Effective Date: May 14, 2026 Last Updated: May 14, 2026 Privacy Contact: privacy@tryansa.ai Security Contact: security@tryansa.ai Mailing Address: Ansa LLC, c/o [REGISTERED AGENT NAME], [STREET ADDRESS], [CITY], [STATE] [ZIP], United States Privacy Lead / DPO Equivalent: Ansa Privacy Team Legal Entity: Ansa LLC ("Ansa," "we," "us," or "our")
This Privacy Policy explains how Ansa collects, uses, discloses, retains, and protects personal information through our AI voice-agent SaaS platform, website, dashboard, demo line, onboarding, support, billing, and related services (the "Service").
Ansa provides AI-powered inbound call answering, lead qualification, appointment booking, CRM/calendar synchronization, owner notifications, and related analytics for U.S. businesses.
1. Scope and Roles
1.1 Who this Policy covers
This Policy applies to personal information we process about:
- Callers who call a Customer using Ansa.
- Demo-line callers who call Ansa's public demo line.
- Business customers and their personnel.
- Website and dashboard users.
- Ansa operators and platform personnel.
1.2 Customer-call role allocation
For calls to a Customer's business line, the Customer is generally the "controller," "business," or equivalent entity that determines why caller personal information is collected and used. Ansa acts as the Customer's "processor," "service provider," or equivalent entity for call handling, transcription, booking, CRM/calendar synchronization, storage, support, security, and related operational processing.
1.3 Ansa-controlled processing
Ansa is the controller/business for demo-line caller data, Ansa website and marketing data, Customer account/billing/support relationship data, Ansa personnel/operator data, security and audit-log data, legal/compliance records, Flagged Retained Transcripts (see § 7.1 and § 13), and de-identified or aggregated analytics.
Demo-line caller data is not covered by a Customer data processing agreement unless a prospect becomes a customer and affirmatively agrees to link demo data to the customer account.
1.4 CRM and calendar integrations
If a Customer enables a CRM, calendar, or scheduling integration, Ansa transmits booking data to the Customer's selected system. That provider is selected and controlled by the Customer and processes data under the Customer's own account terms.
1.5 Supplemental Notices and Consent Prompts
Certain features may have additional notices or consent prompts, including for transcription, AI disclosure, SMS messaging, demo calls, integrations, future outbound features, or optional analytics. Those feature-specific notices are incorporated into this Policy.
1.6 Key compliance posture
- U.S.-focused. Ansa is designed for U.S. businesses and U.S. callers and is not currently marketed as a GDPR-targeted service.
- Inbound-only, transcription-only. Ansa is contractually and operationally scoped to inbound calls to a Customer. The Service does not capture or store audio recordings of calls in Ansa's own systems; real-time audio is streamed to Ansa's AI provider to enable conversation and transcription, and no audio file is captured, retained, or made available for replay by Ansa. Ansa's primary AI provider (OpenAI OpCo, LLC) may retain API inputs and outputs, including audio-derived content, for up to 30 days for abuse and misuse monitoring unless a longer period is required by law, with any human review limited to abuse and misuse investigation; Ansa itself stores no call-audio file. Ansa is not designed, authorized, or supported for outbound telemarketing, outbound autodialed calls, prerecorded-voice campaigns, or other outbound calling activity regulated by the Telephone Consumer Protection Act, 47 U.S.C. § 227, and its implementing rules at 47 C.F.R. § 64.1200. Businesses are responsible for their own TCPA, DNC, and state telemarketing compliance for any outbound outreach they conduct using data delivered by Ansa.
- Not HIPAA, Not Financial Services, Not Regulated Advice. Ansa is not designed for healthcare, legal, financial, medical, emergency-response, 911, dispatch, or regulated-advice use unless covered by a separate written agreement (including a HIPAA Business Associate Agreement, 45 C.F.R. § 164.504(e)). AI-generated responses, summaries, classifications, and booking outputs may be inaccurate, incomplete, or contain hallucinations and should not be relied on as professional advice, emergency guidance, or a substitute for Customer review.
- No emergency or life-safety use. Ansa is not an emergency-response, 911, or dispatch service. If you are experiencing a medical, fire, gas, life-safety, or other emergency, hang up and dial 911 or your local emergency number. Callers should not rely on Ansa, any AI assistant response, any Customer notification, or any booking confirmation as a substitute for emergency services. Ansa does not guarantee that emergency-classified calls will be routed, transferred, or escalated in any specific time frame.
- No sale or behavioral advertising. Ansa does not sell personal information or share it for cross-context behavioral advertising.
- Transcripts. Ansa creates transcripts to operate the Service and discloses transcription where appropriate.
2. Notice at Collection for Telephone Calls
Many callers interact with Ansa only by phone and may not visit Ansa's website before information is collected. Ansa therefore uses or provides Customer-configurable in-call disclosures designed to provide oral notice at or before collection. For California, CCPA regulations recognize that telephone notice may be provided orally — 11 CCR § 7012(c)(5).
A standard call notice may state:
"Thank you for calling [Business Name]. This call is being answered by an AI assistant. We may collect your name, phone number, address, and service request to help schedule service. This call will be transcribed for booking accuracy, quality assurance, and dispute resolution. If you do not wish to continue, please hang up or request a human callback."
3. Categories of Personal Information We Collect
3.1 Caller personal information
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, phone number, caller ANI, callback number, address | Caller, telecom provider, Customer |
| Contact information | Phone number, address, email if provided | Caller, Customer, CRM |
| Call content | Spoken service request, issue, appointment preferences, questions, emergency details | Caller |
| Audio data | Live call audio streamed to the AI provider during the call; not recorded or retained by Ansa; the AI provider (OpenAI) may retain audio-derived content for up to 30 days for abuse and misuse monitoring unless longer retention is required by law | Call audio stream |
| Transcript data | Speech-to-text transcript, call summary, extracted fields | AI transcription / voice runtime |
| Booking data | Appointment date/time, service category, address, notes, assigned team or calendar entry | Caller, Customer configuration, CRM |
| Metadata | Call time, duration, outcome, transfer status, spam/emergency classification, area-code-to-state inference | Voice runtime, telecom/RTC providers, Ansa systems |
| SMS metadata | Recipient phone number, message status, STOP/HELP status | Platform; Telnyx |
| CRM/calendar sync logs | Whether booking data was sent to Customer systems | Platform; integration |
| Inferences/classifications | Booked/not booked, emergency, spam, duplicate, out-of-scope, service category, lead outcome | AI system and Ansa logic |
| Consent and audit data | Disclosure played, recording setting, timestamp, call-flow logs | Voice runtime and audit logs |
3.2 Demo-line caller personal information
If you call Ansa's public demo line, we may collect the same categories above, plus business name, email, interest level, signup intent, or marketing opt-in. Demo-line data is controlled by Ansa, not by a Customer.
