← Back to Home

Privacy Policy

Last updated: July 16, 2026

1. Introduction

CallBackOrElse ("Company," "we," "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our storm-response and AI phone receptionist service ("Service"). Please read this policy carefully.

2. Information We Collect

2.1 Account Information

When you register, we collect: name, email address, phone number, business name, business address, and payment information (processed by Stripe).

2.2 Call Data

When our AI handles calls for your business, we collect: caller phone number, call duration, call recordings, call transcripts, AI-generated summaries and analysis, and caller-provided information (name, address, service requested).

2.3 SMS Data

We collect: phone numbers, message content, opt-in/opt-out records, and delivery status for SMS messages sent through the Service. When customers interact with our automated SMS reply system, we may also collect caller-provided information (name, service address, service requested) and store it on the customer's contact record.

2.3a SMS Program Terms (Messaging Consent and Opt-Out)

By providing your phone number and opting in (either verbally during a call with our AI receptionist or by submitting our online consent form), you agree to receive SMS text messages, and where you have separately indicated AI-powered voice calls, from CallBackOrElse regarding customer care, appointments, and service updates. The following SMS program terms apply:

  • Message frequency may vary.
  • Message and data rates may apply.
  • Reply STOP (or CANCEL, UNSUBSCRIBE, END, QUIT, REVOKE, or OPT OUT) to any message to unsubscribe from further SMS at any time.
  • Reply HELP for help, or contact us at support@callbackorelse.com.
  • Your SMS opt-in and consent are used exclusively by CallBackOrElse to contact you. Your SMS opt-in information is not shared or sold to third parties for promotional or marketing purposes.
  • Consent is not a condition of purchase.

Carriers are not liable for delayed or undelivered messages. For additional detail on how we capture and log messaging consent, including verbal opt-in during AI calls, see our Messaging Compliance FAQ.

2.4 Usage Data

We automatically collect: IP address, browser type, device information, pages visited, referral URLs, and interaction data (clicks, page views).

2.5 Cookies

We use cookies and similar technologies as described in our Cookie Policy.

2.6 Authentication Data

When you sign in using a third-party authentication provider (Google or Apple), we receive and store: a unique identifier from that provider, your name (if provided), and your email address. We do not receive or store your Google or Apple account password.

When you create an email and password account, we store your email address and a salted, one-way bcrypt hash of your password. We never store the plaintext password and cannot recover it; a forgotten password can only be reset. Your account password is separate from any third-party authentication provider's password.

When a technician creates a field-app login, we store the technician's chosen username and a salted, one-way bcrypt hash of the password. We never store the plaintext password and cannot recover it; a forgotten password can only be reset. The technician username is unique across the Service.

2.7 Support Communications

When you contact us — including through the support form on our website, the in-app support chat, or by emailing support@callbackorelse.com — we collect the information you provide: your name, email address, phone number (if provided), the topic you select, and the contents of your message. We use this information only to respond to your inquiry and to maintain a record of support requests. Support form submissions are stored in our Notion workspace (see Section 5) and forwarded by email to our support team. You may submit a support request without holding a CallBackOrElse account.

If you sign in with Apple and choose to use Apple's "Hide My Email" feature, we receive a private relay email address instead of your personal email. We treat this relay address as your account email and do not attempt to obtain your real email address. Service communications sent to the relay address are forwarded by Apple to your personal inbox.

2.8 Customer Map and Weather Intelligence Data

When you use customer-map, storm, traffic, weather, or demand-surge features, we process service addresses, derived latitude/longitude coordinates, map viewport selections, weather-alert areas, forecast-grid locations, and related operational signals so the dashboard can show nearby customers, weather hazards, traffic layers, flood zones, tropical-cyclone overlays, and HVAC demand-surge indicators. We do not collect device GPS location for these features. Where geocoding is enabled, we may send service-address text to the U.S. Census Bureau geocoder and, if configured by us, Photon/OpenStreetMap geocoding services to derive coordinates. Weather and hazard features may send coordinates, grid points, or map-tile requests to the National Weather Service, NOAA, FEMA, and TomTom as described in Section 5.

