Legal

Privacy Policy

Effective date: April 5, 2026 · Last updated: May 7, 2026

Overview

This Privacy Policy explains what information Wispoke ("we", "us") collects when you use our chatbot, voice agent, and dashboard, how we use it, and the choices you have. We are committed to protecting your privacy and the privacy of your end-users.

Mobile information disclosure

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the categories below exclude text-messaging originator opt-in data and consent — this information will not be shared with any third parties.

Information We Collect

Account information. When you create an account, we collect your name, email address, and company name. We do not collect a mobile phone number for the account holder; account communications are delivered by email only.

End-user chat data. When your customers use your embedded chatbot, we collect chat messages, session data, and basic analytics (page views, device type, language).

Voice agent call data. When you connect a phone number, we collect inbound caller phone numbers, audio recordings, transcripts, appointment details, and any custom fields you configure.

Billing data. Payment is processed by our payment provider; we receive transaction metadata (amount, date, last four digits of card) but never store full card numbers.

Technical data. Server logs, IP addresses, and browser metadata used for security, debugging, and rate limiting.

We do not knowingly collect sensitive personal information such as financial account numbers, health records, or government identifiers.

How We Use Your Information

We use information to:

  • Provide, maintain, and improve the Wispoke platform
  • Process chatbot conversations and voice agent calls and deliver AI responses
  • Generate analytics and insights for your dashboard
  • Send transactional emails: account verification, security alerts, billing notifications, and product updates
  • Detect, investigate, and prevent fraud and abuse
  • Comply with legal obligations

We do not sell your data, and we do not use your documents, conversations, recordings, or knowledge base to train AI models for other customers.

SMS Consent & Mobile Information

Wispoke does not send SMS to platform account holders. Account communications (verification, security alerts, billing, product updates) are delivered only by email and in-app messaging. The signup checkbox covers our Terms, Privacy Policy, and transactional email only.

SMS, when used, is a feature of the AI Voice Agent. With your voice-agent feature enabled, the agent may send a follow-up text — typically a booking confirmation or reminder — to an inbound caller, originated from the phone number you have connected to the Service. The recipient is the caller, not you (the account holder).

Caller consent is captured during the phone call. Before any SMS is sent, the voice agent asks the caller whether they would like to receive a text (for example, "Would you like a text confirmation?"). The voice agent only sends a message if the caller verbally agrees. The spoken consent, phone number, and timestamp are recorded as part of the call recording and transcript stored in your dashboard, and serve as the opt-in record. Recipients can reply STOP at any time to opt out, or HELP for support information; details are in our SMS Messaging Terms.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. SMS opt-in data and consent are not shared with any third party. Caller phone numbers and consent records are used only to deliver the message the caller requested and to comply with carrier and regulatory requirements. Message and data rates may apply, depending on the recipient's wireless plan and carrier.

AI Voice Agent — Calls & Recordings

The Wispoke voice agent answers inbound calls on phone numbers you connect. As part of operating the voice agent, we process:

  • Caller phone numbers (Caller ID)
  • Audio of the call (streamed and stored as a recording)
  • Real-time and final transcripts of the conversation
  • Appointment fields you configure (e.g., name, callback number, notes)

Call audio and transcripts are processed by speech and AI model providers (such as Twilio, Deepgram, and Groq) under their respective terms. These providers act as data processors and do not use your data to train their models for other customers.

You — as the operator of the connected phone number — are responsible for posting any recording-consent disclosure required by applicable law (e.g., "This call may be recorded" announcements in two-party-consent jurisdictions).

Call Logs & Metadata

For every call your voice agent answers, we record metadata in your dashboard so you can audit usage, review conversations, and meet your own retention obligations. Call logs include:

  • Caller phone number (Caller ID) and approximate region
  • Start time, end time, and total duration
  • Outcome (e.g., booked, no-show, voicemail, dropped, transferred)
  • AI model used, voice used, and per-call usage metrics for billing transparency
  • Linked appointment record (if the call resulted in a booking)
  • Tags or notes added by your team during review

Call logs are accessible only to authorized users in your dashboard. We do not enrich, sell, or share caller phone numbers with data brokers, marketers, or third-party affiliates. Caller information is used only to operate the voice agent on your behalf, return your callbacks, and assemble your appointment records.

You can delete individual calls or bulk-purge call logs at any time from the Calls page in your dashboard. Deleted recordings are removed from primary storage within 24 hours; backup copies are purged on our standard 30-day backup rotation.

Calendar Integration & Appointments

When the voice agent books an appointment, the appointment record — date, time, configured fields (e.g., name, phone, service requested), and any free-form notes — is stored in your Wispoke dashboard and linked to the originating call.

If you connect an external calendar provider (such as Google Calendar, Microsoft Outlook, or any iCal-compatible calendar), we:

  • Request only the minimum OAuth scopes required to read your availability and write events to the specific calendar you select
  • Use those credentials solely to keep appointments booked through Wispoke in sync with your chosen calendar
  • Store an OAuth refresh token, encrypted at rest, so future syncs can run on your behalf without prompting you again
  • Disconnect immediately when you revoke access from yourWispoke dashboard or directly with your calendar provider

We do not read calendar events, contacts, mailbox content, or any other Google Workspace or Microsoft 365 data unrelated to the appointments scheduled through Wispoke. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You can revoke calendar access at any time from your dashboard settings or directly via your calendar provider's account security page.

How We Share Information

We share information only in these limited cases:

  • With service providers who help us operate the Service (hosting, AI inference, payments, telephony) — under contracts requiring confidentiality and limited-purpose use
  • To comply with law — in response to lawful requests from public authorities, including to meet national security or law enforcement requirements
  • To protect rights and safety — to prevent fraud, security incidents, or harm to users or the public
  • With your consent — for any other purpose disclosed at the time you give consent

We do not sell personal information, and we do not share mobile information with third parties or affiliates for marketing or promotional purposes.

Third-Party Services

We use the following sub-processors:

  • Supabase — database, authentication, file storage
  • Twilio — telephony for the voice agent (inbound call routing, audio streaming, optional SMS)
  • Deepgram, Groq, and other AI providers — speech-to-text, language model inference (your data is not used to train their models for others)
  • Google Calendar / Microsoft Graph — optional calendar sync for appointments you book through the voice agent
  • Resend — transactional email delivery
  • LemonSqueezy — payment processing and billing

Data Storage and Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Your data is stored in secure cloud data centers. Each company's data is logically isolated in our multi-tenant architecture — no cross-company data access is possible.

We restrict access to your data to authorized personnel who need it to operate or support the Service, and we maintain reasonable administrative, technical, and physical safeguards.

Your Data, Your Control

You own your data. You can export or delete documents, conversations, transcripts, recordings, call logs, and appointments from your dashboard at any time. We never use your content to train AI models for other customers.

Your Rights (GDPR / CCPA)

Depending on where you live, you may have rights to: access the personal information we hold about you; correct inaccurate information; delete your information; restrict or object to processing; receive your data in a portable format; and withdraw consent at any time.

California residents may also request a list of categories of personal information disclosed for business purposes. We do not sell personal information.

To exercise any of these rights, email privacy@wispoke.com. We will verify your request and respond within the timeframes required by applicable law.

Cookies

We use essential cookies only for authentication and session management. The embedded chat widget does not set any third-party cookies on your visitors' browsers. We do not use tracking or advertising cookies.

Data Retention

We retain account data for as long as your account is active. Chat conversations, call transcripts, call recordings, call logs, and appointments are retained per your configured settings. When you delete your account, all associated data is permanently removed within 30 days, except where we are required by law to retain it longer.

Children's Privacy

Wispoke is not directed to children under 13 (or under 16 in the EEA), and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact privacy@wispoke.com.

Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and reflected in the "Last updated" date above.

Contact

For privacy questions or to exercise your rights, contact us at privacy@wispoke.com.