3.3 Business customer personal information
| Category | Examples |
|---|---|
| Business identifiers | Business name, DBA, industry, service area, primary operating state, website, hours, services |
| Owner/admin information | Owner name, email, mobile phone, login credentials, emergency transfer number |
| Business contact information | Business address, public phone number, service territory |
| Billing information | Stripe customer ID, subscription status, invoices, billing address, payment token; Ansa does not store raw card numbers, CVV, or full bank-account credentials |
| Stripe-collected verification data | Tax ID, SSN, KYC/KYB details if required by Stripe; Ansa generally does not receive raw values |
| CRM/calendar configuration | CRM type, calendar settings, OAuth tokens, API credentials, booking fields |
| Business configuration | Services, FAQs, routing rules, disclosure settings |
| ROI/reporting inputs | Average job value, close rate, missed-call assumptions |
| Support/onboarding records | Emails, support tickets, setup notes, operator-review notes |
| Audit logs | Account changes, credential rotations, exports, deletion events, admin access events |
3.4 Operator and Platform-Team Information
For Ansa personnel and authorized operators, we collect names, emails, login credentials, roles, access permissions, audit-log entries, support activity, and security-event data.
3.5 Website, dashboard, and technical data
We collect IP address, browser and device information, authentication cookies and session tokens, page views, dashboard events, referral URL, login timestamps, security logs, support form content, and request metadata. Application logs are designed not to include caller PII.
3.6 Telecommunications Metadata
Ansa receives telecommunications metadata such as call timestamps, caller and recipient numbers, duration, routing status, SMS delivery status, and carrier-related delivery information. Ansa is not a telecommunications carrier and does not treat call data as CPNI under 47 U.S.C. § 222.
3.7 Sensitive Personal Information
Sensitive personal information may include address, live voice audio (not recorded or retained by Ansa; the AI provider may retain audio-derived content for up to 30 days for abuse and misuse monitoring unless longer retention is required by law), call content, CRM credentials, account login data, payment metadata, and information a caller voluntarily discloses about health, disability, family, safety, or emergency circumstances. Ansa uses sensitive personal information only to provide the Service, maintain security, comply with law, prevent fraud, support businesses, and carry out disclosed business purposes. We do not use it for cross-context behavioral advertising.
3.8 Biometric Information and Voiceprints
Voice recordings, voiceprints, speaker features, or biometric identifiers may be regulated under:
- Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq.;
- Texas Capture or Use of Biometric Identifier law, Tex. Bus. & Com. Code § 503.001;
- Washington biometric identifier law, RCW 19.375.
Ansa does not create, store, or use speaker-identification profiles, speaker embeddings, voiceprints, or biometric authentication templates to identify or authenticate callers in the ordinary operation of the Service. Ansa does not capture or retain audio recordings in its own systems (see § 1.6); real-time audio is streamed to Ansa's AI provider during the call, and the AI provider may retain audio-derived content for up to 30 days for abuse and misuse monitoring unless longer retention is required by law.
Whether the transient acoustic features computed by the AI provider during real-time speech-to-text and response generation constitute the creation of a regulated biometric identifier under BIPA, Texas CUBI, Washington biometric privacy law, or analogous statutes is an unsettled question of law. Ansa monitors guidance and case law in this area and will update this Policy and the Service to address material developments.
The Service is not designed for, and Ansa's Acceptable Use Policy prohibits, biometric identification, speaker verification, authentication, profiling, or voiceprint creation.
4. Sources of Personal Information
We collect personal information from callers; telephony and communications providers; businesses; Customer CRMs, calendars, scheduling systems, and knowledge bases; subprocessors and service providers; website and dashboard interactions; public or inferred sources such as area-code-to-state lookup; Stripe; support communications; and Ansa operators during onboarding, support, debugging, account administration, or incident response.
5. Purposes for Processing Personal Information
5.1 Purposes by category
| Personal Information Category | Business / Commercial Purposes |
|---|---|
| Caller identifiers and contact information | Answer calls, identify caller, create callback record, book appointments, route calls, support Customer follow-up |
| Address and service details | Determine service area, qualify request, book appointment, route emergency or out-of-scope calls, create CRM/calendar record |
| Call audio | Enable real-time AI voice interaction; not recorded or retained by Ansa; the AI provider may retain audio-derived content for up to 30 days for abuse and misuse monitoring unless longer retention is required by law |
| Transcripts and call summaries | Operate the AI assistant, extract booking fields, support Customer review, prompt and classifier iteration (§ 7.1), resolve disputes, support rights requests |
| Booking data | Create calendar/CRM records, notify Customer, schedule service, support customer follow-up |
| Call metadata | Reliability, routing, spam detection, abuse prevention, analytics, reporting, troubleshooting, security |
| Inferences/classifications | Classify call outcome, emergency status, spam, duplicate, booked/not booked, service category, lead status |
| Consent and disclosure logs | Demonstrate disclosure events and comply with AI-disclosure and privacy obligations |
| Customer account data | Account administration, onboarding, configuration, support, authentication, billing, cancellation, legal compliance |
| Billing data | Subscription management, invoices, payment processing, tax/accounting, fraud prevention |
| CRM/API credentials | Connect Customer systems, create bookings, synchronize data, maintain integrations |
| Website and dashboard data | Authentication, security, session management, analytics, support, abuse prevention |
| Operator/admin data | Access control, audit trails, support, security, compliance, workforce administration |
| De-identified and aggregated data | Product analytics, benchmarking, reliability, service improvement, abuse prevention |
5.2 Transcription
Transcription is necessary to operate the Service. Ansa's operational posture is to disclose AI involvement and transcription status at call start (§ 6.1) and to honor caller jurisdiction-specific disclosure obligations through the state-aware disclosure waterfall implemented in the voice runtime.
