Privacy Policy

1. Introduction

Momentum Partners, MB (registration code: 307087007), operating as AI Receptionist ("we," "our," or "us"), provides the AI Receptionist platform at ai-receptionist-jade-one.vercel.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted)
• Business name and contact details

2.2 Business Data

To configure your AI receptionist, we collect:

• Business information (name, phone number, website URL, location)
• Knowledge base content (FAQ questions and answers)
• AI receptionist configuration (greeting, system prompt, voice selection)

2.3 Call Data

When your AI receptionist handles calls, we collect:

• Call recordings and transcripts
• Caller phone numbers
• Call duration and timestamps
• Call summaries generated by AI

2.4 Website Data

If you use our website analysis feature, we scrape publicly available content from the URL you provide to auto-generate your AI receptionist configuration. We do not scrape websites without your explicit request.

2.5 Google Account Data

If you connect Google Calendar, we access only the calendar data necessary to book and manage appointments on your behalf. We request the minimum scopes required:

• Google Calendar — read and write calendar events for appointment booking

We do not access, store, or share any other Google account data. You can revoke access at any time through your Google Account settings.

3. How We Use Your Information

We use collected information to:

• Provide, operate, and maintain the Service
• Configure and improve your AI receptionist
• Process and manage phone calls on your behalf
• Book appointments via connected calendar integrations
• Generate call logs, summaries, and analytics
• Send service-related communications
• Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate the platform:

• Vapi — Voice AI infrastructure for handling phone calls
• OpenAI — AI language model for generating responses
• Deepgram — Speech-to-text transcription
• ElevenLabs — Premium text-to-speech voices
• Supabase — Database and authentication
• Vercel — Application hosting
• Google APIs — Calendar integration
• Stripe — Payment processing

Each third-party service has its own privacy policy governing the use of your information. We only share the minimum data necessary for each service to function.

5. Data Storage & Security

Your data is stored securely using Supabase with row-level security (RLS) policies, ensuring that each user can only access their own data. We implement industry-standard security measures including:

• Encrypted data transmission (TLS/SSL)
• Encrypted passwords (bcrypt hashing)
• Row-level security on all database tables
• Secure API key management

6. Data Retention

We retain your data for as long as your account is active. Call recordings and transcripts are retained for 90 days unless you request earlier deletion. You may request deletion of your account and all associated data at any time by contacting us.

7. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by the GDPR:

• Contract performance (Art. 6(1)(b)) — to provide and operate the Service you subscribed to
• Legitimate interest (Art. 6(1)(f)) — to improve our Service, prevent fraud, and ensure security
• Consent (Art. 6(1)(a)) — for optional integrations such as Google Calendar access
• Legal obligation (Art. 6(1)(c)) — to comply with applicable laws and regulations

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

• Right of access (Art. 15) — obtain a copy of your personal data
• Right to rectification (Art. 16) — correct inaccurate or incomplete data
• Right to erasure (Art. 17) — request deletion of your personal data
• Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
• Right to restrict processing (Art. 18) — limit how we use your data
• Right to object (Art. 21) — object to processing based on legitimate interest
• Right to withdraw consent — revoke consent at any time (e.g., disconnect Google Calendar)

To exercise any of these rights, contact us at m.l.ceponis@gmail.com. We will respond within 30 days as required by the GDPR. If you believe your rights have been violated, you have the right to lodge a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (ada.lt).

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers (Vapi, OpenAI, Vercel, Stripe) operate. We ensure that such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider's participation in recognized data protection frameworks.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

13. Data Controller

The data controller responsible for your personal data is:

14. Contact Us

If you have questions about this Privacy Policy, contact us at:

m.l.ceponis@gmail.com