Privacy Policy

Effective Date: February 25, 2026Last Updated: February 25, 2026

Table of Contents

Frostbyte Digital LLC (“we,” “us,” or “Frostbyte Digital”) operates an AI-powered receptionist platform (the “Service”) that enables businesses to automate phone interactions using artificial intelligence. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at frostbytedigital.io.

1. Information We Collect

1.1 Account Information

When you register for our Service, we collect:

  • Business name, contact name, email address, and phone number
  • Billing information (processed securely through Stripe, our PCI-compliant payment processor)
  • Account credentials and authentication data

1.2 Voice and Call Data

Our AI receptionist processes voice communications, which may include:

  • Call transcripts generated through speech-to-text conversion
  • Call metadata: caller phone numbers, call duration, timestamps, call outcome, and routing information
  • Caller-provided information: names, contact details, appointment preferences, and inquiry content

Important: Voice analysis is strictly limited to converting speech to text and understanding conversational content to provide receptionist services. We do not create voiceprints, biometric identifiers, or use voice data for identification or authentication purposes.

1.3 Usage and Technical Data

  • IP addresses, browser type, device information, and operating system
  • Usage patterns, feature utilization, and dashboard interactions
  • Performance metrics, error logs, and diagnostic data

1.4 Integration Data

If you connect third-party services (e.g., Google Calendar), we may access:

  • Calendar event data limited strictly to scheduling functionality (event times, availability)
  • Your email address associated with the connected account

1.5 Information We Do NOT Collect

  • Social Security numbers or government-issued identification numbers
  • Financial account numbers (credit cards are processed by Stripe, our PCI-compliant processor)
  • Biometric identifiers or voiceprints for identification purposes

2. How We Use Your Information

2.1 Service Provision

  • Operate and deliver the AI receptionist Service
  • Process and route incoming calls according to your configuration
  • Transcribe voice communications and generate call summaries
  • Schedule appointments and manage calendar integrations
  • Send service notifications and important account information

2.2 Service Improvement

We analyze aggregated, de-identified data to:

  • Improve AI accuracy and natural language understanding
  • Identify technical issues and optimize system performance
  • Develop new features and enhance existing functionality

2.3 What We Do NOT Do With Your Data

  • We never sell your data to third parties
  • We do not use your call data to train AI models for other customers
  • We do not share identifiable data with advertisers or marketing companies
  • We do not use voice data for biometric identification

3. Google API Data & Limited Use Disclosure

Google API Services User Data Policy Compliance

Frostbyte Receptionist's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3.1 What Google Data We Access

When you connect Google Calendar, we access only:

  • Your Google account email address (for identification purposes)
  • Google Calendar events data (to create booking events on your calendar)

3.2 How We Use Google Data

We use Google Calendar data exclusively to:

  • Create calendar events for appointments booked by your AI receptionist
  • Update or cancel calendar events when booking status changes
  • Sync existing bookings to your calendar on your request

3.3 Limited Use Restrictions

We strictly comply with Google's Limited Use requirements:

  • We do not use Google user data for advertising, retargeting, or interest-based profiling
  • We do not sell, rent, or transfer Google user data to third parties
  • We do not use Google user data for AI model training, credit assessment, or any purpose unrelated to providing receptionist services
  • We do not allow humans to read Google user data unless required for security, legal compliance, or with your explicit consent

3.4 Google Data Security

Google OAuth tokens are encrypted at rest using AES-256-GCM encryption. Access tokens are automatically refreshed and old tokens are securely overwritten. You can disconnect Google Calendar at any time from the Integrations page, which immediately deletes all stored Google credentials.

4. How We Share Your Information

4.1 Service Providers

We share data with trusted providers who help deliver our Service:

CategoryPurpose
Telephony (Twilio)Call routing, phone number provisioning
AI Services (OpenAI)Speech-to-text, natural language processing
Cloud InfrastructureData storage and processing
Payments (Stripe)PCI-compliant payment processing
Calendar (Google)Appointment scheduling (only if you connect)

All providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose your information in response to valid court orders, subpoenas, law enforcement requests, or to protect our legal rights.

4.3 Business Transfers

If Frostbyte Digital is involved in a merger, acquisition, or sale of assets, we will notify you before your data becomes subject to a different privacy policy.

4.4 Aggregated Data

We may share aggregated, de-identified data that cannot identify you or your business for industry research and benchmarking.

5. Data Security

  • Encryption in transit: TLS 1.2+ for all connections
  • Encryption at rest: AES-256 encryption for sensitive data including OAuth tokens
  • Access controls: Role-based access and principle of least privilege
  • Authentication: Secure password hashing, session management via JWT
  • Monitoring: Security logging, error tracking, and incident response procedures

You are responsible for maintaining the confidentiality of your account credentials, using strong passwords, and notifying us immediately of any unauthorized access.

6. Data Retention

Data TypeRetention Period
Account informationDuration of account + 90 days
Call transcripts & metadataConfigurable, default 1 year
Booking recordsDuration of account + 90 days
Billing records7 years (tax compliance)
Google Calendar tokensUntil you disconnect; deleted immediately on disconnect

When you terminate your account, we delete or anonymize your personal data within 90 days, except where retention is required by law. You may request data export within 30 days of termination.

7. Your Privacy Rights

7.1 All Users

  • Access: Request copies of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw previously given consent at any time

7.2 California Residents (CCPA/CPRA)

California residents have additional rights including the right to know, delete, opt-out of sale (we do not sell data), non-discrimination, and correction. We do not sell personal information as defined by the CCPA.

7.3 European Union Residents (GDPR)

EU/EEA residents have rights under GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with a supervisory authority. Our legal bases for processing include contract performance, legitimate interests, consent, and legal obligation.

7.4 How to Exercise Your Rights

Email privacy@frostbytedigital.io with your request. We will verify your identity and respond within 30 days (45 days for complex requests).

8. AI & Automated Decision-Making

Our AI receptionist makes automated decisions including:

  • Determining appropriate responses to caller questions
  • Scheduling appointments and creating calendar events
  • Collecting and recording caller information
  • Detecting caller intent to improve conversation flow

All AI decisions are administrative and operational in nature. They are not legally binding and do not replace human judgment. Your call data is not used to train AI models for other customers. We maintain strict data isolation between customer accounts.

9. Your Responsibilities as Account Holder

You are responsible for complying with all applicable call recording consent laws in your jurisdiction, including one-party and all-party consent states, and federal wiretapping laws. While we provide automated disclosure messages at the beginning of calls, you must determine whether these disclosures satisfy legal requirements in your location.

Per FCC regulations, AI-generated voices are classified as “artificial or prerecorded voices” under the TCPA. You must disclose that callers are interacting with an AI system and obtain prior express consent for outbound calls.

10. Cookies & Tracking Technologies

We use cookies for:

  • Strictly necessary: Authentication, session management, core functionality
  • Performance: Analytics and service performance monitoring
  • Functional: User preferences and settings

We do not use marketing or advertising cookies. You can control cookies through your browser settings.

11. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at privacy@frostbytedigital.io.

12. International Data Transfers

Your data is primarily stored and processed in the United States. For transfers from the EEA/UK/Switzerland, we rely on Standard Contractual Clauses (SCCs) and applicable adequacy decisions. All transfers are protected by contractual obligations, encryption, and regular security assessments.

13. Changes to This Policy

We may update this policy periodically. For material changes, we will notify you via email at least 30 days before changes take effect. We will update the “Last Updated” date at the top of this page. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Information

Frostbyte Digital LLC

Attn: Privacy Officer

Alaska, United States

We will respond to privacy inquiries within 30 days.