5.3 Quality assurance, support, and call review
Ansa operators may review transcripts, metadata, and configuration records for onboarding, weekly call review, debugging, support, quality assurance, dispute resolution, and security. Access is limited and logged.
5.4 Done-for-you onboarding
Ansa onboarding may include operator-assisted configuration of prompts, call flows, routing, integrations, and testing using Customer-provided data and test calls.
5.5 ROI and dashboard metrics
Ansa may display operational metrics such as calls answered, bookings created, emergency calls flagged, owner notifications sent, average call duration, and estimated opportunity value. ROI metrics are estimates and not guarantees of revenue, profit, bookings, close rate, or business outcome.
No booking-accuracy warranty. Appointments, service categories, addresses, times, and booking fields captured, classified, or transmitted by the AI assistant may be inaccurate, incomplete, misheard, or misclassified. Ansa does not guarantee that any booking will be correctly captured, synced to a Customer CRM or calendar, received by the Customer, or fulfilled. Businesses are responsible for reviewing, confirming, and correcting bookings before relying on them for service delivery.
5.6 Legal compliance and safety
We process personal information to comply with legal obligations, respond to lawful requests, investigate abuse, prevent fraud, handle security incidents, enforce contracts, defend claims, and comply with tax/accounting, privacy, breach-notification, telecommunications, and consumer-protection obligations.
6. AI, Automated Processing, and Human Review
6.1 AI disclosure
Ansa uses generative AI and speech-to-speech systems to conduct real-time voice conversations. We disclose at the start of each call that callers are speaking with an AI assistant via a state-aware disclosure waterfall (per-DID override → ANI area-code-to-state inference → default), with separate scripts maintained for jurisdictions with explicit AI-disclosure obligations (currently California and Illinois) and a default script for all other jurisdictions.
6.2 California and other AI transparency laws
California's online bot disclosure law, Cal. Bus. & Prof. Code §§ 17940–17943, focuses on certain online bot interactions on large platforms. Regardless, Ansa's transparency posture is to disclose that callers are speaking with an automated AI assistant.
Cal. Pub. Util. Code § 2874 (as amended by AB 2905 (2022)) addresses outbound automatic dialing-announcing device calls and is not the primary authority for inbound calls to a Customer.
California AB 2013 [now Cal. Bus. & Prof. Code § 22757 et seq., effective January 1, 2026] imposes training-data transparency obligations on developers of certain generative AI systems. Ansa currently uses third-party AI models rather than publishing a general-purpose foundation model.
6.3 Automated call classifications
Ansa may classify calls as booked, not booked, emergency, spam, duplicate, out-of-scope, after-hours, service category, or transfer required. These classifications support intake, routing, Customer notification, reporting, and support. They do not produce legal or similarly significant effects for callers.
If Ansa later uses automated processing to deny service, determine eligibility, set prices, materially affect access to essential services, or make legally significant decisions, we will update this Policy and provide applicable rights and review mechanisms.
6.4 Human review
If you believe an Ansa-powered call was misclassified, mishandled, incorrectly marked as spam, incorrectly treated as an emergency, or incorrectly summarized, you may request human review by contacting privacy@tryansa.ai or the Customer whose line you called.
For Customer-controlled calls, Ansa may coordinate with the Customer as controller. We will avoid unnecessary disclosure of your identifying information to the Customer unless needed to process the request, authorized by you, or permitted by law.
6.5 No emergency or life-safety use
No emergency or life-safety use. Ansa is not an emergency-response, 911, or dispatch service. If you are experiencing a medical, fire, gas, life-safety, or other emergency, hang up and dial 911 or your local emergency number. Callers should not rely on Ansa, any AI assistant response, any Customer notification, or any booking confirmation as a substitute for emergency services. Ansa does not guarantee that emergency-classified calls will be routed, transferred, or escalated in any specific time frame.
7. AI Training, Service Improvement, and Model Restrictions
7.1 Ansa's training and service-improvement posture
Ansa shall not train, fine-tune, retrieval-augment, or otherwise use Customer Personal Data — including transient caller audio, transcripts, transcripts after redaction if the redacted record remains linkable to an individual, SMS bodies, and other Customer Content — to develop Ansa-owned models, third-party models, speaker-identification models, biometric-identifier models, or cross-customer AI systems, except with the Customer's express written authorization and, where required by law, caller consent.
Ansa may use the following data, and only the following data, to improve the Service:
- De-identified data, aggregated data, operational metrics, prompt-performance metrics, classifier-accuracy metrics, and non-identifying service data;
- Transcripts retained during the 30-day operational window (§ 13), for the purpose of identifying edge cases where the AI agent mis-classified an intent, missed a booking field, mishandled a caller, or otherwise underperformed, and for updating Ansa's prompts, call flows, classification rules, and tool descriptions in response; and
- Specific transcripts that Ansa has designated for retention beyond the 30-day operational window for ongoing prompt and classifier iteration ("Flagged Retained Transcripts"). At the time of designation, caller name, phone number, and address are redacted from the transcript, and the resulting redacted record is retained as Ansa-controlled data.
The Service improvement described above is product engineering with data — review, analysis, and revision of prompts and classifier rules by Ansa personnel — and does not include training, fine-tuning, retrieval-augmenting, or otherwise developing AI models. Ansa does not sell caller data and does not use identifiable caller transcripts for third-party advertising.
7.2 Third-party AI providers
Ansa's primary AI subprocessor is OpenAI OpCo, LLC (United States), accessed via the OpenAI API (Realtime API or successor models/services) for real-time speech processing and response generation. Ansa's contractual posture with OpenAI is governed by the OpenAI Data Processing Addendum (v.010126, effective January 1, 2026), together with the OpenAI Business/Services terms and Usage Policies, each as in force at the time of processing.
By default, OpenAI does not use Ansa's API inputs or outputs (including system instructions, prompts, cached content, uploaded files, and generated responses) to train or improve OpenAI's models. OpenAI may retain API inputs and outputs, including audio-derived content, for up to 30 days for abuse and misuse monitoring, unless a longer retention period is required by law; any human review is limited to abuse and misuse investigation by authorized OpenAI personnel and confidentiality-bound contractors, and is not used for product improvement. This posture is contingent on Ansa's OpenAI organization operating under OpenAI's API and business terms and not opting into data sharing. OpenAI offers customer-selectable data residency for certain services; Ansa has not currently enabled a region-pinned configuration, so prompts, outputs, and audio-derived content may be processed by OpenAI outside any particular U.S. region for the purpose of providing the service, including for abuse monitoring, safety review, and infrastructure operations, in accordance with OpenAI's published terms.
As a standby/failover AI subprocessor, Ansa may use Google LLC via the Gemini API on paid (billed) services, which processes call audio and conversation text only if and while OpenAI is unavailable. On Google's paid services, Google does not use Ansa's prompts or responses to train or improve Google's products, logs prompts and responses only for a limited period solely to detect and prevent policy violations and maintain security, and does not subject paid-services API content to human review for product improvement, under Google's processor Data Processing Addendum.
Ansa does not state that OpenAI, Google, or any AI provider guarantees "U.S.-only processing," "no retention," or "no logging" beyond what is supported by the applicable provider's terms in force at the time of processing. Where a provider amends its terms in a way that materially weakens this posture, Ansa will surface the change to business customers per DPA § 10.3.
7.3 Demo-line data and AI improvement
Demo-line data may be reviewed for a short period to evaluate and improve the demo experience. Demo-line data is not converted into customer-controlled data unless the prospect signs up and affirmatively agrees to link the demo record, or unless another lawful basis applies.
8. Voice, Biometric, and Transcription Posture
8.1 No audio recording
The Service does not capture, store, or play back audio recordings of calls in Ansa's own systems. Real-time audio is streamed to Ansa's AI provider to enable conversation and transcription; no audio file is captured, retained, or made available for replay by Ansa. Ansa's primary AI provider (OpenAI) may retain audio-derived content for up to 30 days for abuse and misuse monitoring unless longer retention is required by law. Ansa generates transcripts to operate the Service, extract booking details, create summaries, and maintain operational records.
8.2 Transcript-as-recording posture
Because some state laws may treat transcription or AI processing of live audio similarly to recording, Ansa's conservative posture is to disclose AI involvement and transcription in the opening prompt and treat transcripts as potentially regulated call content for disclosure, retention, and breach-notification purposes, even though no audio is retained.
8.3 Heightened jurisdictions and AI disclosure
Certain states impose heightened notice, consent, or no-secret-recording requirements that may apply to transcription regardless of whether audio is retained:
- California — Cal. Penal Code §§ 631, 632, 632.7; all-party consent for confidential communications.
- Connecticut — Conn. Gen. Stat. § 52-570d; consent or specified warning/notification mechanisms.
- Delaware — 11 Del. C. § 2402(c)(4); 11 Del. C. § 1335(a)(4).
- Florida — Fla. Stat. § 934.03(2)(d); all-party consent.
- Illinois — 720 ILCS 5/14-2(a); 740 ILCS 14/15(b).
- Maryland — Md. Code Ann., Cts. & Jud. Proc. § 10-402(c)(3); all-party.
- Massachusetts — Mass. Gen. Laws ch. 272 § 99; commonly framed as a prohibition on secret recording.
- Montana — Mont. Code Ann. § 45-8-213(1)(c); hidden-recording prohibition with warning concept.
- New Hampshire — N.H. Rev. Stat. Ann. § 570-A:2, I; all-party.
- Pennsylvania — 18 Pa. C.S. § 5704(4); all-party with narrow business-extension exceptions.
- Washington — RCW 9.73.030(3); permits consent through certain announcement mechanisms.
Ansa's runtime disclosure waterfall (§ 6.1) addresses the AI-disclosure side of these regimes; the question of whether transcription-without-recording is itself a regulated act remains unsettled.
8.4 Biometric privacy
Ansa's architecture is not designed to enroll callers for speaker recognition, authenticate callers by voiceprint, or maintain persistent voiceprint databases. Some AI and speech systems may compute transient audio features or embeddings during speech processing. If Ansa ever creates or stores voiceprints or biometric identifiers for identification, authentication, or persistent recognition, Ansa will update this Policy and implement legally required notices, consents, retention schedules, and deletion practices.
9. Categories of Recipients and Third Parties
9.1 Businesses
For calls to a Customer, caller data is disclosed to the Customer whose business line was called. The Customer is responsible for its own use of the information after receiving it.
9.2 Service providers, processors, and subprocessors
We use service providers and subprocessors to host, transmit, store, process, secure, bill, and deliver the Service. The current authoritative subprocessor list is maintained at https://tryansa.ai/subprocessors. The list below is a snapshot as of this Policy's effective date and may be superseded by the public list for material subprocessor additions that occurred after publication.
| Provider / Category | Purpose | Data Processed | Region / Notes | Role |
|---|---|---|---|---|
| Telnyx | SIP voice, phone numbers, SMS, DID provisioning, A2P 10DLC support, telecom routing | Transient audio stream (in transit only), phone numbers, SMS body and recipients, call metadata | Primarily U.S.; downstream telecom routing may involve carriers globally. Telnyx's role as processor / independent controller is governed by the Telnyx DPA in force at Ansa's account, which Ansa retrieves and reviews at least annually. | Processor for Ansa for platform services; Telnyx may also act as independent controller per its DPA |
| OpenAI OpCo, LLC (OpenAI API / Realtime API) | Primary real-time AI voice processing, speech-to-speech, transcription, response generation | Live audio (audio-derived content may be retained by OpenAI up to 30 days for abuse and misuse monitoring unless longer retention is required by law), prompts, call context, generated responses, tool parameters | No training on API data by default; customer-selectable residency offered but not currently enabled by Ansa, so abuse-monitoring, support, and infrastructure operations may process data outside any particular U.S. region per OpenAI's published terms | Processor / subprocessor; governed by the OpenAI Data Processing Addendum (v.010126) and OpenAI's Business/Services terms and Usage Policies |
| Google LLC (Gemini API) — standby/failover | Standby/failover real-time AI voice processing, speech-to-speech, transcription, response generation, used only if and while OpenAI is unavailable | Call audio and conversation text processed only during failover; prompts, call context, generated responses, tool parameters | Paid (billed) services; no training on API data; limited logging solely for policy-violation detection and security; may process data outside any particular U.S. region per Google's published terms | Processor / subprocessor; governed by Google's processor Data Processing Addendum |
| LiveKit Cloud | RTC/WebRTC bridge between SIP and voice runtime; media transport | Audio stream relay, room metadata, session state, connection metadata | U.S.-region configuration where available | Processor |
| Supabase | Postgres database, auth, storage, edge functions | Caller PII, transcripts, Customer data, audit logs, credentials | U.S.-East configuration for Ansa database/storage | Processor |
| Stripe | Subscription billing and payments | Customer billing details, payment tokens, invoices, subscription state, KYC/KYB | U.S. and Stripe-designated locations | Processor for billing data; independent controller for certain payment-network functions |
| Resend | Transactional email | Recipient email, subject, body, export-link notices, support emails | Vendor-defined infrastructure and routing | Processor |
| Vercel | Web app hosting and CDN | HTTP metadata, edge logs, deployment data; Ansa designs logs to minimize or redact PII | Global edge/CDN | Processor |
| The Campaign Registry / A2P 10DLC ecosystem | SMS brand and campaign registration | Customer brand and campaign registration data; no caller PII intended | U.S. | Regulatory / carrier compliance registry; not a caller-content subprocessor |
Conditional / planned subprocessors
The following providers are not active in Ansa's processing footprint as of this Policy's effective date but may be added later. Ansa will update this list and the public Subprocessor List before activation.