2.9 Post-Call Service-Address Review

When this feature is enabled and an inbound caller provides a service address or the call creates a service or appointment record, we may send the caller-provided service address to the Google Address Validation API after the call ends. We use the returned validation verdict and standardized address components only to determine whether the address should be flagged for review by the business account owner before dispatch. This review does not block or change a booking, automatically replace the stored address, or determine whether a call receives emergency handling. A possible correction, an address that cannot be verified, or an unavailable validation service creates an address-review flag for human follow-up.

2.10 Technician Field App and Job-Proof Data

When a business account owner enables field-app access for an employee or contractor, we process that worker's name, contact information, role, skills, assigned schedule, device display name, and field-app authentication records. The field app displays the customer and job information needed for assigned work, including customer contact information, service address, job notes, scheduled time, parts, and workflow requirements. It records operational events such as arrival, breaks, workflow answers, parts used, completion status, and confirmed technician actions.

Before a technician activates a phone, we display the business name, a summary of the work activity visible to that business, and links to the current Terms of Service and Privacy Policy. We record the technician, business account, approved device, date and time, and document versions associated with the technician's confirmation that the technician is at least 18, is authorized by the business, agrees to the Terms, and acknowledges this Policy. We do not collect a birth date or identity document for this confirmation.

When job-proof features are enabled, authorized users may upload before-and-after job photos and collect a customer's typed name, acknowledgment, and drawn signature image. Uploaded photos are decoded and re-encoded before storage to remove embedded camera and location metadata. Signature images are also re-encoded before storage. We do not use job photos or signatures for biometric identification or template generation. The field app does not collect a technician's device GPS location.

Field-app passkeys use public-key credentials. CallBackOrElse stores the public credential identifier, public key, usage counter, and related security records; a fingerprint, face scan, device passcode, and private cryptographic key remain on the technician's device and are not received or stored by CallBackOrElse.

The technician field-app provisions in this Section 2.10 and Section 3A.5 take effect August 13, 2026.

3. How We Use Your Information

  • To provide and maintain the Service
  • To process calls and messages on your behalf
  • To analyze calls for quality, sentiment, urgency, and lead scoring (see Section 9A, category K)
  • To display customer-map, storm, traffic, weather, flood, tropical-cyclone, and demand-surge intelligence features you choose to use
  • To review service-address completeness after calls and flag possible address issues for human follow-up before dispatch
  • To provide assigned schedules, job details, field workflows, inventory context, technician status, and customer-authorized job-proof records
  • To send service-related communications (billing, alerts, summaries)
  • To debug, secure, and improve the Service itself (software, prompts, workflows)
  • To comply with legal obligations
  • To detect and prevent fraud or abuse

We do not train artificial intelligence models. CallBackOrElse is not an AI developer. We use third-party AI providers — ElevenLabs (real-time voice and transcription) and OpenAI (post-call analysis and summarization, inbox features, the in-dashboard AI assistant, and the technician field assistant) — to perform inference on call audio, transcripts, and, when you use an assistant, the account data you submit to it (such as your call and lead records, contacts, message drafts, job records, and operational data), on a per-request basis. Those providers process our API requests under their published API terms; in particular, OpenAI does not use API-submitted data to train its models by default (since March 2023), and ElevenLabs does not use customer audio submitted via its API to train its models. We do not run a training pipeline of our own and do not aggregate caller content into a model-training corpus. Improvements to "the Service" in the list above refer to human engineering work — prompt template revisions, code changes, infrastructure tuning — not machine learning on your data.

3A. Storm Mode, Triage Classification, and Owner Alerts

CallBackOrElse offers operational features that affect how caller data is processed and surfaced. We disclose them here so you and your callers know what happens during a call.

3A.1 Storm Mode

"Storm Mode" is a high-volume incident posture (e.g., severe weather event) that business owners can enable for a defined period. While Storm Mode is active, the AI receptionist uses a Storm-specific agent and a Storm-specific opening disclosure that identifies the AI, names the storm event, and notifies the caller that the call is being recorded (the verbatim disclosure script is published in our Messaging Compliance FAQ). Storm Mode may also enable additional outbound SMS workflows (engagement messages, scheduled engagements, surge digests) to opted-in contacts only. Storm Mode does not change the categories of personal information we collect or disclose; it changes the cadence and triage of how that information is processed.

