Privacy Policy

The party responsible for processing your data is AIFINEX OÜ (referred to as OZVA), a company established in Estonia. For any privacy-related request or question you can reach us at [email protected].

Account data: name, email, business name and login credentials.

Call data: audio recordings of inbound calls (stereo WAV), transcripts, caller number, call duration and timestamps.

Payment data: subscriptions and credit top-ups are processed through Stripe; we do not store your card details, only the payment references Stripe returns.

Usage and technical data: service usage, credit balance movements, IP address and log records.

We process data to provide the service and answer calls (performance of the contract), to bill and collect payment (contract and legal obligation), to improve the service and prevent abuse (legitimate interest), and to meet our legal obligations.

The service answers and records inbound calls. Informing callers that the call is recorded and obtaining any required consent is your responsibility as the business that is our customer. OZVA provides configurable voice notice and consent templates for this purpose.

Call recordings and transcripts are stored only against the relevant business account and are never shared with other businesses.

We use a limited set of trusted vendors to deliver the service: OpenAI (real-time call audio processing and transcription), Stripe (payments), Amazon Web Services (hosting, Frankfurt / eu-central-1), Cloudflare (network and security), Resend (email notifications), and — only if you connect it — Google Calendar (appointment booking).

These providers process data only on our behalf and under our instructions.

Some of our providers (e.g. OpenAI, Stripe) may process data outside the European Union, in the United States. Such transfers are carried out under appropriate safeguards such as standard contractual clauses.

We keep your account data for as long as your account is active. Call recordings and transcripts are retained while they remain accessible in your account; they are deleted on your request or when you close your account. Data subject to a legal retention obligation (e.g. invoice records) is kept for the relevant period.

Data is encrypted in transit and at rest. Each business account is logically isolated and only authorised personnel can access the data.

Under GDPR and Turkish KVKK you have the right to access, rectify, erase and export your data in a portable format, and to object to processing.

To exercise these rights, simply write to [email protected]; we respond within a reasonable time.

We do not use marketing or tracking cookies. We only keep a session token in your browser's local storage to keep you signed in.

We may update this policy from time to time. We will notify you of material changes; the current version is always published on this page.

For privacy questions: [email protected]