| Provider | Purpose if activated | Status |
|---|---|---|
| Sentry or equivalent error-monitoring provider | Error metadata, stack traces, request metadata (PII redaction by design); diagnostic monitoring | Planned / not active |
9.3 Customer-Directed Destinations (Calendar, CRM, scheduling)
When a Customer enables a calendar, CRM, or scheduling integration, the Customer instructs Ansa to transmit booking data to a system the Customer selected, authorized, connected, and controls. These are Customer-Directed Destinations, not Ansa subprocessors. Ansa has no Data Processing Addendum or controller-processor relationship with these vendors; the Customer's own agreement with each provider governs the data after delivery.
After Ansa delivers booking data to a Customer-Directed Destination, the Customer and that vendor's terms govern processing, retention, deletion, security, and the Customer's responses to data subject requests. Ansa remains responsible for Ansa's own systems and sync logs up to the API boundary.
9.4 Independent controllers and regulated recipients
Some recipients may act as independent controllers or regulated entities for limited purposes, including telecom carriers for routing, Stripe for payment-network functions, and OpenAI for trust, safety, abuse monitoring, and legal obligations under applicable terms.
9.5 Telecommunications Providers and Carriers
Phone calls and SMS messages necessarily pass through telecommunications carriers and network providers. Originating carriers, terminating carriers, Telnyx, and other network entities may process call metadata and communications traffic for billing, routing, fraud prevention, spam prevention, network security, legal compliance, and regulatory purposes.
9.6 Legal, safety, and compliance recipients
We may disclose personal information to courts, regulators, law enforcement, professional advisers, auditors, insurers, acquirers, or counterparties where required or reasonably necessary for legal claims, compliance, security, safety, corporate transactions, or enforcement. Where legally permitted, Ansa will attempt to notify the relevant Customer or affected user before disclosing information.
9.7 Business transfers
If Ansa is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be disclosed or transferred as part of that transaction, subject to applicable law.
9.8 De-identified and aggregated data
Ansa may use and disclose aggregated, anonymized, de-identified, redacted, or pseudonymized data for analytics, security, benchmarking, product improvement, and business reporting. Where Ansa treats data as de-identified under California law, Ansa commits to maintain and use it in de-identified form, not attempt re-identification except as permitted, and require recipients to do the same. This commitment is intended to align with Cal. Civ. Code § 1798.140. Ansa does not represent that all redacted or pseudonymized data is legally "anonymous" in every jurisdiction.
10. Sale, Sharing, Targeted Advertising, and Opt-Out Signals
Ansa does not sell caller personal information, share caller personal information for cross-context behavioral advertising, or use caller personal information for targeted advertising.
We disclose caller information to businesses, subprocessors, and Customer-selected systems to provide call handling, booking, support, security, and service delivery. We do not treat those operational disclosures as a sale or targeted-advertising share.
If Ansa later engages in targeted advertising, sale, or cross-context behavioral advertising involving personal information, we will update this Policy and provide required opt-out mechanisms before or at the time required by law.
Where required, we honor legally recognized opt-out preference signals, including Global Privacy Control, in the web context. Voice calls generally do not transmit browser-based opt-out signals.
11. Cookies, Tracking, and Website Privacy
We use essential cookies and similar technologies for authentication, session management, account security, CSRF protection, fraud prevention, dashboard operation, and Stripe checkout. For website performance and reliability monitoring, Ansa uses a privacy-conscious analytics product that does not use third-party tracking cookies and does not share personal information with advertising networks. We do not use cookies for behavioral or targeted advertising.
Because there is no uniform technical standard for "Do Not Track," we respond to legally recognized opt-out preference signals where required, including GPC where applicable.
12. Sensitive Personal Information
Depending on state law, Ansa may process sensitive personal information such as live voice audio (not recorded or retained by Ansa; the AI provider may retain audio-derived content up to 30 days for abuse and misuse monitoring unless longer retention is required by law), call transcripts, address, account credentials, payment metadata, or voluntarily disclosed health, family, safety, or emergency details. Ansa does not intentionally collect device GPS, knowingly collect children's data, or create voiceprints for identification.
Where applicable, you may have the right to limit use or disclosure of sensitive personal information. Ansa uses such information only for permitted operational, security, legal, and service-delivery purposes unless we provide additional notice and obtain required consent.
13. Data Retention Schedule
Ansa retains personal information only as long as reasonably necessary for the purposes described in this Policy, subject to legal, security, backup, dispute, audit, accounting, subprocessor, and compliance requirements.
| Data Type | Retention Period | Legal Basis | Deletion Mechanism |
|---|---|---|---|
| Caller full PII in operational call records | 30 days from call by default | Call handling, booking, support, dispute resolution, privacy-rights support | Scheduled deletion |
| Caller transcripts with full PII | 30 days from call by default | Booking accuracy, operational review, support, dispute resolution | Scheduled deletion at 30 days; transcripts not flagged for retention are permanently deleted |
| Flagged Retained Transcripts (Ansa-controlled, redacted) | Indefinite unless deletion required or re-identification risk too high | Prompt and classifier iteration (§ 7.1); product improvement; not used for AI model training | Caller name, phone, address redacted at the time of designation; stored as Ansa-controlled data; subject to no-reidentification commitment |
| Call audio | Not recorded or retained by Ansa; the AI provider may retain audio-derived content up to 30 days for abuse and misuse monitoring unless longer retention required by law | Real-time AI conversation | No Ansa-side retention; audio is streamed to the AI provider during the call; provider-side abuse-monitoring retention up to 30 days unless longer required by law |
| Call metadata | Indefinite in aggregated/de-identified form | Analytics, reliability, abuse prevention, Customer reporting | Aggregation, removal of direct identifiers, deletion where legally required |
| AI disclosure event logs | 5 years by default; longer if legal hold or incident requires | Compliance evidence, AI-disclosure defense, dispute resolution | Audit-log lifecycle; legal-hold override |
| Routine operational/admin audit logs without caller content | 3 years | Security, accountability, troubleshooting, internal controls | Log expiration and deletion |
| Privacy-rights, export, deletion, consent, subprocessor-change, compliance-event logs | 5 years | Compliance evidence, dispute resolution, regulatory defense | Tiered audit-log retention |
| Confirmed breach / incident investigation records | 7 years or duration of legal hold | Incident response, regulatory defense, legal claims | Incident-record archive deletion after retention/legal-hold release |
| Customer account data | Subscription term + 30-day post-cancellation export grace period, then deletion subject to exceptions | Account administration, service delivery, export period | Account deletion workflow after grace period |
| Customer CRM/API credentials | Until revoked, rotated, integration disabled, or account deletion | CRM/calendar integration | Supabase Vault deletion and credential revocation |
| Customer billing records | As required for tax, accounting, fraud, chargeback, legal obligations; generally up to 7 years | Billing, tax/accounting, fraud prevention, legal compliance | Stripe-controlled retention plus local reference deletion |
| Payment method data | Stored by Stripe; Ansa stores token/reference only | Payment processing | Managed by Stripe |
| Support tickets and onboarding notes | Subscription term + up to 3 years after closure unless legal hold | Support history, dispute resolution, training, compliance | Support-system retention policy |
| Demo-line full PII | 0–3 day full-PII review window; deleted thereafter; deleted/de-identified by 30 days unless caller signs up or affirmatively consents to longer retention | Demo evaluation, prompt improvement, prospect follow-up | Automated deletion at 3 days; deletion/de-identification by 30 days |
| Website authentication/session logs | 30–180 days depending on log type | Security, fraud prevention, session integrity | Log expiration |
| Application logs | 30–180 days; no caller PII by design | Debugging, security, reliability | Log expiration and redaction |
| Backups | Typically 30–90 days depending on system | Disaster recovery and business continuity | Backup expiration/lifecycle deletion |
| De-identified or aggregated analytics | Indefinite | Product analytics, benchmarking, reliability, service improvement | Maintained without direct identifiers; deletion if de-identification no longer sufficient |
| Legal hold records | Until hold is lifted | Litigation, regulatory investigation, subpoena, legal obligation | Manual release by counsel or authorized legal reviewer |
Ansa uses a tiered retention approach. Exact retention periods may change as Ansa's legal, insurance, accounting, and security requirements mature.
13.1 De-identified data commitments
For de-identified data, Ansa publicly commits that it will take reasonable measures to prevent linkage to a particular consumer, household, or device; maintain safeguards prohibiting re-identification; not attempt re-identification except to test safeguards where permitted by law; and contractually require recipients to maintain de-identification where required.
13.2 Deletion limitations
Deletion requests may be limited where data has already been de-identified, aggregated, transmitted to a Customer-controlled CRM, retained in backups pending expiration, retained by subprocessors under their own obligations, designated as a Flagged Retained Transcript (which is no longer Customer Personal Data after redaction), or preserved under legal hold. Deleted data may remain in encrypted backups for a limited backup-retention period until overwritten or purged. We do not restore deleted data from backups except for disaster recovery, security, or legal reasons.
14. Your Privacy Rights
Depending on your state, relationship with Ansa, and whether statutory thresholds are met, you may have rights to:
| Right | What It Means |
|---|---|
| Access / Know | Request confirmation and a copy or categories of personal information processed |
| Delete | Request deletion, subject to exceptions |
| Correct | Request correction of inaccurate personal information |
| Portability | Request a portable copy of personal information |
| Opt out of sale/share | Opt out of sale or cross-context behavioral advertising sharing |
| Opt out of targeted advertising | Opt out of processing for targeted advertising |
| Opt out of profiling | Opt out of profiling that produces legal or similarly significant effects |
| Limit sensitive PI | Limit use/disclosure of sensitive personal information |
| Revoke consent | Revoke consent where processing is based on consent |
| Appeal | Appeal a denied request where state law provides an appeal right |
| Non-discrimination | Not be discriminated against for exercising privacy rights |
Appeal rights vary by state. The Utah Consumer Privacy Act, Utah Code § 13-61-203, and the Iowa Consumer Data Protection Act, Iowa Code ch. 715D, do not provide a statutory appeal right. Where Ansa offers an appeal path to residents of those states, it does so as a voluntary commitment, not as a statutory right.
14.1 How callers should exercise rights
For calls to a Customer's business line, the Customer is generally the controller/business. You should first contact the Customer whose line you called. You may also contact Ansa at privacy@tryansa.ai.
14.2 Demo-line callers
If you called Ansa's demo line, Ansa is the controller/business. Submit privacy requests directly to privacy@tryansa.ai.
14.3 Business customers
Businesses may submit account privacy requests through the dashboard, support channel, or privacy@tryansa.ai.
14.4 Verification
We may verify your identity using information reasonably matched to the request, such as phone number, approximate call date/time, name, address, service request details, account email, Customer business name, or one-time verification code. If the 30-day operational retention period has passed, Ansa may no longer have enough identifiable call data to verify or fulfill some caller requests.