3A.2 Triage and Vulnerable-Caller Classification

To help business owners prioritize callbacks, the AI may classify a call as urgent, high-value, or involving a "vulnerable" caller. The vulnerable classification is derived from call content (transcripts and AI-generated tags) and groups the following non-exhaustive tag set: medical, elderly, infant_or_child, and pregnancy. Triage tags also include practical HVAC categories such as no_heat, no_cool, gas_smell, electrical, and similar safety-relevant categories. These classifications are inferences (Section 9A, category K) and, where they reflect health, age, or family status, are treated as sensitive personal information under CPRA § 1798.140(ae) and handled under the use-limitation rules described in Section 9A. Classifications are visible only to the business account owner and authorized members of their account; they are not sold, shared, or disclosed to advertisers, and they are not used to make decisions that produce legal or similarly significant effects on the caller.

Automated Decision-Making Technology (ADMT). The triage and classification system described above constitutes automated decision-making technology as defined under CPRA § 1798.185(a)(16). Classifications are used solely to suggest a callback priority order to the business owner; they do not deny, limit, or condition service to any caller. Human review is available for all classification decisions — the system flags low-confidence classifications for manual spot-check by the business account owner. Callers may request information about the logic involved in the classification by emailing support@callbackorelse.com with the subject line "ADMT Request." Business account owners may review and override any classification in their dashboard.

3A.3 Owner and Dispatcher Alert Egress

When a call meets owner-defined or system-defined alert criteria (for example, an emergency-flagged call, a high-value lead, or a missed-call follow-up), the Service may send an alert to the business owner or designated dispatcher containing call metadata and a summary. Alerts are delivered through the channels listed below, each of which is also disclosed in Section 5 as a subprocessor relationship:

  • SMS via SignalHouse or Telnyx (depending on the customer's configured messaging provider) — to the contact phone number on file
  • Email via Resend — to the contact email on file
  • Push notifications (planned) via the CallBackOrElse mobile application; not currently in production. When push delivery is enabled, this section will be updated and an additional subprocessor disclosure will be added to Section 5 in the same release.

The content of an alert is limited to the metadata and summary needed to triage the call (caller phone, business name, urgency flag, AI summary). Full call recordings and transcripts are not transmitted in alerts; they remain accessible only inside your account dashboard.

3A.4 In-Dashboard AI Assistant

The in-dashboard AI assistant lets a business account owner review and act on their own account data through a conversational interface. When you use it, the content of your requests and the account data needed to answer them — for example, call and lead records, contacts, message drafts, and revenue or operational data — are sent to OpenAI on a per-request basis to generate a response, under the same no-training terms described in Sections 3 and 4 (OpenAI does not use API-submitted data to train its models by default, and may retain it for up to 30 days for abuse monitoring). The assistant operates only within your own account, surfaces only data you already have access to, and requires your explicit confirmation before it sends any message to your customers or takes other customer-facing actions. It does not create new categories of personal information; it changes how existing account data is processed and surfaced.

Assistant conversations are also stored on our servers so your chat history and the assistant's saved context survive across sessions and devices. This includes your messages, the assistant's responses, a record of the actions you asked it to take, and durable "memories" — business facts and preferences the assistant keeps so it does not re-ask what you have already told it (including details collected during setup, and summaries of calls your AI receptionist handled). Conversation history is retained for 400 days and then deleted automatically; memories are retained until you delete them. You can view and delete individual conversations and memories — or clear all memories at once — from the assistant's History panel in your dashboard. This stored history is separate from the per-request OpenAI processing described above: OpenAI receives conversation content per request under the no-training terms; the stored copy lives in our database under the safeguards in Section 7.

3A.5 Technician Field Assistant

The technician field assistant lets an authorized field worker ask for information about their assigned schedule, jobs, parts, and workflow. When a technician uses it, the technician's request, limited recent conversation context supplied by that phone, and the account or job data needed to answer are sent to OpenAI on a per-request basis under the no-training and retention terms described in Sections 3 and 6. The field assistant is restricted to the technician's business account and assigned field tools. Technician actions that change job state require an explicit confirmation where the product presents one.

CallBackOrElse does not store the technician field-assistant transcript as server-side chat history. The phone holds recent conversation context only in the current app process, and it is lost when that process closes or reloads. We store aggregate daily usage counts and token totals, without prompt or response content, for rate limiting, cost control, and security monitoring.

