Privacy Policy

Effective Date: May 11, 2026 · Last Updated: May 11, 2026

This Privacy Policy explains how PhoneGal LLC (“PhoneGal,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with the PhoneGal service, including our website at phonegal.com, the customer dashboard, the AI receptionist telephony service, and related features (collectively, the “Service”). It applies to (a) the businesses and individuals who subscribe to or use the Service (“Customers”) and (b) the individuals whose calls are answered by the Service on a Customer’s behalf (“Callers”). This Privacy Policy is incorporated into our Terms of Service.

1. Our Role & Your Role

For Customer account information (such as billing details and dashboard credentials), PhoneGal is the “controller” (or business operator) of that information. For Caller information collected during calls answered on a Customer’s behalf, the Customer is the controller and PhoneGal acts as a “processor” or “service provider” under applicable law — we process that Caller information for the Customer and on the Customer’s instructions. Each Customer is responsible for providing its own privacy disclosures to Callers and for ensuring that the Customer has a lawful basis to record, transcribe, and process calls.

2. Information We Collect

a) Information you provide as a Customer

  • Account & contact information — name, email address, telephone number, business name, business address, role, and password.
  • Business profile content — business hours, services offered, pricing, scripts, FAQs, service area, integrations data, and other content you provide to configure the AI receptionist.
  • Billing information — payment method last-four digits, billing address, tax identifiers; full payment-card data is collected and stored by our payment processor (we do not store full card numbers on our systems).
  • Communications — messages you send to our support team, survey responses, and feedback.

b) Information collected from Callers during calls

  • Call audio recordings and transcripts generated during the call.
  • Caller-ID information made available by the telecommunications network (telephone number, carrier-provided name where available).
  • Call metadata — date, time, duration, ringing and connection events, hold time, disconnect reason, telephone numbers involved.
  • Information the Caller provides verbally in response to the AI receptionist’s prompts — for example, the Caller’s name, callback number, service address, nature of the request, and any information necessary to qualify or fulfill the inquiry.
  • DTMF (touch-tone) digits entered by the Caller.

c) Information collected automatically when you use our website or dashboard

  • Device & usage information — IP address, browser type and version, operating system, device identifiers, referring URL, pages viewed, time spent, clicks, scrolls, and errors encountered.
  • Cookies and similar technologies — see Section 6.

d) Information we receive from third parties

  • Subprocessors — telephony providers, AI model providers, payment processors, email providers, and analytics providers may share information with us about your use of, or the operation of, the Service.
  • Integrations you connect — if you connect a calendar, CRM, or other tool, we receive information from that service consistent with the permissions you authorize.

3. How We Use Information

We use the information described in Section 2 for the following purposes:

  • to provide, operate, secure, maintain, and support the Service, including to answer calls, generate AI responses, deliver lead summaries and notifications to the Customer’s authorized contacts, and synchronize with integrations;
  • to bill and collect fees, and to communicate with you about your account, plan, and billing;
  • to send you administrative messages, security alerts, and updates about the Service;
  • to provide customer support and respond to your inquiries;
  • to monitor, troubleshoot, and improve the performance, quality, and reliability of the Service, including on a de-identified or aggregated basis;
  • to detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service;
  • to comply with legal obligations, respond to lawful requests, and enforce our agreements; and
  • with your consent or as otherwise permitted by law, to send you marketing communications about new features (you can opt out at any time as described in Section 9).

AI training. We do not use Caller audio recordings, transcripts, or Caller-provided personal information to train artificial-intelligence models, and we require our AI-model Subprocessors to make commitments to the same effect (including no-train and zero-data-retention terms where available). We may use de-identified or aggregated information derived from the Service to evaluate, debug, and improve the Service, as permitted under applicable law (including the California Consumer Privacy Act’s service-provider and deidentification standards). We do not sell personal information.

5. How We Share Information

We do not sell personal information, and we do not share personal information with third parties for their own independent marketing purposes. We share information only as follows:

  • With the Customer. Caller information is delivered to the Customer (and to contacts the Customer designates) as the core purpose of the Service.
  • With Subprocessors who help us operate the Service under contractual confidentiality and data-protection obligations, including:
    • Telephony providers (e.g., Twilio) for call routing, recording, SMS, and number provisioning;
    • AI model providers (e.g., Anthropic) for generation of conversational responses;
    • Cloud-hosting and infrastructure providers for storage, compute, logging, and security;
    • Payment processors (e.g., Stripe) for billing;
    • Email and transactional-messaging providers for account, security, and notification messages;
    • Analytics, error-monitoring, and product-improvement providers.
  • For legal reasons — to comply with a subpoena, court order, or other valid legal process; to enforce our Terms; to investigate suspected fraud or violations; to protect the rights, property, or safety of PhoneGal, our users, or others; or as otherwise required by law.
  • In connection with a business transfer — if PhoneGal is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to commercially reasonable confidentiality protections.
  • With your consent — for any other purpose disclosed to you at the time of collection.

6. Cookies & Similar Technologies

We use cookies, local storage, pixels, and similar technologies on our website and dashboard to keep you signed in, remember preferences, measure performance, and understand how the Service is used. Cookies fall into the following categories:

  • Strictly necessary — required to operate the Service (for example, authentication and security);
  • Preferences — remember your settings, such as dark-mode preference;
  • Analytics — help us understand how the Service is used so we can improve it.

You can control cookies through your browser settings; however, disabling strictly necessary cookies may prevent the Service from functioning. We do not currently respond to “Do Not Track” signals because no industry standard for compliance has been finalized; we will reassess as standards evolve. Where required by applicable law (including the California Privacy Rights Act and analogous state laws), we honor the Global Privacy Control (GPC) signal as a valid request to opt out of the “sale” or “sharing” of personal information.

7. Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Typical retention periods include:

  • Customer account information — for the duration of the subscription, plus a reasonable period to allow for reactivation and to comply with tax and audit requirements (generally up to seven (7) years for billing records);
  • Call audio recordings — by default, up to ninety (90) days, unless your plan or configuration specifies otherwise;
  • Call transcripts and structured call data — by default, up to twelve (12) months, unless your plan or configuration specifies otherwise;
  • Server logs and analytics — typically up to ninety (90) days;
  • Backups — retained on a rolling basis (typically up to thirty (30) days) for disaster-recovery purposes.

When personal information is no longer needed, we will delete or de-identify it, except where retention is required by law or where deletion is technically infeasible (in which case we will isolate and protect it from any further use).

Post-termination retention. The retention periods listed above apply during your active subscription. Following termination of a subscription, the post-termination retention provisions in Section 13 of the Terms of Service control, except where a longer retention is required by law or by our standard backup cycle.

8. Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, and disclosure. These safeguards include encryption of data in transit (TLS), encrypted storage where applicable, role-based access controls, logging and monitoring, and vendor due diligence. No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorized use.

Security-incident notification. If we become aware of a security incident that has resulted, or is reasonably likely to result, in the unauthorized access, acquisition, disclosure, alteration, or loss of personal information, we will notify affected Customers without undue delay and in any event within the time required by applicable law (including, where applicable, the seventy-two (72) hour window under the European General Data Protection Regulation and the timelines under U.S. state breach-notification statutes). Notification will include the information required by applicable law and may be delivered by email to the address on file or by other reasonable means.

9. Your Rights & Choices

Subject to applicable law, you may have the right to:

  • access personal information we hold about you;
  • correct inaccurate or incomplete personal information;
  • delete personal information, subject to limited legal exceptions;
  • port personal information you provided to us, in a structured, machine-readable format;
  • restrict or object to certain processing;
  • withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing);
  • opt out of marketing communications by clicking “unsubscribe” in any marketing email or contacting us; and
  • file a complaint with a supervisory authority where applicable.

To exercise these rights, please contact us at support@phonegal.com. We may need to verify your identity before fulfilling your request and may decline requests as permitted by law.

Callers. If you are a Caller and want to access, correct, or delete information collected about you during a call, please contact the Customer (the business you called) directly, since the Customer is the controller of that information. We will assist the Customer in honoring your request to the extent required by law.

California residents. California residents have additional rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), including the right to know what personal information is collected, the right to delete personal information (with exceptions), the right to correct inaccurate personal information, the right to opt out of the “sale” or “sharing” of personal information (we do not sell or share personal information as those terms are defined under the CCPA/CPRA), and the right to limit the use of sensitive personal information. We do not discriminate against any consumer for exercising these rights.

Residents of other U.S. states. Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Kentucky, and other states with comprehensive consumer-privacy laws may have rights similar to those described above, including rights to access, correct, delete, and port personal information, to opt out of targeted advertising, the “sale” or “sharing” of personal information, and certain profiling, and to appeal a denial of these rights. We do not engage in “sales,” “sharing,” or cross-context behavioral advertising as those terms are defined under these laws. To exercise any applicable right, please contact us at support@phonegal.com.

Sensitive personal information. We do not intentionally collect categories of “sensitive personal information” as defined by the CCPA/CPRA or analogous laws. However, because the AI receptionist captures whatever a Caller chooses to say, sensitive information may be incidentally included in a call recording or transcript. We apply the safeguards described in Section 8 to all such information and do not use it for purposes other than providing the Service.

10. Call Recording & Caller Notice

When a Caller is connected to a PhoneGal-powered receptionist, the Service will identify itself as an AI assistant. Where the Customer’s business location or the Caller’s location requires it, the Service may also announce that the call may be recorded. As described in our Terms of Service, each Customer is solely responsible for ensuring that recording and processing of inbound calls complies with applicable laws, including any “two-party” or “all-party” consent requirements. If you are a Caller and do not consent to AI handling or recording of the call, you may end the call and contact the business by an alternative method.

11. Children’s Privacy

The Service is intended for use by adults in connection with a business and is not directed to children. Consistent with the Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501–6506, and its implementing regulations, we do not knowingly collect personal information from children under the age of thirteen (13). Our Terms of Service additionally require that account holders be at least eighteen (18) years of age. If you are a parent or guardian and believe we may have collected information from a child under thirteen, please contact us at support@phonegal.com and we will take reasonable steps to delete it. Where applicable law sets a higher age of consent for the processing of children’s personal information, we honor that higher age.

12. International Users & Cross-Border Transfers

PhoneGal is based in the United States, and information we collect is processed and stored in the United States and in other countries where our Subprocessors operate. The data-protection laws of those countries may differ from the laws of your country. By using the Service, you understand that your information will be transferred to, stored, and processed in the United States, and you consent to such transfer to the extent permitted by applicable law. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to safeguard cross-border transfers of personal information.

14. Changes; Interpretation

We may update this Privacy Policy from time to time to reflect changes to the Service, applicable law, or our practices. When we do, we will revise the “Last Updated” date above and, if the change is material, we will provide additional notice (for example, by email or through the Service) before the change takes effect. Your continued use of the Service after the effective date of any change constitutes your acceptance of the revised Privacy Policy.

Interpretation. Headings used in this Privacy Policy are for convenience only and do not affect its interpretation. Capitalized terms used in this Privacy Policy but not defined here have the meaning given to them in the Terms of Service.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

PhoneGal LLC
6844 Bardstown Rd #504
Louisville, KY 40291
support@phonegal.com