14.5 Response timing
Most U.S. state comprehensive privacy laws require Ansa or the Customer to respond to a verifiable consumer request within 45 days, with most laws permitting a 45-day extension upon notice. CCPA — Cal. Civ. Code § 1798.130 — follows this 45+45 framework. The Iowa Consumer Data Protection Act — Iowa Code § 715D.3 — is a notable exception with a 90-day response window and no statutory extension. Ansa's operational default is to acknowledge within 10 business days and respond substantively within 45 days unless a state-specific shorter or longer window applies.
14.6 Authorized agents and appeals
You may use an authorized agent to submit a request, subject to proof of identity and authority. If we deny your request and your state law provides an appeal right, you may appeal by emailing privacy@tryansa.ai with the subject line "Privacy Appeal."
14.7 Non-discrimination
We will not discriminate against you for exercising privacy rights. We will not deny services, charge different prices, or provide a different quality of service solely because you exercised a legal privacy right. Some requests may affect Ansa's or a Customer's ability to provide the requested service.
15. State-Specific Privacy Disclosures
15.1 California
California residents may have rights under CCPA/CPRA — Cal. Civ. Code §§ 1798.100–1798.199.100 — to know, access, delete, correct, port, opt out of sale/share, limit use of sensitive personal information, and be free from discrimination. California's private right of action under Cal. Civ. Code § 1798.150 is limited to specific categories of data breach involving unencrypted personal information. Most CCPA claims are enforced by the California Attorney General or California Privacy Protection Agency, not by private plaintiffs. Ansa does not sell or share caller personal information for cross-context behavioral advertising.
15.2 Other State Privacy Laws
Residents of other U.S. states may have rights under comprehensive privacy laws, subject to statutory thresholds, exemptions, and controller/processor role allocation. These rights generally include access, correction, deletion, portability, and opt-out of sale, targeted advertising, or certain profiling.
State privacy laws setting forth these rights include:
- Texas — Texas Data Privacy and Security Act, Tex. Bus. & Com. Code ch. 541. Enforcement by the Texas Attorney General; no private right of action beyond applicable law.
- Florida — Digital Bill of Rights, Fla. Stat. §§ 501.701–501.722. Applies only to controllers meeting significant thresholds (>$1B global gross annual revenues plus other criteria).
- Oregon (ORS 646A.570)
- Montana — Montana Consumer Data Privacy Act, Mont. Code Ann. §§ 30-14-2801 et seq. Statutory cure period sunset April 1, 2026 per Mont. Code Ann. § 30-14-2816(3).
- Iowa (Iowa Code ch. 715D)
- Indiana (Ind. Code § 24-15)
- Tennessee (Tenn. Code Ann. § 47-18-3201)
- Virginia (Va. Code Ann. § 59.1-575)
- Colorado (Colo. Rev. Stat. § 6-1-1301)
- Connecticut (Conn. Gen. Stat. § 42-515)
- Utah (Utah Code Ann. § 13-61-101)
- New Hampshire (N.H. Rev. Stat. Ann. § 350-D:1)
- New Jersey (N.J.S.A. 56:8-166.1)
- Delaware (Del. Code Ann. tit. 6, § 12D-101)
Ansa's contractual privacy protections may exceed the minimum obligations applicable to some small businesses.
16. Children's Privacy
Ansa is not directed to children under 13 and does not knowingly collect personal information from children under 13. The Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506, and the FTC's COPPA Rule, 16 CFR Part 312, govern this area. If we learn that we have collected personal information from a child under 13 without required consent, we will delete it or obtain appropriate parental consent.
Some state laws provide special protections for minors under 16 or 18, including limits on sale, targeted advertising, profiling, and sensitive-data processing. Ansa does not sell or share caller data for targeted advertising and does not design the Service for children.
17. International Transfers and Data Residency
Ansa is designed for U.S.-based businesses and U.S.-based callers. Our primary infrastructure is configured in U.S. regions where available. A candidly disclosed transfer consideration in Ansa's processing footprint is the third-party AI provider. Ansa's primary AI provider, OpenAI, offers customer-selectable data residency for certain services, but Ansa has not currently enabled a region-pinned configuration; accordingly, prompts, outputs, and audio-derived content may be processed by OpenAI outside any particular U.S. region for abuse monitoring, support operations, infrastructure failover, and certain processing functions. Ansa's standby/failover AI provider, Google, may likewise process data outside any particular U.S. region under its published terms. Other subprocessors may also operate global networks for support, abuse-monitoring, failover, or security purposes.
Ansa does not guarantee strict "U.S.-only processing" unless that guarantee is expressly included in a signed customer agreement and supported by written subprocessor commitments.
If Ansa processes EU/UK or other non-U.S. personal data, additional safeguards may be required, including GDPR/UK GDPR processor terms, Standard Contractual Clauses, transfer impact assessments, and supplementary measures. Ansa is not currently marketed as a GDPR-targeted product.
If your business requires verified U.S.-only processing, contact privacy@tryansa.ai before using Ansa.
18. Security Measures
Ansa uses administrative, technical, and organizational safeguards designed to protect personal information, including TLS 1.2+ encryption in transit; encryption at rest through infrastructure providers; tenant scoping and Supabase Row-Level Security by account_id; role-based and least-privilege access controls; encrypted secrets management for CRM credentials; audit logging; PII-redacted structured logging; default-delete of operational transcripts at 30 days; subprocessors subject to contractual data-processing terms where available; incident-response procedures; retention/deletion workflows; access review; and confidentiality obligations.
No system is perfectly secure. We cannot guarantee that unauthorized access, loss, misuse, or disclosure will never occur. Ansa has not completed SOC 2 Type II at MVP and is pursuing SOC 2 Type II audit readiness.
If you believe data has been compromised, contact security@tryansa.ai or privacy@tryansa.ai.
19. Breach Notification
If Ansa confirms a security breach affecting Customer-controlled caller data, Ansa will notify the affected Customer without undue delay and, where feasible, no later than 48 hours after Ansa confirms the breach, consistent with DPA § 15.1. Where Ansa has formed a reasonable suspicion of a Personal Data Breach but has not yet confirmed it, Ansa will use commercially reasonable efforts to notify the Customer of the suspicion within 72 hours of forming the suspicion for breaches involving (a) undeleted transcripts, (b) CRM credentials or other access tokens in Ansa's vault, (c) payment-card data or financial-account credentials, or (d) more than 100 affected end-user records.
The Customer is generally responsible for determining whether notices to callers, regulators, or others are required, unless Ansa is the controller for the affected data.