4. Call Recording

Calls handled by our AI receptionist may be recorded. All calls include an automated disclosure that: (1) the call may be recorded, and (2) the caller is speaking with an AI assistant. Call recordings are accessible only to the business account owner. Recordings are retained for the duration of your account; see Section 6 for details on what happens after account deletion. You may request earlier deletion of any specific recording or all recordings at any time by contacting support@callbackorelse.com.

Call transcripts may be processed by OpenAI for analysis, summarization, and lead scoring. By default since March 2023, OpenAI does not use API-submitted data to train its models. OpenAI may retain submitted data for up to 30 days for abuse monitoring purposes before deletion. For details, see OpenAI's data usage policies.

5. Third-Party Service Providers (Subprocessors)

We share information with the subprocessors below to deliver the Service. The "Processing location" column reflects each provider's primary processing region as disclosed by the provider; some providers operate global infrastructure and may route traffic through additional regions for redundancy. Where a provider processes outside the United States, see the international-transfers paragraph below this list.

  • Google (Sign-in): OAuth authentication. Data: name, email, profile picture, Google account identifier. Processing location: United States and Google's global cloud regions.
  • Google Address Validation: Post-call review of caller-provided service addresses when the feature is enabled. Data: service-address text submitted for validation; Google returns a validation verdict and may return standardized address components. We use the response to flag possible address issues for human review and do not automatically change or block a booking. Processing location: United States and Google's global cloud regions.
  • Apple (Sign-in): OAuth authentication. Data: name, email (or "Hide My Email" relay), Apple account identifier. Processing location: United States and Apple's global cloud regions.
  • ElevenLabs: Real-time conversational AI — voice synthesis, transcription, and tool-call data exchange (caller name, phone, address, service request). Processing location: primarily United States (US-East). May process via Google Cloud / AWS regions globally for inference.
  • Telnyx: Phone call routing and SIP connection. Processing location: United States, with global PoPs for telephony interconnect.
  • SignalHouse: A2P 10DLC registration and SMS delivery. Processing location: United States.
  • Stripe: Payment processing and subscription billing. Processing location: primarily United States; Stripe operates globally and may process payment-method data in additional regions per Stripe's published processing locations.
  • OpenAI: Post-call analysis, summarization, AI inbox features, the in-dashboard AI assistant, and the technician field assistant (which process the account data submitted in a request — call and lead records, contacts, message drafts, job records, and operational data). Processing location: United States. OpenAI may use additional regions under its enterprise data processing addendum; we use the standard API endpoints, which are US-hosted by default.
  • Resend: Transactional email delivery. Processing location: United States (AWS US-East-1) per Resend's published infrastructure documentation.
  • Railway: Application hosting and database infrastructure. Processing location: United States (Railway primary region).
  • Cloudflare R2: Private object storage for job photos and customer signature images when job-proof features are enabled. Objects are not made public; the Service retrieves them through authenticated endpoints. R2 determines object location from the bucket configuration and may use Cloudflare's global network to process requests. A jurisdictional restriction, if configured for a bucket, controls where that bucket's objects are stored.
  • U.S. Census Bureau geocoder: Service-address geocoding for customer-map features when geocoding is enabled. Data: service-address text submitted for coordinate lookup. Processing location: United States.
  • Photon/OpenStreetMap geocoding: Optional fallback service-address geocoding for customer-map features when configured by us. Data: service-address text submitted for coordinate lookup. Processing location: provider-operated infrastructure, which may include regions outside the United States.
  • National Weather Service and NOAA: Weather alerts, forecast-grid lookups, radar imagery, tropical-cyclone overlays, storm-surge map layers, and related weather intelligence. Data: coordinates, grid points, map-tile requests, and service area metadata needed to return weather and hazard layers. Processing location: United States.
  • FEMA: Flood-zone map overlays. Data: map viewport or geometry requests needed to return flood-zone layers. Processing location: United States.
  • TomTom: Traffic map tiles and traffic-layer status when traffic features are enabled. Data: map-tile requests and viewport metadata needed to return traffic layers. Processing location: TomTom operates global infrastructure and may process requests in the United States, Europe, or other regions under its published terms.
  • Jobber: Field service management and job scheduling (when connected by you). Processing location: Canada (Jobber primary region).
  • HouseCall Pro: Field service management and job scheduling (when connected by you). Processing location: United States.
  • ServiceTitan: Field service management and job scheduling (when connected by you). Processing location: United States.
  • Notion (Notion Labs, Inc.): Customer relationship management, support request intake, and call-record archive. Data: business name, primary contact name, primary contact email, primary contact phone, business address, assigned phone numbers, customer status and lifecycle events; for support requests submitted through our website form, in-app chat, or support email, the submitter's name, email address, phone number (if provided), selected topic, and message content; for calls handled through the Notion-dialer flow, call audio recordings (mp3), call transcripts, caller phone numbers, and call metadata are uploaded to and stored in a Notion workspace controlled by us. Notion's API receives only the records we send (we do not grant Notion access to our database). Processing location: United States (Notion is hosted on AWS, primarily US-East). Notion publishes its own data processing addendum, security overview, and SOC 2 Type II report; Notion participates in the EU-U.S. Data Privacy Framework as a self-certified participant.
  • Google Analytics 4: Website traffic and conversion analytics. Data: IP address (Google applies IP truncation by default in GA4), browser/device information, page-view and click events, GA4 client identifier. See our Cookie Policy for cookie names. Processing location: United States and Google's global cloud regions. Google participates in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework as a self-certified participant; see Google's privacy documentation for current attestation status.

