Privacy Policy

Dialfyne ("Dialfyne," "we," "us," or "our") is an AI automation agency headquartered in Vancouver, Washington. We provide AI Voice Agent services, AI Role Play for Sales training, and AI Automation systems for small and mid-sized businesses ("Clients") across the United States.

This Privacy Policy explains how we collect, use, disclose, and protect personal information about:

• Visitors to dialfyne.com
• Clients who purchase or use our services
• End Users — prospects, customers, and contacts of our Clients who interact with AI systems we deploy on our Clients' behalf

Please read this policy carefully. By using our website or services, you agree to the practices described here.

2.1 Information You Provide Directly

When you visit our website, request a consultation, or become a Client, we may collect:

• Name, business name, email address, phone number, and mailing address
• Job title and role
• Information submitted through contact forms, audit request forms, or booking tools
• Communications you send us via email, phone, or chat

2.2 Information Collected Through Our Services

When we deploy AI systems on behalf of our Clients, we may collect information about End Users, including:

• Voice data and call recordings: Our AI Voice Agent answers inbound calls on behalf of Clients. Calls are recorded, transcribed, and logged. Callers are notified of recording at the start of each call in compliance with applicable state law.
• Roleplay training data: AI Role Play sessions may collect participant names, email addresses, microphone audio, transcripts, scorecards, and session metadata. Avatar roleplays transmit realtime audio and avatar video through service providers so the participant can interact with a lifelike AI buyer.
• Contact information: Name, phone number, email address, and inquiry details captured during AI Voice Agent interactions.
• Appointment and scheduling data: Dates, times, and service type information submitted during AI-assisted booking flows.
• Email and SMS interaction data: Content and metadata from outbound and inbound emails and text messages sent through automated follow-up systems we operate on behalf of Clients.
• CRM data: Lead status, interaction history, and notes logged into Client CRM systems through automation workflows.
• Form submission data: Information submitted through web forms integrated with Client automation systems.

2.3 Information Collected Automatically

When you visit dialfyne.com, we automatically collect:

• IP address and approximate geographic location
• Browser type, device type, and operating system
• Pages visited, time on site, and referring URLs
• Interaction data (clicks, scrolls, form engagement)
• Cookie identifiers and tracking pixels (see our Cookies Policy)

2.4 Information From Third Parties

We may receive information about you from:

• Website intelligence tools: Our website uses visitor identification technology, including Apollo.io and RB2B, to recognize business visitors and enrich contact data for sales outreach purposes.
• Google Ads: Conversion tracking data from Google Ads campaigns.
• Stripe: Payment processing records. We do not store full payment card numbers. Stripe's privacy policy governs payment data.
• Client-connected integrations: When Clients connect their calendar, CRM, or other business systems to our automation workflows, we process data from those platforms as directed by the Client.

We use personal information for the following purposes:

To provide and operate our services

• Deploying, maintaining, and improving AI Voice Agents, Role Play platforms, and automation systems
• Operating realtime AI roleplays, including optional avatar experiences for sales training
• Booking appointments, sending follow-up communications, and logging leads on behalf of Clients
• Processing payments through Stripe

To communicate with you

• Responding to inquiries and consultation requests
• Sending onboarding, support, and account communications
• Sending service updates, invoices, and policy notices

To market our services

• Identifying prospective Clients through website visitor tracking (Apollo.io and RB2B)
• Running and measuring paid advertising campaigns (Google Ads)
• Sending outbound sales emails or messages to business contacts identified as potential Clients

To improve our services

• Analyzing call recordings and interaction data to improve AI performance
• Monitoring system performance and diagnosing technical issues
• Conducting internal research and product development

To comply with legal obligations

• Complying with applicable federal and state law, including call recording disclosure requirements
• Responding to lawful requests from government authorities

Our AI Voice Agent records all calls it handles on behalf of Clients. We comply with applicable state call recording laws as follows:

• In one-party consent states, calls are recorded with the consent of the AI agent acting on behalf of the Client.
• In two-party (all-party) consent states, including California, callers are notified of recording at the start of each call before any substantive conversation begins.