For demo-line callers, website users, Customer account data, and other data for which Ansa is the controller, Ansa will notify affected individuals and regulators as required by applicable law.
State-specific timing. Breach-notification deadlines vary by state and by breach type. California Civil Code § 1798.82 requires notice at the most expedient time possible and without unreasonable delay. California AG notice is required for qualifying breaches affecting more than 500 California residents. Other states have varying breach-notification timing requirements; Ansa will provide notice within the period required by applicable state law. Requirements depend on the data affected, risk of harm, encryption status, number of residents, law-enforcement delay, and whether Ansa is acting as controller or processor.
Encryption safe harbor. Some state breach-notification laws include safe harbors or exceptions for encrypted data where encryption keys were not compromised. Where applicable state law provides such a safe harbor, Ansa will evaluate eligibility based on the facts of the incident, including whether keys, credentials, or access controls were compromised.
Law-enforcement delay. We may delay notification if a law-enforcement agency determines that notice would impede an investigation.
For breach-notification purposes, call transcripts containing names, phone numbers, addresses, service details, or voice content captured before transcript deletion are treated as personal information if they can identify or reasonably be linked to a person.
20. Government and Law-Enforcement Requests
We require valid legal process for disclosure of call content, transcripts, account data, and customer data, unless an emergency or law requires otherwise. Where legally permitted, we will notify the Customer or affected person before disclosing data in response to a government request. We may challenge overbroad or improper requests.
21. SMS, Marketing, and Communications Choices
Ansa may send transactional SMS messages, such as booking confirmations, reminders, call summaries, owner notifications, or service-related notices. If you receive SMS messages from Ansa or an Ansa-powered number, you may reply STOP to opt out or HELP for help information.
Ansa may send businesses product updates, onboarding messages, newsletters, and offers. Businesses may unsubscribe from marketing emails using the unsubscribe link or by contacting privacy@tryansa.ai. We will still send essential service communications. We do not send marketing SMS to callers unless separately authorized. Owner SMS notifications are transactional messages to business users.
Marketing opt-outs may take up to 10 business days to process.
22. Demo-Line Privacy Notice
22.1 Role
For demo-line calls, Ansa is the controller/business. No Customer controls demo-line data unless the caller later becomes a customer and affirmatively agrees to link the demo record.
22.2 Data collected
We may collect name, phone number, business details stated during the demo, service interest, transient voice audio, transcript, call summary, call metadata, and follow-up preferences.
22.3 Purpose
We use demo-line data to demonstrate Ansa, evaluate demo quality, improve the demo prompt and call experience, detect abuse, respond to follow-up requests, and determine whether the caller wishes to become a customer.
22.4 Retention
Demo-line full-PII data is retained for a 3-day review window, then deleted, and deleted or de-identified by 30 days unless the caller signs up or affirmatively consents to further contact.
22.5 Demo disclosure script
"You are calling Ansa's demo line. You are speaking with an AI assistant. We may transcribe this demo call to improve the demo and follow up with you. Please do not share sensitive information. We retain identifiable demo information briefly and delete or de-identify it unless you sign up or ask us to keep it."
22.6 Demo-to-customer conversion
Demo data will not automatically become Customer-controlled data. If a demo caller signs up, Ansa may ask whether to link the demo record to the new account.
23. Account Closure and Data Export
Businesses may cancel through the mechanism described in the Terms of Service. After cancellation, Ansa provides a 30-day grace period for data export. After the grace period, Ansa purges Customer-controlled operational data, except audit logs, billing records, legal records, security records, Flagged Retained Transcripts (which are Ansa-controlled data after redaction), de-identified analytics, backups pending ordinary expiration, data subject to legal hold, data retained by subprocessors under their own obligations, and data already transmitted to Customer-selected CRMs or calendars. After purge, data may not be recoverable.
24. Subprocessor Changes
Ansa maintains its subprocessor list at https://tryansa.ai/subprocessors. For material new or replacement subprocessors that process Customer-controlled caller data, Ansa's contractual standard is to provide at least 30 days' advance notice where feasible, with a reasonable objection process, subject to emergency exceptions.
Most U.S. state privacy laws that apply to controller/processor relationships require written processor contracts and subprocessor flow-down obligations (e.g., Cal. Civ. Code § 1798.140), but do not specify a uniform numeric advance-notice period.
Businesses may object by contacting privacy@tryansa.ai. If Ansa cannot reasonably address the objection, the Customer may cancel according to the Terms of Service.
25. Accessibility
You may request this Policy in an alternative format by contacting privacy@tryansa.ai.
26. Complaints and Dispute Resolution
If you have a privacy concern, contact privacy@tryansa.ai. We aim to acknowledge privacy complaints within 10 business days and provide a substantive response within 30 days. If you disagree with our response, you may appeal by emailing privacy@tryansa.ai with "Privacy Appeal" in the subject line.
You may also contact your state attorney general or the Federal Trade Commission at reportfraud.ftc.gov. For California, you may contact the California Privacy Protection Agency or California Attorney General.
Ansa has not adopted an external dispute-resolution provider for privacy complaints at MVP. If Ansa later adopts one, this Policy will be updated.
27. Changes to This Policy
We may update this Policy from time to time and will update the "Last Updated" date above. For material changes — such as new categories of personal information, new sensitive-data uses, new subprocessors with material data access, materially different retention periods, new AI-training uses, new biometric-identification uses, expansion outside the United States, or new sale, sharing, or targeted advertising practices — we will provide advance notice by email, in-app notice, website notice, or other reasonable means before the change takes effect. Ansa monitors its AI providers' sub-processor lists — OpenAI's at https://platform.openai.com/subprocessors, and Google's for the standby/failover path — including their respective change-notification and objection windows, and will surface material downstream changes to business customers accordingly.
Non-material changes, such as clarifications, formatting, typo corrections, or contact updates, may take effect when posted. We will maintain prior versions or version history as required for compliance.
28. Contact Information
Privacy Requests: privacy@tryansa.ai Security Reports: security@tryansa.ai General Support: hello@tryansa.ai Mailing Address: Ansa LLC, c/o [REGISTERED AGENT NAME], [STREET ADDRESS], [CITY], [STATE] [ZIP], United States Privacy Lead / DPO Equivalent: Ansa Privacy Team