Each subprocessor processes data under its own privacy policy and applicable contractual terms. Transfers of caller information to a Field Service Management provider you have connected (Jobber, HouseCall Pro, or ServiceTitan) are made at your direction as the controller of that data and are governed by your relationship with that provider; under CCPA/CPRA those transfers are not "sales" or "sharing."

We do not sell or share personal information. Some subprocessors listed above (notably OpenAI, ElevenLabs, Stripe, Google, and Apple) operate global infrastructure and may process data outside the United States. The Service itself is operated and hosted in the United States by a US-incorporated company; we are not established in, and do not direct the Service to, the European Economic Area, the United Kingdom, Switzerland, or Canada. See Section 11 for international-user disclosures (including how the CCPA/CPRA disclosures in Sections 9 and 9A apply to California residents who interact with the Service).

6. Data Retention

The account-closure, automated-deletion, export, and deletion-receipt disclosures in this Section 6 take effect August 14, 2026.

While your account is active, we retain the data we collect (call recordings, transcripts, AI-generated summaries, SMS message content, contact records, technician records, field workflows, and job-proof records) to provide ongoing service: lead history, revenue attribution, dispatcher review, field operations, dispute resolution, and product improvement. Business owners may request deletion of specific call recordings at any time by contacting support@callbackorelse.com. We periodically review our retention practices to align with applicable data minimization requirements.

When paid Service ends, the account enters a 30-day closure window. Operational access is disabled during that window, but an account owner may request an account export, reactivate through a successful payment, or choose immediate deletion. If the account is not reactivated, deletion begins automatically when the closure window ends. Choosing immediate deletion starts the same process without waiting for the remainder of the closure window.

When deletion begins:

  • Account data, call recordings, transcripts, SMS message content, technician records, field workflows, job photos, signature images, authentication credentials, and private account-export files are removed from active systems through an automated, retryable deletion process
  • Linked third-party access tokens are revoked or removed where supported; data already held independently by a connected provider remains subject to that provider's own retention duties and deletion controls
  • SMS consent and opt-out records are retained for 10 years per A2P messaging compliance requirements and applicable state law (including Virginia SB 1339)
  • Anonymized analytics data may be retained indefinitely
  • Billing records are retained as required by law
  • A minimal deletion receipt is retained to document the request, completion time, and categories of records retained under a legal, billing, fraud-prevention, or carrier compliance exception; the receipt does not retain ordinary account content

Account exports are ZIP archives assembled from the account's available records and private job-proof objects. A ready export may be downloaded for 24 hours. The stored export object is deleted no later than 7 days after it is created. Exports are limited to 100 MB; if an account exceeds that limit, contact support@callbackorelse.com for a supported transfer method.

Deletion removes data from active production systems. Encrypted infrastructure backups may retain residual copies until they expire through the hosting provider's ordinary backup cycle. Backups are access-restricted, are not used to provide the Service after deletion, and any restored data remains subject to the original deletion request.

Technician field-app retention: job schedules, workflow answers, operational activity, job photos, and customer signature records are retained for the duration of the business account unless deleted earlier through an available product or support workflow. Technician usernames and password hashes remain while the login is active and are deleted when all app access is revoked, the technician is deactivated, or the business account is deleted. Passkey credentials and device records remain until revoked or the account is deleted. Technician activation acknowledgments are retained for the duration of the business account and its closure window, then deleted with the technician record. Automated cleanup removes expired passkey challenges and sessions; pseudonymous persistent rate-limit counters are removed within 2 days; single-use activation records are retained for up to 90 days; completed confirmation receipts are retained for up to 90 days; field-app authentication events are retained for up to 180 days; and aggregate field-assistant usage totals are retained for up to 400 days. The technician field-assistant transcript is not stored as server-side chat history. OpenAI may retain API inputs and outputs for up to 30 days under its API data retention terms, subject to legal and security exceptions.

Field Service Management data is treated separately and varies by provider. When you connect a third-party FSM, we sync job and invoice data to attribute revenue and maintain customer matching:

  • ServiceTitan: raw synced records (jobs, invoices, customer rows) are purged within 24 hours of sync, in accordance with ServiceTitan's API terms. Aggregate revenue figures derived from the sync (monthly totals, attribution counts) are retained for as long as your account is active.
  • Jobber and HouseCall Pro: raw invoice records are retained for the duration of your account to support historical revenue reporting, customer matching across calls, and dispute resolution. You may request deletion of synced FSM data at any time by contacting support@callbackorelse.com or by disconnecting the integration, which removes our access tokens.
  • Customer-map coordinates: derived latitude/longitude coordinates, geocoding status, and map-display metadata are retained for the duration of your account so the customer map, storm overlays, and dispatch tools do not need to repeatedly geocode the same service address. They are removed from active systems through the deletion process described in this Section 6.

7. Data Security

We implement industry-standard security measures including: encryption in transit (TLS 1.2+), access controls, rate limiting on authentication and registration endpoints, regular security audits, and secure hosting infrastructure. We apply application-level encryption-at-rest using AES-256-GCM with a master key managed in our production environment. As of June 2026, this application-level encryption covers: (a) OAuth refresh tokens and API keys for Field Service Management integrations (Jobber, HouseCall Pro, ServiceTitan); (b) AI call transcripts and AI-generated summaries from voice calls; (c) customer service addresses associated with calls and scheduled appointments; and (d) SMS message bodies stored on conversation threads. We continue to extend application- level encryption to additional categories on a rolling basis (authentication provider tokens, additional subprocessor API keys, and webhook signing secrets). Database storage is additionally encrypted at the infrastructure level by our hosting provider.

Technician field-app passwords are stored as salted, one-way bcrypt hashes; session and activation credentials are stored as one-way token hashes; and passkeys are stored as public credentials. Private passkey keys and biometric unlock data remain on the technician's device. Job photos and signature images are stored in private object storage and are available only through authenticated application endpoints. Uploaded job photos are re-encoded before storage to remove embedded camera and location metadata.

No method of transmission over the Internet, or method of electronic storage, is 100% secure.

7A. Breach Notification

In the event of a confirmed data breach affecting your personal information, we will notify affected users without undue delay and in any event within the time required by applicable law, targeting notification within 72 hours of discovery where practicable, except where notification within that window is prohibited by law-enforcement instruction, would compromise an active forensic investigation, or where good-faith additional time is required to determine the scope and nature of the breach. The notification will describe (to the extent then known): the categories of information affected, the approximate number of users affected, the steps we have taken to contain and remediate the breach, and the steps you can take to mitigate harm. We will also notify relevant regulatory authorities and applicable State Attorneys General (including those of Florida, Georgia, and Alabama) as required by applicable law.

Internally, our incident-response process triggers an automated alert pipeline to the account owner and the security operator on duty within minutes of detection (via email and SMS), so that human investigation and customer notification can begin immediately.

8. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Opt out of marketing communications
  • Export your data in a portable format
  • Unlink third-party authentication providers (Google, Apple) from your account

To exercise these rights, use the available account settings or email support@callbackorelse.com. Account owners can initiate an export or deletion through the account-closure controls. We send a completion notice to the account email when the automated deletion process finishes.

9. CCPA Disclosures (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Limit Use of Sensitive Personal Information: You may limit how we use sensitive personal information to only what is necessary to provide the Service.
  • Right to Opt-Out: We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, email support@callbackorelse.com with the subject line "CCPA Request."

