standards. We do not store your credit card or bank information.

1.3. Usage and Communication Data

• Call duration, timestamp, routing metadata, and customer contact details

• Call recordings or audio files when recording is enabled for your workflow

• Call transcripts, AI-generated summaries, and extracted scheduling or lead details

• Message logs and delivery metadata for SMS and email

• Transactional account emails such as verification codes, password resets, billing receipts, and operational notices

• AI configuration settings (custom scripts, triggers, workflows)

1.4. Technical and Log Data

• Device and browser type

• IP address and geolocation (approximate)

• Operating system and session data

• Activity logs and interaction history

We use your data lawfully, fairly, and transparently for the following purposes:

• To provide, operate, and improve Caplo

• To authenticate your identity and manage account access

• To process payments and maintain your balance

• To detect and prevent fraud, misuse, or technical issues

• To respond to support requests and send service-related updates

• To deliver transactional emails such as account verification, password resets, billing confirmations, and service notices

• To monitor bounce, complaint, and suppression signals so we can protect deliverability and prevent abuse

• To analyze usage for performance and product improvements

• To comply with legal, tax, and regulatory obligations

We do not send optional marketing emails unless you have provided any consent required by applicable law. If we introduce optional promotional emails, they will include opt-out controls.

We do not use your data for automated decision-making or profiling unrelated to Caplo's intended service.

We process your personal data based on the following legal grounds:

• Contractual necessity: To fulfill our service obligations to you

• Legitimate interest: To monitor and maintain service performance

• Legal compliance: To fulfill tax, legal, and regulatory duties

• Consent: When required (e.g., for email marketing, optional cookies)

We do not sell, rent, or lease your data. However, we may share limited personal data with:

4.1. Third-Party Service Providers

• Payment processors (e.g., Stripe) to handle secure transactions

• Telecommunication and messaging providers for call routing, SMS delivery, transactional email delivery, bounce processing, and complaint handling

• If you connect your own Twilio account through Twilio Connect, delegated Twilio account identifiers and related provisioning metadata needed to operate the connected phone workflow

• AI, transcription, and workflow providers that help us generate call summaries, transcripts, and automations

• Cloud hosting and infrastructure services (e.g., AWS, Google Cloud) for application hosting, storage, security, and observability

4.2. Legal Authorities

• If required by law, court order, or regulatory investigation

• To protect the rights and safety of Caplo, users, or the public

All third parties are bound by contractual obligations to protect your data in accordance with this policy.

Your data is primarily stored and processed in the United States. If we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses where required

• Data processing agreements with international service providers

• Compliance with applicable cross-border data transfer regulations

We retain personal data based on necessity:

• For as long as your account is active

• Communications records such as recordings, transcripts, summaries, and transactional email logs only for as long as needed to provide the service, support support and dispute resolution, and satisfy legal obligations

• For legal compliance (e.g., accounting, tax) for up to 5 years

• For security, abuse prevention, and deliverability protection, including suppression records for bounce or complaint events, for up to 24 months after the relevant event unless a longer period is required by law

After this period, your data will be anonymized or securely deleted.

We take your data security seriously. Measures include:

• TLS/SSL encryption for all data in transit

• Access control and authentication for account and admin systems

• Firewall and intrusion detection systems

• Regular security audits and vulnerability assessments

Our team follows best practices in secure software development and GDPR-compliant data handling.

Under applicable privacy laws, you have the right to:

• Access your personal data

• Correct inaccurate or outdated data

• Request deletion of your data under certain conditions

• Restrict processing of your data

• Object to data processing based on legitimate interest

• Object to direct marketing or opt out of optional promotional communications where offered

• Withdraw consent at any time (where consent is the basis)

• Data portability – receive your data in a machine-readable format

• Lodge a complaint with the appropriate regulatory authority

California residents may have additional rights under the CCPA, including the right to know what personal information is collected and the right to opt-out of the sale of personal information.

To exercise your rights, email: [email protected]

Caplo is intended for use by businesses and individuals aged 18 and over. We do not knowingly collect data from minors. If we become aware of such data, it will be deleted promptly.

We may update this Privacy Policy from time to time to reflect:

• Legal changes

• Service updates

• Security enhancements

We will notify you of significant changes via email or in-app notification at least 7 days before changes take effect. The "Effective Date" at the top will be updated accordingly.

If you have questions or concerns about this policy or your personal data, please contact us:

Email: [email protected]

If you believe your data rights have been violated, you may contact the appropriate regulatory authority in your jurisdiction.