Legal

Privacy Policy

How Phone AI collects, uses, and protects your data.

Privacy Policy for AI Agent: AI Calling Assistant

AI Agent: AI Calling Assistant takes your privacy seriously. This privacy policy explains how personal information is collected, used, and protected when you use this AI-powered phone call service and integrated tools.

1. Information Collected

1.1 Primary Account Information

The following primary account information is collected and used:

  • Email address
  • Name
  • Phone number (the real telephone number assigned to you by the service, and any additional numbers you choose to provide)
  • User ID (a unique identifier issued by our authentication provider)
  • Contact information

This information is required for the functionality of the service, including assigning you a real phone number and for legal compliance purposes.

1.2 User-Generated Content

The following is collected and processed:

  • Audio data from phone calls
  • Transcripts and summaries generated from your calls

1.3 Device Information

The following is collected:

  • Device ID
  • Advertising Identifier (IDFA): collected only when you grant App Tracking Transparency permission, and used solely for measuring whether paid acquisition campaigns introduced you to the app (see Section 19). If you do not grant ATT permission, the IDFA is not read or transmitted.

1.4 Usage Data

Information is collected about:

  • Product interactions
  • Purchase history

1.5 Google Calendar Integration

When you choose to add the Google Calendar tool to your AI agent, access to your Google Calendar data is requested using the following scope:

  • https://www.googleapis.com/auth/calendar

This access allows the service to:

  • Check your calendar availability
  • Book calendar appointments on your behalf

1.6 AI Knowledge Base (User-Provided Content)

You can optionally provide information for your AI receptionist to reference when speaking to callers. This is the AI's "knowledge base," and it is built entirely from content you choose to add inside the app. It may include:

  • Business or personal phone number(s) you want the AI to share when asked
  • Physical address or location you want the AI to share with callers
  • Hours of operation, services offered, pricing, frequently asked questions, and any other facts you want the AI to know

You decide what goes into the knowledge base and how the AI is allowed to use it. The information you add is stored with your account so the AI can reference it during a call when the caller's question is relevant. You can view, edit, or delete any entry at any time from inside the app, and removing an entry stops the AI from sharing it on future calls.

1.7 Contacts (Optional iOS Permission)

With your explicit permission, the app reads your iOS Contacts to provide a better calling and inbox experience. Specifically, contacts access is used to:

  • Identify and label callers by name when a known contact calls your assigned number
  • Show caller details (name, photo, organization) in the inbox, call history, and call screens
  • Let the AI treat saved contacts and VIPs differently from unknown numbers
  • Allow you to manually add a contact's information to the AI knowledge base when you choose to

Contacts permission is requested through the standard iOS system prompt and can be revoked at any time under Settings > Privacy & Security > Contacts. Contacts are used to operate the service and are not sold, rented, or shared with third parties for advertising.

1.8 Microsoft 365 / Outlook Integration

When you choose to add the Microsoft 365 / Outlook tool to your AI agent, the service requests access to your Microsoft account using Microsoft's standard OAuth 2.0 sign-in flow. The Microsoft Graph permission scopes requested are limited to what the integration needs and are presented to you on the Microsoft consent screen before any access is granted. Typical scopes include:

  • Calendars.ReadWrite — read calendar availability and create new calendar events
  • offline_access — refresh access tokens so the integration keeps working in the background
  • openid, profile, email — identify your Microsoft account during sign-in

This access allows the service to:

  • Check your Outlook calendar availability when a caller asks to schedule a meeting
  • Create new Outlook calendar events for scheduled calls or appointments
  • Display upcoming events in the app to help you manage your schedule

You can revoke this integration at any time from inside the app, or directly from your Microsoft account at https://myaccount.microsoft.com under "Privacy" > "Apps and services."

1.9 Other Productivity Integrations

From time to time, additional optional integrations may be offered (for example, additional calendar, email, messaging, or scheduling services). For every such integration, the same principles apply: access is requested through the third party's own OAuth or permission flow, only the minimum scopes required for the feature are requested, you can revoke access at any time, and the third party's data is used only to operate the integration you enabled and is never sold or used for advertising. Specific provider names are listed in your account or on the consent screen at the time you connect the integration.