9A. Categories of Personal Information Collected (CCPA/CPRA Taxonomy)

For the twelve months preceding the date of this Privacy Policy, we have collected the following statutory categories of personal information defined by Cal. Civ. Code § 1798.140. We provide this taxonomy as a transparency disclosure regardless of whether a given user is a California resident; the same data handling applies to all users. For each category we list the source of the data, the business purpose, the third parties with whom we disclose it, and the retention period.

  • (A) Identifiers — name, business name, postal address, email address, telephone number, IP address, account or technician username, third-party authentication identifier (Google ID, Apple ID), Stripe customer ID, FSM provider customer ID, technician name and contact information, field-device display name, and public passkey credential identifier.
    Source: directly from you at registration, from your authentication provider, from inbound callers, from connected FSM systems, and from business account owners or technicians using the field app.
    Purpose: account creation, authentication, billing, call routing, customer matching across calls and FSM records.
    Disclosed to: Stripe, Google, Google Address Validation, Apple, Resend, Telnyx, SignalHouse, Jobber, HouseCall Pro, ServiceTitan, Railway, Cloudflare R2, U.S. Census Bureau geocoder, Photon/OpenStreetMap geocoding, Google Analytics (subprocessors as listed in Section 5).
    Retention: for the duration of active Service and the 30-day account-closure window; removed from active systems through the deletion process described in Section 6. SMS opt-out records and billing identifiers are retained longer as described in Section 6.
  • (B) Customer records information (Cal. Civ. Code § 1798.80(e)) — business contact information, payment card metadata (last four digits and expiration, held by Stripe, not by us), business address.
    Retention: for the duration of the account; billing records retained as required by tax and accounting law.
  • (C) Protected classification characteristics — we do not knowingly collect protected classification characteristics. Inbound callers may voluntarily disclose age, family status, or disability in the course of describing a service need; any such disclosure is treated as part of the call recording and transcript under category (G).
    Retention: per category (G).
  • (D) Commercial information — subscription plan, billing history, service invoices generated for your customers (when an FSM is connected), records of products and services purchased, considered, or rejected.
    Retention: for the duration of the account; aggregated revenue figures retained per Section 6.
  • (E) Biometric information — we do not collect biometric information. Voice recordings are retained as audio under category (G) and are not processed for voiceprint, identity verification, or biometric template generation. If a technician unlocks a passkey with a fingerprint or face scan, that biometric interaction occurs on the technician's device and is not transmitted to CallBackOrElse. Customer signature images are not used for biometric identification or template generation.
  • (F) Internet or other electronic network activity — IP address, browser type, device information, pages visited, referral URLs, click and page-view interaction data, cookie identifiers (see Cookie Policy).
    Source: automatically from your browser when you visit the Service.
    Purpose: security, fraud detection, traffic analysis, funnel measurement.
    Disclosed to: Google Analytics, Railway (hosting logs).
    Retention: 30 days for visitor identifiers; pseudonymous technician authentication rate-limit counters are removed within 2 days; aggregated and anonymized analytics may be retained indefinitely.
  • (G) Sensory data — audio, electronic, visual, or similar information — call audio recordings, AI-generated call transcripts, AI-generated call summaries, tool-call payloads exchanged with the AI during a call, job photos, and customer signature images.
    Source: calls placed to phone numbers connected to your account and job-proof records submitted by authorized account users and customers.
    Purpose: AI receptionist operation, transcription, lead capture, quality review, dispute resolution, evidence of disclosure delivery (see Messaging Compliance FAQ), field-work documentation, and customer acknowledgment.
    Disclosed to: ElevenLabs (real-time audio + transcription), OpenAI (transcript analysis and summarization), Cloudflare R2 (private photo and signature storage), the business account owner, and authorized field workers with job access.
    Retention: retained for the duration of your account to support per-call evidentiary records; removed from active systems through the deletion process described in Section 6. Earlier deletion of call recordings is available on request; job-proof retention is described in Section 6.
  • (H) Geolocation data — coarse location derived from IP address (city/region level), service-address fields you or your callers provide, derived latitude/longitude coordinates for service addresses, map viewport selections, and weather or traffic layer requests. We do not collect device GPS location.
    Source: directly from you, inbound callers, connected FSM systems, and geocoding or map/weather providers used to operate the customer map.
    Purpose: customer-map display, service-area planning, storm and demand-surge overlays, dispatch review, traffic context, weather alerts, forecast grids, flood zones, tropical-cyclone overlays, and post-call service-address review before dispatch.
    Disclosed to: Google Address Validation, U.S. Census Bureau geocoder, Photon/OpenStreetMap geocoding, National Weather Service, NOAA, FEMA, TomTom, and Railway as described in Section 5.
    Retention: service-address fields per category (D); IP-derived location per category (F); derived customer-map coordinates for the duration of the account and removed from active systems through the deletion process described in Section 6.
  • (I) Professional or employment-related information — your business role and authority to bind the business entity, and a field worker's role, skills, schedule, job assignments, workflow activity, parts usage, and completion status.
    Source: business account owners, connected FSM systems, and authorized field workers using the field app.
    Purpose: staffing, scheduling, dispatch, job workflow, inventory, and proof of work.
    Retention: as described in Section 6.
  • (J) Education information — not collected.
  • (K) Inferences drawn from the above — AI-generated lead-temperature scores, urgency classifications, sentiment scores, high-value flags, and storm-event triage classifications derived from call content.
    Source: automated analysis of call transcripts via OpenAI and our internal scoring rules.
    Purpose: prioritizing follow-up by the business owner, dispatcher review.
    Disclosed to: the business account owner.
    Retention: stored alongside the underlying call record; deleted with the call record per Section 6.
  • (L) Sensitive personal information (CPRA § 1798.140(ae)) — account login credentials (hashed passwords; we never store plaintext credentials), account and technician session tokens, public passkey credentials, OAuth tokens for connected third-party services, and precise geolocation derived from customer service addresses for customer-map features. We do not knowingly collect government identifiers, financial account numbers, racial or ethnic origin, religious beliefs, union membership, contents of mail/email/text messages where we are not the intended recipient, genetic data, biometric identifiers, health information, or sex-life or sexual-orientation data. Audio recordings under category (G) are SPI under CPRA when they include any of the foregoing; we treat them accordingly.
    Use limitation: SPI is used solely to provide the Service, secure user accounts, and meet legal obligations. We do not use SPI for inferences about characteristics or for advertising.

