Privacy Policy

AIVO Technologies ("AIVO," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use AIVO Connect and AIVO AI (collectively, the "Service").

AIVO Technologies is based in Belize. By using the Service, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

2.1 Account Information

• Business name, email address, and phone number
• Account credentials (passwords are stored using one-way hashing via bcrypt)
• Business profile details (hours, timezone, industry, settings)
• Billing and payment information (processed via a PCI-compliant payment processor - we do not store card numbers)

2.2 Call & Communication Data

• Call recordings (audio files of inbound and outbound calls)
• Call transcripts generated by AI speech-to-text processing
• Call metadata (duration, timestamps, caller/callee numbers, call status, direction)
• SMS and MMS message content and metadata (when messaging features are enabled)
• AI-generated summaries and sentiment analysis
• WebRTC session data for browser-based calls (microphone audio processed in real-time, not stored beyond the call unless recording is enabled)

2.3 Business Content

• Knowledge base articles you create to train your voice agent
• Contact lists and customer information you upload
• Appointment schedules and configurations
• Custom tools and workflow configurations

2.4 Usage & Technical Data

• IP addresses, browser type, device information
• Pages visited, features used, and interaction patterns
• API usage logs and request metadata
• Error logs and performance data

We use collected data to:

• Provide, operate, and maintain the Service
• Process calls and generate transcripts using AI speech-to-text
• Generate AI responses to callers using your knowledge base and business context
• Manage your account, billing, and subscriptions
• Train and improve your specific voice agent's responses
• Send transactional notifications (account alerts, billing receipts)
• Analyze usage patterns to improve the platform
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not use your call recordings, transcripts, or business data to train general-purpose AI models. Your data is used solely to power your specific voice agent within your account.

AIVO AI processes personal data automatically to deliver core Service functionality. This includes:

• Speech-to-text: Caller audio is converted to text in real-time using AI transcription services
• Natural language understanding: Transcribed text is processed by large language models (LLMs) to understand caller intent and generate appropriate responses
• Text-to-speech: AI responses are converted back to audio for the caller
• Sentiment analysis: Call content may be analyzed for sentiment and satisfaction scoring
• Call summarization: AI generates post-call summaries for your review

No automated decisions with legal effects are made by AIVO AI. The AI assistant provides information and performs tasks (e.g., booking appointments) based on your configuration, but does not make decisions that produce legal or similarly significant effects on End Users.

Call recording is enabled by default to provide transcripts and analytics. As the account holder, you are the data controller for call recordings and are responsible for:

• Informing callers that calls may be recorded (AIVO can be configured to play an automatic disclosure)
• Complying with applicable recording consent laws in your jurisdiction and the caller's jurisdiction (one-party vs. two-party consent)
• Configuring appropriate retention periods for your recordings
• Responding to data subject requests related to call recordings

You may disable call recording entirely through your dashboard settings. When disabled, AIVO AI will still process audio in real-time for conversation purposes but will not store recordings.

We share data with trusted third-party service providers as necessary to operate the Service. These providers fall into the following categories:

6.1 Voice & Messaging Infrastructure

We use a third-party telecommunications provider for call routing, recording, phone number provisioning, SMS/MMS delivery, and WebRTC services. Call audio and metadata are processed through their network under a data processing agreement.

6.2 Payment Processing

Payments are processed by a PCI-compliant third-party payment processor. Your payment card details are sent directly to the processor and never touch our servers.

6.3 AI & Machine Learning Providers

We use AI language models for transcription, conversation, and analysis. Call audio and text may be processed by these providers under strict data processing agreements. We select providers with appropriate security certifications (SOC 2, ISO 27001 where available).

6.4 Cloud Hosting

The AIVO Connect web application is hosted on a third-party cloud platform with enterprise-grade security and compliance standards.

• Account data: Retained for the life of your account plus 30 days after deletion
• Call recordings: Retained according to your account settings (default: 90 days). You may configure shorter or longer retention periods.
• Transcripts & analytics: Retained for the life of your account
• Billing records: Retained for 7 years as required by applicable financial regulations
• Server logs: Automatically purged after 90 days
• API request logs: Retained for 30 days for debugging, then purged

Regardless of your location, we extend the following rights to all users:

• Access - Request a copy of the personal data we hold about you
• Correction - Request correction of inaccurate personal data
• Deletion- Request deletion of your account and associated data ("right to be forgotten")
• Export - Request a machine-readable export of your data (call logs, contacts, knowledge base) - data portability
• Restriction - Request that we limit processing of your data in certain circumstances
• Objection - Object to processing of your data for specific purposes
• Withdraw consent - Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at hello@aivo.bz. We will respond within 30 days.

EU/EEA residents: You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

For users in jurisdictions requiring a legal basis (e.g., GDPR), we process personal data under the following bases:

• Contract performance: Processing necessary to provide the Service under our Terms of Service (account management, call handling, billing)
• Legitimate interest: Platform improvement, security, fraud prevention, and analytics
• Consent: Where you explicitly opt-in (e.g., marketing communications)
• Legal obligation: Compliance with tax, financial reporting, and law enforcement requirements

We implement industry-standard security measures including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure password hashing (bcrypt)
• API key authentication with scoped permissions
• Automated security scanning and dependency vulnerability monitoring
• Access controls and audit logging for all administrative actions
• Application-enforced multi-tenant data isolation (all queries scoped to your business)
• Two-factor authentication (TOTP) with backup codes
• Account lockout protection after repeated failed login attempts
• Rate limiting on all authentication and API endpoints
• CSRF protection, bot detection, and SQL injection prevention
• Security headers (CSP, HSTS, X-Frame-Options) on all responses

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

We use cookies and similar technologies for:

• Essential cookies: Session management, authentication, and security (required for the Service to function)
• Analytics cookies: Understanding how users interact with the platform to improve our Service

We do not use third-party advertising cookies or tracking pixels. You may disable non-essential cookies through your browser settings, though some features may not function properly.

AIVO Technologies is based in Belize. Your data may be transferred to and processed in:

• Belize - Where AIVO Technologies is incorporated
• United States - Where our cloud infrastructure, communications, and payment processing providers operate
• Other jurisdictions - Where AI model providers may process data under data processing agreements

By using the Service, you consent to these transfers. We ensure that all third-party providers maintain appropriate data protection standards through contractual safeguards.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will promptly delete it. Contact us at hello@aivo.bz if you believe a child has provided us with personal data.

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at:

hello@aivo.bz

AIVO Technologies
Belize City, Belize