Call recordings and transcripts are:

• Stored securely and accessible to the Client and Dialfyne
• Used to generate call summaries, train AI performance, and support Client operations
• Retained for a period of 12 months unless a Client requests earlier deletion or a longer retention period is contractually agreed

AI Role Play sessions may be voice-only or avatar-based. Avatar sessions use realtime streaming technology to send the participant's microphone audio to Dialfyne's AI systems and to display an AI avatar back to the participant. In the current version, Dialfyne does not store participant webcam video and does not score eye contact, posture, or camera presence.

When operating automation systems on behalf of Clients, Dialfyne may send emails, SMS messages, and voicemail drops to End Users (prospects and customers of our Clients). These communications are sent on behalf of and under the authority of the Client. The Client is responsible for ensuring they have appropriate consent to contact their prospects and customers under applicable law, including the Telephone Consumer Protection Act (TCPA) and CAN-SPAM Act.

If you have received a communication from a Dialfyne-powered system and wish to opt out, you may:

• Reply STOP to any SMS message
• Click the unsubscribe link in any email
• Contact the business that originally collected your information

We do not sell personal information. We may share information in the following circumstances:

With Clients

We share End User data we collect on a Client's behalf directly with that Client for their business operations.

With service providers

We engage trusted vendors who process data on our behalf, including providers of:

• Cloud database and backend infrastructure services
• Cloud hosting and deployment infrastructure
• AI voice processing and telephony services
• Realtime audio/video infrastructure and AI avatar rendering services, including LiveKit and TruGen when avatar roleplays are enabled
• Workflow and business process automation services
• Sales outreach and contact enrichment platforms
• Stripe (payment processing)
• Google (analytics and advertising)
• Apollo.io and RB2B (website visitor identification and sales intelligence)

The specific vendors we use may change as our technology evolves. All vendors are contractually required to use data only as directed by us and to maintain appropriate security measures.

For legal compliance

We may disclose information when required by law, subpoena, court order, or to protect the rights, safety, or property of Dialfyne, our Clients, or others.

In a business transaction

If Dialfyne is involved in a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

Dialfyne is a business headquartered in the United States and serves Clients primarily in North America. However, if you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland — or if EU data protection law otherwise applies to you — this section explains your rights and how we comply with the General Data Protection Regulation (GDPR) and the UK GDPR.

7.1 Data Controller

For the personal data we collect about Visitors and Clients of dialfyne.com, Dialfyne is the Data Controller. For personal data we process about End Users on behalf of our Clients (such as call recordings, contact information, and CRM data), our Client is the Data Controller and Dialfyne acts as a Data Processor.

If you are an End User and wish to exercise your privacy rights, please contact the Client (the business whose AI system you interacted with) in the first instance. We will assist our Clients in responding to your request as required by our Data Processing Agreement.

7.2 Legal Basis for Processing

We process personal data under the following legal bases:

• Contractual necessity: To provide Services to our Clients and fulfill our obligations under our Terms of Service.
• Legitimate interests: To analyze website usage, improve our Services, detect and prevent fraud, and conduct B2B sales outreach to business contacts. We balance these interests against your rights and provide opt-out mechanisms for non-essential tracking.
• Consent: For visitors in the EEA, the United Kingdom, and Switzerland, we obtain opt-in consent through our cookie preference banner before loading any non-essential cookies or tracking technologies (Google Analytics, Google Ads, Apollo.io, and RB2B). For visitors in the United States and other regions, analytics and advertising technologies (Google Analytics and Google Ads) also load only after consent, while sales-intelligence technologies (Apollo.io and RB2B) may load by default under our legitimate business interest; in all regions you may opt out at any time using Cookie Settings in the site footer or the Cookies Policy.
• Legal obligation: To comply with applicable law, including tax, accounting, and call recording disclosure requirements.
• Vital interests: In rare cases, to protect the safety of individuals in emergencies.