2. Use of Information

The information collected is used to:

  • Provide and maintain the AI calling service
  • Assign you a real phone number
  • Process and handle incoming and outgoing calls
  • Generate transcripts and summaries of your calls
  • Reference the entries in your AI knowledge base (such as a business phone number, address, hours, or FAQ items) when the AI is speaking with a caller, so the AI can answer in the way you have configured
  • Recognize and label callers by name using your saved iOS Contacts when you grant contacts permission
  • Analyze and improve the service
  • Respond to your inquiries and provide customer support
  • Send you important service-related notifications
  • Comply with legal obligations
  • Check calendar availability and book appointments (when the Google Calendar tool is added)
  • Check calendar availability and book appointments using Microsoft 365 / Outlook (when the Outlook tool is added)
  • Operate any other optional productivity integration you connect (each described on its own consent screen at connect time)

3. Data Tracking and Linking

3.1 Data Used to Track You

  • Advertising Identifier (IDFA): only when you grant App Tracking Transparency permission, used to measure whether paid acquisition campaigns (for example, Apple Search Ads) successfully introduced you to the app. When you do not grant ATT permission, no data is used for tracking purposes. See Section 19 for details.

3.2 Data Linked to You

  • User ID (unique identifier issued by our authentication provider): Internal account identifier used to operate the service. Not used for cross-app tracking.
  • Contact information (Email Address): Used for analytics and contacting you for support
  • Name: Required for service functionality
  • Phone Number: The real telephone number assigned to you, and any additional numbers you add to your AI knowledge base
  • Physical Address: When you choose to add a business or personal address to your AI knowledge base so the AI can share it with callers
  • User-generated content: Required for call recording, transcription, and summary generation; also includes any custom entries you add to your AI knowledge base (such as hours, services, pricing, FAQs)
  • Contacts: When you grant iOS contacts permission, your saved contacts are used to identify callers by name, and individual contact details may be added to your AI knowledge base if you explicitly choose to do so
  • Google Calendar data: Used for checking availability and booking appointments (only when the tool is added)

3.3 Data Not Linked to You

  • Purchases and purchase history
  • Device ID
  • Product interaction data
  • Crash data
  • Performance data

4. Protection of Information

Industry-standard security measures are implemented to protect your personal information, including:

  • TLS/SSL encryption for data transmission
  • Encrypted storage of personal information at rest
  • Regular security reviews and updates
  • Compliance with Google's API Services User Data Policy and Limited Use requirements

5. Disclosure of Information

Your personal information is not shared with third parties except:

  • As required by law
  • As necessary to provide the services (for example, telephony providers carry call audio; payment and subscription processing providers receive purchase events)
  • With trusted operational partners subject to contractual confidentiality and data-processing obligations

The service is developed and maintained by an independent developer. We do not sell your personal information. For the app to function, certain data must be transmitted to operational third-party services as described in Section 11.

6. Your Rights

You have the right to:

  • Access your personal information
  • Update or correct your personal information
  • Request deletion of your personal information
  • Object to the use of your information for marketing purposes
  • Opt-out of certain data collection practices
  • Revoke access to your Google Calendar data at any time
  • Revoke access to your Microsoft 365 / Outlook data at any time
  • Disconnect any other optional productivity integration you have enabled, at any time, from inside the app or from the provider's own account settings

To exercise these rights, please contact the developer using the information provided in the "Contact Us" section.

7. Cookies and Similar Technologies

Cookies and similar technologies may be used on web surfaces of the service to collect information about your use of the service. You may disable cookies in your browser settings, but this may affect functionality.

8. Children's Privacy

This service is not intended for children under the age of 13. Personal information is not knowingly collected from children under 13. If you are a parent or guardian and believe information may have been collected about a child, please contact the developer.

9. Changes to This Privacy Policy

This privacy policy may be updated from time to time. You will be notified of any changes by the posting of the new privacy policy on this page and updating the "Last Updated" date. You are advised to review this privacy policy periodically for any changes.

10. Contact Us

If you have any questions or concerns about this privacy policy or the use of your personal information, the fastest way to reach us is through the in-app Support screen, because it automatically attaches the diagnostic context (account ID, device model, app version, recent error logs) we need in order to investigate your issue:

  1. Open the app
  2. Go to Settings
  3. Select Support and tap Contact Support

If you are unable to use the in-app form (for example, you cannot sign in or have not installed the app), you can email us at app+PhoneAI [at] brutusai [dot] com (replace [at] with @ and [dot] with .; keep the +PhoneAI portion of the address intact). See the full Support page for what to include when you write to us.

The developer will assist you with any privacy-related inquiries or requests.

11. Third-Party Services

To deliver core functionality, the service relies on the following categories of third-party services. Each provider receives only the minimum data necessary to perform its role, under contractual data-processing terms.

  • Authentication and identity. A third-party authentication service issues your unique User ID, manages sign-in (including federated sign-in such as Sign in with Apple and Google sign-in), and securely stores credential metadata. It does not receive your call audio, transcripts, or knowledge content.
  • Analytics, crash reporting, and product telemetry. A third-party analytics and observability service receives anonymized product-usage events, crash reports, and performance metrics so the service can be monitored and improved. This data is not used to advertise to you.
  • Cloud database and storage. A third-party managed database/storage provider holds your account record, call summaries, transcripts, knowledge entries, and other service data on encrypted infrastructure.
  • Telephony and SMS carriage. A third-party telephony provider carries inbound and outbound calls and SMS messages to and from the phone number assigned to you, and performs the technical steps required to route those communications.
  • AI inference and speech processing. Third-party AI providers process call audio, generate speech, transcribe audio, and produce text completions and summaries. Audio and transcript content is transmitted to these providers solely to fulfill the request and is not used by them to train models when the provider supports a no-training data-use option, which we enable where available.
  • Subscription, in-app purchase processing, and acquisition attribution. A third-party subscription management service receives purchase events from Apple to verify your entitlement and renewal status. Apple itself processes the underlying payment; we do not receive or store your payment card details. When you have granted App Tracking Transparency permission, the iOS Advertising Identifier (IDFA) is also passed to this provider so the developer can measure whether paid ad campaigns (for example, Apple Search Ads) successfully introduced you to the app. This is used solely for measuring ad performance and improving acquisition campaigns; it is not used to display third-party advertising inside the app, and it is not shared with data brokers.
  • Operational tooling (search, email, scheduling integrations). Where you opt into integrations (for example, Google Calendar, Microsoft 365 / Outlook, or other productivity tools listed in the app), the corresponding third-party service receives only the scoped data required to operate the integration you enabled. Each provider's own privacy policy and terms apply to the data you share with that provider.

These categorical descriptions are accurate at the time of writing. Specific provider names are subject to change without changing the categories. You can contact us via the Support menu to request the current list of named providers.

12. Consent

By using this service, you consent to this privacy policy and agree to its terms. When adding the Google Calendar tool, you will be prompted to give explicit consent for calendar access.

13. Google API Services User Data Policy Compliance

The use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Access to the Google Calendar API is only requested when you choose to add the related tool to your AI agent.

14. Data Retention and Deletion

Retention of your personal information and user data is limited to one year from your last login. This retention period allows for continuous service and maintenance of relevant information for your account.

To delete your account and all associated data:

  1. Open the app
  2. Go to Settings
  3. Tap "Delete Account"

Upon receiving your deletion request, it will be promptly processed and all your personal information and user data will be removed from our systems. Telephony assets (such as a Twilio phone number assigned to you) will be released after your subscription terminates.

Additionally, an automatic deletion process is in place. If your account shows no activity for an extended period, your personal information and user data will be automatically deleted through a scheduled job. This ensures that inactive accounts do not retain user data unnecessarily.

Please note that some information may be retained for legal or regulatory purposes, as required by applicable laws, even after automatic deletion or user-requested deletion.

15. Sign in with Apple

The app offers "Sign in with Apple" as an authentication option. This feature provides an additional layer of privacy and security for users. When you choose to use Sign in with Apple:

  • Apple acts as an intermediary for authentication, allowing you to sign in to the app without sharing your Apple ID email address.
  • You have the option to mask your email address. If you choose this option, Apple creates a unique, random email address that forwards to your real email address. This random email address is shared with the app instead of your actual email address.
  • The app receives only the information you agree to share. This may include your name and the email address you've chosen to share (either your actual email or the masked email provided by Apple).
  • Your Apple ID password is never shared with the app.

The information received through Sign in with Apple is used solely for the purpose of creating and managing your account within the app. This information is treated with the same level of security and privacy as all other user data described in this policy.

If you choose to stop using Sign in with Apple with this app:

  1. You can revoke the app's access to your Apple ID at any time through your Apple ID settings.
  2. Upon revocation, you will no longer be able to sign in to the app using your Apple ID.
  3. You may need to create a new account using a different authentication method to continue using the app.

The masked email feature, if you choose to use it, allows you to maintain a higher level of privacy while still enabling necessary communication about your account and the service.

16. Security of Google User Data

The security of your Google user data is taken seriously. When you grant access to your Google Calendar data, the following security measures are implemented:

  • Encryption: All data in transit and at rest is encrypted using industry-standard protocols.
  • Access Controls: Only authorized personnel have access to systems processing Google user data.
  • Regular Security Reviews: Periodic security assessments are conducted to ensure the ongoing protection of your data.
  • Data Minimization: Only the minimum amount of calendar data necessary to provide the requested functionality is accessed and stored.

