Privacy Policy
We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
1. Data Controller
The party responsible for data processing on this website is: AnrufPro Feldbergstr. 100 81825 Email: info@anrufpro.de
2. Collection and Storage of Personal Data
When you visit our website, information is automatically sent to our website server. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until automatic deletion: • IP address of the requesting computer • Date and time of access • Name and URL of the retrieved file • Website from which access is made (referrer URL) • Browser used and, if applicable, the operating system of your computer • Name of your access provider The data mentioned is processed for the following purposes: • Ensuring a smooth connection to the website • Ensuring comfortable use of our website • Evaluating system security and stability
3. Appointment Booking and Contact
When you book an appointment or contact us through our website, the data you provide (e.g., name, email address, phone number, message) is stored for the purpose of processing your inquiry and for any follow-up questions. We do not share this data without your consent.
4. AI Phone Assistant
Our AI phone assistant processes phone conversations to answer calls, respond to customer questions, and book appointments. The following data is processed: • Spoken content of the phone call • Caller's phone number • Date and time of the call • Name and appointment details, if applicable Processing is based on Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(f) GDPR (legitimate interest). All data is processed in compliance with GDPR. We use third-party AI services to provide this functionality (see Section 6). User data, including data obtained from Google APIs (such as Google Calendar data), is not used to develop, improve, or train generalized AI/ML models, and is not transferred to AI providers for any purpose other than answering the immediate user request.
5. Chat Widget
We use a chat widget on our website that allows you to interact with our AI assistant. The following data may be collected when using the chat widget: • Chat messages and content • IP address • Browser type and version • Time of use The chat widget service is currently provided by GoHighLevel (HighLevel Inc., USA). GoHighLevel's privacy policy applies.
6. Sub-processors and Data Sharing
To provide our service, we share the minimum necessary data with the following sub-processors. We do not sell user data, and we do not share user data for advertising purposes. • Railway (data center: Amsterdam, EU) — hosting of our application backend and customer dashboard, including the database that stores customer account data, OAuth tokens, and configuration. • Google (Gemini API) — large language model used by the voice assistant to understand and respond to callers. Receives conversation context and tool inputs needed to answer the caller. Per Google's API terms, prompts are not used to train Google's generalized models. • ElevenLabs (USA) — speech-to-text and text-to-speech for the voice assistant. Receives call audio and generated text. Used in production. • Vapi (USA) and Deepgram (USA) — voice agent orchestration and speech-to-text used in our development and testing environments only; not used to process production customer calls. • Google Calendar API — when a customer connects their Google account, we access the customer's Google Calendar solely to read availability and to create or update calendar events on the customer's behalf, in line with the customer's instructions. Use of Google user data. Data obtained from Google APIs is used only to provide the user-facing features the user has authorized. We do not sell, transfer, or use Google user data for advertising. Google user data is not used to develop, improve, or train generalized AI/ML models. Google user data is shared with AI sub-processors only to the extent strictly necessary to fulfill an immediate user request (e.g., suggesting an available time slot during a call). Our use of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
7. Data Security
We protect personal data with appropriate technical and organizational measures, including: • Encryption in transit using TLS 1.2 or higher for all connections between users, our backend, and sub-processors. • Encryption at rest for the application database hosted on Railway. • OAuth refresh and access tokens (e.g., Google Calendar tokens) are stored with restricted access and can be revoked by the user at any time via their Google Account settings or by contacting us. • Access to production systems is limited to authorized personnel on a need-to-know basis and protected by strong authentication. • Secrets and API keys are managed via environment-level secret management and are not exposed in source code. • Sub-processors are selected based on their security posture and contractual data protection commitments. If you believe your data has been compromised, please contact us immediately at info@anrufpro.de.
8. Your Rights
You have the right to: • Obtain information about your personal data stored by us (Art. 15 GDPR) • Request correction of inaccurate data (Art. 16 GDPR) • Request deletion of your data stored by us (Art. 17 GDPR) • Request restriction of processing (Art. 18 GDPR) • Request data portability (Art. 20 GDPR) • Object to processing (Art. 21 GDPR) If you have connected a Google account, you can additionally revoke our access at any time via https://myaccount.google.com/permissions. Once access is revoked, we will stop accessing the affected Google APIs and delete associated tokens. To exercise your rights, please contact: info@anrufpro.de
9. Hosting
This public website is statically hosted. Our application backend and customer dashboard are hosted by Railway in a data center located in Amsterdam, Netherlands (EU). The hosting providers collect the following data in so-called log files, which your browser automatically transmits: • IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request, HTTP status code, amount of data transferred, website from which the request comes, browser type, operating system and its interface, language and version of the browser software.
10. Changes to This Privacy Policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The new privacy policy will then apply to your next visit.