7.3 Your Data Subject Rights

If GDPR or the UK GDPR applies to you, you have the following rights:

• Right to Access: You may request a copy of the personal data we hold about you and confirmation that we are processing it.
• Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
• Right to Erasure ("Right to Be Forgotten"): You may request deletion of your personal data where there is no overriding legal or legitimate reason for us to continue processing it.
• Right to Restrict Processing: You may request that we suspend processing of your personal data in specific circumstances, such as while we verify the accuracy of data you dispute.
• Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format, and transfer it to another controller where technically feasible.
• Right to Object: You may object to our processing of your personal data based on legitimate interests, including direct marketing and profiling. You may also object to processing for scientific or historical research purposes.
• Right to Withdraw Consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. To withdraw cookie consent, adjust your preferences through Cookie Settings in the site footer or contact us directly.
• Right Not to Be Subject to Automated Decision-Making: We do not engage in automated decision-making (including profiling) that produces legal or similarly significant effects on individuals.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days of receiving a verifiable request. We may need to verify your identity before processing your request.

7.4 International Data Transfers

Dialfyne is headquartered in the United States. Personal data collected through our website and Services is stored and processed in the United States using cloud infrastructure provided by Supabase (based in the United States) and other service providers.

When personal data is transferred from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards including the adequacy decision where applicable, or Standard Contractual Clauses (SCCs) approved by the European Commission. We ensure that all subprocessors and service providers who receive personal data are contractually bound to protect it in accordance with GDPR requirements.

For a current list of our subprocessors and their locations, contact us at the email above.

7.5 Data Processing Agreement (DPA)

For Clients who are Data Controllers under GDPR and use Dialfyne to process personal data on their behalf, we offer a Data Processing Agreement (DPA) that supplements our Terms of Service. The DPA incorporates the EU Standard Contractual Clauses where required and governs how we process, secure, and delete End User data.

To request a copy of our DPA, contact us at [email protected].

7.6 Supervisory Authority

If you believe we have infringed your rights under GDPR or the UK GDPR, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EEA, you may contact the supervisory authority of your country of residence.

7.7 Our Representative in the UK

Under the UK GDPR, non-UK controllers must designate a UK representative. As of the date of this policy, Dialfyne does not maintain a UK representative. If you are in the UK and have a privacy concern, please contact us directly using the contact information in Section 14.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: We do not sell personal information. We do share certain data (such as website identifiers) with advertising platforms including Google Ads and visitor intelligence tools including Apollo.io and RB2B. California residents may opt out of this sharing by adjusting their cookie preferences or contacting us.
• Right to Limit Use of Sensitive Personal Information: We collect voice recordings, which may constitute sensitive personal information under California law. You may request that we limit the use of this data to purposes necessary to provide our services.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.

To submit a California privacy request, contact us at: [email protected]

We will respond within 45 days of receiving a verifiable consumer request. We may need to verify your identity before processing your request.

We retain personal information for as long as necessary to fulfill the purposes described in this policy, including:

• Client account data: Duration of the Client relationship plus 3 years
• Call recordings and transcripts: 12 months from date of recording
• End User contact data: 24 months from last interaction, unless a Client requests deletion or extended retention
• Website analytics data: 26 months (Google Analytics default)
• Payment records: 7 years (for tax and accounting compliance)

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

• Encrypted data transmission (TLS/HTTPS)
• Encrypted data storage via Supabase
• Access controls limiting data access to authorized personnel
• Regular security reviews and vendor assessments

No security measure is perfect. In the event of a data breach that creates a material risk to your rights, we will notify affected parties as required by applicable law.

Our services are intended for business use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us and we will delete it promptly.

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify Clients directly. Continued use of our services after changes take effect constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Dialfyne

Vancouver, Washington

Email: [email protected]

Phone: +1 (971) 375-4740