Legal

Privacy Policy

Last Updated: February 27, 2026

1. Introduction

Welcome to CallingMate ("we," "our," or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use our AI Receptionist services via our website, callingmate.com.

2. Information We Collect

  • Account Information: Name, email address, and business details provided during signup.
  • Telephony Data: Phone numbers connected to our service and call logs/transcripts processed by our AI.
  • Payment Information: Billing details processed securely by Stripe (we do not store credit card numbers).

3. Google API Data Access and Usage (The "What" and "Why")

If you choose to connect your Google Calendar to CallingMate, we access the following data:

  • Calendar Events: We read your calendar events to determine your availability.
  • Booking Creation: We may create events on your calendar when a caller books an appointment via your AI Assistant.

We use this data solely to:

  • Enable the AI Assistant to check your availability in real-time.
  • Schedule appointments requested by callers.

To provide our core scheduling features, CallingMate requests explicit permission to access your Google Calendar via OAuth. We only request the minimum necessary scopes required for the application to function:

  • https://www.googleapis.com/auth/calendar.readonly (or calendar.events.readonly): Used strictly to read your calendar events for real-time availability detection.
  • https://www.googleapis.com/auth/calendar.events: Used strictly to create, update, or delete calendar events when an appointment is booked, rescheduled, or canceled by callers through the CallingMate service.

4. Strict Limited Use Policy

CallingMate's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

To be entirely explicit about our data practices regarding your Google Workspace and Calendar data:

  • No Advertising: We do not use your data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • No Selling or Profiling: We do not sell your calendar data, nor do we build user profiles for third parties.
  • No Unrelated Analytics: We do not use your calendar data for any analytics unrelated to the direct scheduling functionality of the app.
  • Purpose Limitation: Data is used exclusively to provide and improve the user-facing scheduling features of the CallingMate application.

5. Data Processing, Storage, and Token Handling

We process and store your Google data with the utmost strictness regarding minimization:

  • Temporary Storage: Calendar data is stored temporarily on our servers only for the duration necessary to perform active scheduling tasks. We do not store permanent copies of full calendar events unless explicitly required and saved for active app functionality.
  • Secure Token Handling: Google OAuth tokens are stored securely, used exclusively to access calendar data for the app's core functionality, and are never shared with third parties.
  • Third-Party Boundaries: Any third-party infrastructure providers who process data on our behalf are contractually obligated to implement equivalent security standards and are strictly prohibited from using your data for any purpose outside of providing the CallingMate service.

6. Data Security and Protection Mechanisms

We utilize industry-standard technical and organizational measures to secure your sensitive data:

  • Encryption in Transit: All data transmitted between your device, our servers, and Google APIs is encrypted using industry-standard Transport Layer Security (TLS 1.2 or higher).
  • Encryption at Rest: Sensitive user data, including stored OAuth tokens and cached calendar information, is encrypted at rest on our servers using advanced standards (AES-256).
  • Secure Infrastructure: Our application and databases are hosted on secure, compliant cloud infrastructure (e.g., AWS / Google Cloud / Azure) that utilizes firewalls, network isolation, and continuous monitoring to prevent unauthorized access.
  • Access Controls: Internal access to sensitive user data is strictly limited to authorized personnel and automated systems on a "need-to-know" basis. We enforce strict Role-Based Access Control (RBAC) and mandate Multi-Factor Authentication (MFA) for all administrative access.
  • Incident Response: In the unlikely event of a data breach involving your personal or Google user data, we will promptly notify affected users in accordance with applicable laws.

7. Strict Rules on Human Access

We maintain a strict "No Unauthorized Human Access" policy. We will not allow any human to read your Google Calendar data unless:

  • We have your explicit, affirmative agreement for specific records (e.g., to resolve a user-initiated support ticket).
  • It is necessary for security purposes, such as investigating abuse.
  • It is required to comply with applicable law.
  • It is required for the app's internal operations, and even then, only when the data has been strictly aggregated and anonymized.

8. User Control, Revocation, and Deletion

You retain total control over your data at all times:

  • Revoking Access: You may revoke CallingMate's access to your Google Calendar at any time via your Google Account permissions page at myaccount.google.com.
  • Data Deletion: Upon revocation of access or closure of your CallingMate account, we will cease accessing your calendar, automatically remove all stored OAuth tokens, and delete any cached calendar data within 30 days.
  • Manual Requests: You may also manually request the complete deletion of your data at any time by contacting our support team at support@callingmate.com.

9. How We Share Information

To provide our AI voice services, we share necessary data with the following trusted infrastructure providers:

  • Voice AI Providers: For processing voice conversations and generating AI responses.
  • Telephony Providers: For telephony and call routing.
  • Stripe: For payment processing.

These partners are strictly prohibited from using your data for any purpose other than providing the service.

10. Data Retention

We retain call logs and transcripts for as long as your account is active to provide you with history and analytics. You may request deletion of your data at any time by contacting support.

11. Contact Us

If you have questions about this policy, please contact us at: