Demo
Back to home
Legal center

Privacy Policy

This policy explains how CallGen handles account, workspace, communications, CRM, billing, integration, and AI-operation data.

Document info
Effective
May 28, 2026
Updated
May 28, 2026
Version
2026-05-28

Data controller

Gepeto, as provider of CallGen is responsible for the public site and CallGen service unless a separate written agreement names another contracting entity. Privacy requests may be sent to privacy@gepetos.ai.

Data we collect

  • Account data: name, email, phone, company, encrypted password, authentication provider, workspace membership, roles, and preferences.
  • Technical data: IP address, device/browser metadata, session cookies, security events, logs, audit trails, and usage telemetry.
  • Billing data: plan, wallet balances, top-ups, add-ons, usage charges, invoices, Stripe payment references, and billing history.
  • Workspace data: agents, prompts, shared memory, caller profiles, CRM/contact records, notes, tasks, workflow configuration, tools, API execution metadata, and integration settings.
  • Communications data: calls, audio, recordings, transcriptions, chats, SMS, WhatsApp, email, messages, attachments, sentiment, intent, risk, and context analysis.
  • AI and knowledge data: prompts, model inputs/outputs, RAG files, embeddings or indexes, uploaded documents, and tool/API results.
  • Integration data: Google OAuth and Google Calendar data where enabled, external CRM data, Twilio/Meta messaging metadata, and credentials or tokens stored for connected services.

Google Calendar Data Usage

When a user authorizes Google Calendar, CallGen may process calendar identifiers and metadata, availability/free-busy information, event titles, dates and times, attendees, location, event description or notes when needed for scheduling, event status, conference or meeting details included in the event, and OAuth tokens or credentials needed to maintain the authorized connection.

CallGen uses Google Calendar data only to provide user-facing scheduling and workflow features inside the authorized workspace. This includes checking availability, creating appointments, updating appointments, canceling appointments, rescheduling appointments, coordinating follow-ups, and allowing user-authorized AI agents to execute calendar-based workflows.

AI agents may process Google Calendar data only to complete the user-authorized workflow. Calendar data is not used to train generalized AI or machine learning models, create unrelated databases, determine creditworthiness, or for purposes unrelated to CallGen scheduling and workflow features.

Google Calendar data is not sold, transferred to data brokers, used for targeted advertising, retargeting, interest-based advertising, or included in marketing audiences. General secondary purposes described elsewhere in this policy do not apply to Google Calendar user data obtained through Google APIs.

Google Calendar data may be processed by infrastructure, database, hosting, monitoring, security, Google API, and AI/tool execution providers only when necessary to operate the integration or complete the user-authorized scheduling workflow. It is not transferred for unrelated purposes.

CallGen may store OAuth tokens or credentials securely to maintain the authorized connection, and may store event metadata, tool execution metadata, logs, or audit records when needed to operate the integration, maintain security, troubleshoot, audit activity, or meet contractual and legal obligations. We retain that data only as long as necessary for those purposes, subject to customer configuration, deletion requests, legal obligations, security, audit needs, and backup cycles.

Users may revoke CallGen's Google Calendar access from their Google Account permissions. Privacy deletion requests may be sent to the contact listed below with enough information to identify the relevant account or workspace.

CallGen protects Google Calendar data with administrative, technical, and organizational safeguards including HTTPS, workspace access controls, role-based permissions, audit logs, secret/token handling, backups, monitoring, and incident response. No system is completely risk-free.

CallGen's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Primary purposes

  • Create and operate accounts, workspaces, roles, authentication, and customer support.
  • Run AI agents across voice, chat, SMS, WhatsApp, email, shared memory, RAG, tools, APIs, and integrations.
  • Provide calling, messaging, recording, transcription, live supervision, human takeover, analytics, quality review, and security monitoring.
  • Manage billing, wallets, top-ups, add-ons, minute/SMS/workflow/storage/RAG/concurrency charges, fraud prevention, tax and accounting obligations.
  • Maintain reliability, debug incidents, enforce contracts, investigate abuse, and preserve audit evidence when necessary.

Secondary purposes

  • Product analytics, service improvement, performance measurement, and feature planning.
  • Marketing communications, demos, webinar follow-up, retargeting, and campaign attribution where permitted by law and consent settings.
  • Aggregated or de-identified reporting that does not identify an individual customer contact.
  • These secondary purposes do not apply to Google Calendar user data obtained through Google APIs.

Sensitive data

CallGen does not intentionally request sensitive personal data. Sensitive information may still appear in calls, CRM records, files, messages, recordings, or transcriptions uploaded or generated by customers. Customers must have a valid legal basis and configure agents, scripts, retention, and access controls accordingly.

Transfers and subprocessors

Subprocessors may include OpenAI, Twilio, Stripe, Google, Meta, ElevenLabs, Deepgram, Odoo, Cloudflare, hosting, database, observability, email, security, and infrastructure providers used to operate the service.

Google Calendar data is shared with subprocessors only as needed to provide the authorized Calendar integration, infrastructure, security, storage, monitoring, support, or AI/tool execution for the user-authorized scheduling workflow. It is not shared for advertising, retargeting, sale, data broker, or generalized AI model training purposes.

Retention

We retain data for as long as needed to provide the service, comply with legal, tax, accounting, security, fraud-prevention, dispute, and audit obligations, and support customer-configured retention. More detail is available in the Data Retention & Deletion Policy.

ARCO and privacy rights

Depending on your location, you may request access, rectification, cancellation/deletion, opposition, portability, restriction, or revocation of consent. Send requests to privacy@gepetos.ai with enough information to verify your identity and locate the relevant workspace or contact record.

Consent revocation

You may revoke optional consent such as marketing or cookie categories through the cookie preferences panel, unsubscribe controls, or a privacy request. Revocation does not affect processing that was lawful before the revocation or processing needed for service, legal, security, or contractual purposes.

Security

We use administrative, technical, and organizational safeguards including HTTPS, workspace access controls, role-based permissions, audit logs, secret handling, backups, monitoring, and incident response. No system is completely risk-free.

Changes

We may update this policy as the product, vendors, laws, or controls change. Material changes will be posted on this page and, when appropriate, notified in-product or by email.

Contact

Privacy contact: privacy@gepetos.ai. Support contact: support@callgen.ai.

This page is a product policy summary and baseline contractual notice. It should be reviewed by qualified counsel for your exact entity, jurisdiction, customer contracts, and regulated use cases.