17. Transparency about Google User Data Usage

We are committed to transparency regarding the use of Google user data. Here's how the calendar data you provide access to is used:

  • Availability Checking: Your calendar is accessed to check for available time slots when scheduling calls or appointments.
  • Appointment Booking: With your permission, new calendar events can be created for scheduled calls or appointments.
  • Display in App: Relevant calendar information may be displayed within the app to help you manage your schedule.

Your Google Calendar data is not used for any other purposes, such as marketing, advertising, or data mining.

18. User Control over Google Data

You have full control over the Google Calendar data you share:

  • Revoke Access: You can revoke access to your Google Calendar at any time through your Google Account settings.
  • Data Deletion: If you revoke access or delete your account, all Google Calendar data stored will be promptly deleted.
  • Limited Use: The app adheres to Google's Limited Use requirements and will not use your calendar data for any purposes other than those explicitly stated in this policy.

19. Microsoft 365 / Outlook Data — Security, Transparency, and Control

When you connect a Microsoft 365 / Outlook account, the data you authorize through Microsoft's OAuth consent screen is treated with the same standards described elsewhere in this policy.

  • Scopes: Only the Microsoft Graph scopes shown on the Microsoft consent screen are requested. Today these are limited to the scopes needed to read calendar availability, create calendar events, and refresh the access token in the background (see Section 1.8). No mailbox, contact, or document scopes are requested unless you are explicitly informed of and consent to them.
  • Use: Microsoft 365 / Outlook data is accessed solely to check availability, create calendar events for calls or appointments, and display upcoming events to you in the app. It is not used for advertising, profiling, marketing, or any purpose beyond operating the integration you enabled.
  • Storage: Calendar information retrieved from Microsoft Graph is kept only as long as needed to perform the requested action. Access and refresh tokens are stored on encrypted infrastructure and used only to call Microsoft Graph on your behalf.
  • Security: All data in transit between this service and Microsoft Graph is encrypted using TLS. Access tokens are stored with the same encryption and access controls applied to other sensitive account data.
  • Control: You can revoke the integration at any time from inside the app, or directly from your Microsoft account at https://myaccount.microsoft.com under "Privacy" > "Apps and services." Revoking access also stops further calls to Microsoft Graph and triggers deletion of stored Microsoft 365 / Outlook data associated with your account.
  • No third-party sharing: Microsoft 365 / Outlook data is not sold, rented, or shared with advertising networks, data brokers, or any unrelated third party.

20. App Tracking Transparency (ATT)

Apple's App Tracking Transparency (ATT) framework requires apps on iOS, iPadOS, and macOS to request your permission before "tracking" you, where tracking is defined as linking user or device data collected from this app with data collected from other companies' apps, websites, or offline properties for the purposes of targeted advertising or advertising measurement, or sharing data with data brokers.

Phone AI uses ATT for one narrow purpose: to measure whether paid acquisition campaigns (for example, Apple Search Ads) successfully introduced you to the app, so the developer can evaluate which marketing channels work and reinvest accordingly. Specifically:

  • When you launch the app for the first time, the standard iOS App Tracking Transparency prompt is shown, asking whether Phone AI may track you.
  • If you grant permission, the app reads the iOS Advertising Identifier (IDFA) and passes it, together with subscription and purchase events from your account (for example, free trial started, subscription purchased), to our subscription and attribution measurement provider. This information is used to attribute subscription conversions back to the ad campaign that brought you to the app.
  • If you deny permission, the IDFA is not read or transmitted. Phone AI relies only on Apple's privacy-preserving attribution APIs (such as SKAdNetwork and the AdServices framework), which do not require ATT, do not share device-level data with the developer, and are controlled by Apple.

The attribution data described above is used solely for advertising-performance measurement. It is not used to:

  • Show third-party advertising inside Phone AI (the app contains no ads at all)
  • Build profiles of you for sale or sharing
  • Transmit your name, email address, phone number, physical address, contacts, call recordings, transcripts, AI knowledge base entries, or any other personal content to advertising networks or data brokers

You can change your ATT decision at any time. On iOS and iPadOS, open Settings > Privacy & Security > Tracking and toggle Phone AI's tracking permission on or off, or disable the ATT prompt across all apps from the same screen.

Last Updated: May 14, 2026