Privacy Policy

Last updated: June 17, 2026

1. Introduction

Welcome to NextCall Technologies ("NextCall," "we," "us," or "our"). We operate the NextCall AI Receptionist platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service in compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By using NextCall, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information: Name, email address, business name, business type, and phone number provided during onboarding (processed via Clerk).
Call Data: Incoming and outgoing phone call audio, metadata (caller ID, duration, timestamps), AI-generated transcripts, call summaries, and sentiment analysis.
Payment Information: Billing details and transaction history processed securely through Paddle (our Merchant of Record). We do not store raw credit card numbers on our servers.
Usage Data: Log data, IP addresses, browser type, and interaction patterns with the dashboard.

3. How We Use Your Information & Legal Basis

We use your data for the following purposes, based on the corresponding legal bases required by GDPR:

To provide and maintain the Service: Processing transactions, routing calls, and delivering core functionality (Contractual Necessity).
To configure and personalize the AI agent: Using your provided Knowledge Base to route calls and generate responses (Contractual Necessity).
To send critical notifications: Emergency escalations, appointment reminders, and account alerts (Legitimate Interest).
To monitor usage and prevent fraud: Enforcing our Terms of Service and securing the platform (Legitimate Interest & Legal Obligation).

4. AI Processing, Automated Decision-Making & Call Recordings

Calls handled through our platform may be recorded, transcribed, analyzed, and summarized by AI systems (utilizing Retell AI and OpenAI) to provide core service functionality.

Consent Responsibility: You, the business owner, are solely responsible for obtaining any legally required consent from callers before recording or AI-processing conversations. NextCall assumes no liability for your failure to comply with local, state, or federal call recording consent laws.

Automated Decision-Making (GDPR Art. 22): The Service utilizes AI to route calls, generate sentiment scores, and trigger emergency escalations. These automated decisions are made to fulfill the core service provision. You have the right to request human intervention regarding these automated decisions.

AI-generated outputs (summaries, sentiment, auto-replies) may contain inaccuracies and should not be relied upon as the sole source of truth for critical business decisions.

5. Sharing of Information

We do not sell your personal information. We share data only with Third-Party Service Providers who perform services on our behalf:

Provider	Purpose
Clerk	Authentication & User Management
Twilio	Telephony, SMS, & WhatsApp Routing
Retell AI	Real-time Voice AI Processing
OpenAI	Transcription, Summarization, & Chat AI
Paddle	Payment Processing & Billing (Merchant of Record)
DataStax AstraDB	Encrypted Database Storage

6. Data Retention & Deletion

For active subscriptions, we retain Call Data (audio, transcripts, summaries) for the duration of your subscription to provide historical insights and improve AI context. Usage Data is retained for up to 12 months for analytics and security purposes.

Upon cancellation of your subscription, your account will enter a 30-day grace period. During this time, data is retained to allow for reactivation. After 30 days, all associated business data, call logs, and configurations are permanently scheduled for deletion from active systems.

Certain records may be retained in an anonymized format, or where required for legal, security, fraud prevention, accounting, or compliance purposes.

7. Security Measures

We implement industry-standard technical and organizational safeguards to protect your data:

Encrypted data transmission (TLS/HTTPS) for all API and web traffic.
Strict access controls and authentication mechanisms via Clerk.
Secure, isolated cloud infrastructure utilizing DataStax AstraDB.
Ring-fenced Twilio sub-accounts to isolate telephony data per business.

8. Your Privacy Rights

Depending on your location (e.g., EU/UK or California), you have specific rights regarding your personal data:

Access & Portability: Request access to or an export of the personal information we hold about you.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data (subject to legal retention requirements).
Objection & Restriction: Object to or restrict the processing of your data.
Withdraw Consent: Withdraw consent for AI processing at any time (which may limit Service functionality).

Right to Complain: You have the right to lodge a complaint with your local Data Protection Authority (DPA) or supervisory authority (e.g., the ICO in the UK) if you believe our processing of your personal information violates applicable law.

To exercise these rights, contact us at support@getnextcall.com.

9. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ. Where we transfer personal data outside the European Economic Area (EEA) or UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other recognized transfer mechanisms to ensure appropriate safeguards are in place.

10. Cookies & Tracking

We use cookies and similar tracking technologies to maintain user sessions (via Clerk), analyze usage patterns, and improve the Service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

11. Age Requirements

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently gathered personal data from someone under 18, we will take steps to delete that information.

12. Changes To This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where practical, sending an email or in-app notification. You are advised to review this Privacy Policy periodically for any changes.