We do not sell or share personal information. We have not sold or shared (as those terms are defined in Cal. Civ. Code § 1798.140) any personal information in the twelve months preceding the date of this Privacy Policy, and we have not sold or shared any personal information of consumers under sixteen years of age. We do not use or disclose sensitive personal information for any purpose other than those permitted under Cal. Civ. Code § 1798.121(a).

9B. Other U.S. State Privacy Laws

In addition to California, more than twenty U.S. states have enacted comprehensive consumer data privacy laws as of the date of this Privacy Policy, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), Delaware, New Hampshire, New Jersey, Iowa, Nebraska, Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island. Several of these laws — notably the Texas Data Privacy and Security Act and the Nebraska Data Privacy Act — apply to all businesses regardless of revenue or data-volume thresholds.

CallBackOrElse honors the following consumer rights for residents of all states with applicable comprehensive privacy laws, not only California: access to personal data, correction of inaccurate data, deletion of personal data, data portability in a machine-readable format (JSON or CSV), and the right to opt out of targeted advertising, data sales, and profiling. The CCPA/CPRA disclosures in Sections 9 and 9A serve as our baseline transparency disclosure for all users regardless of state of residence. To exercise any of these rights, email support@callbackorelse.com with the subject line "Privacy Request" and your state of residence.

Where applicable state law provides a right to cure before enforcement action, we will cure any identified violation within the time period specified by that state's law. We do not sell personal information, share personal information for cross-context behavioral advertising, or process personal information for targeted advertising.

10. Children's Privacy

The Service, including business accounts and technician field-app access, is intended only for adults aged 18 or older. Business account owners must enroll only workers who are at least 18 and legally authorized to perform their assigned work, and each technician must confirm being at least 18 before activating a phone. The business owner is responsible for compliance with employment, apprenticeship, workplace-safety, and worker-notice laws. We do not collect a technician's birth date or identity document, and the owner's responsibility does not eliminate our obligations to protect and process technician information as described in this Policy. We do not direct the Service to children. If we learn that a registered account or field-app user is under 18, we will disable that access and delete the associated registration information as required by law.

Inbound callers are a separate category. Because the AI receptionist answers a public phone line on behalf of our business customers, we cannot prevent a minor from calling that line. If, in the course of answering an inbound call, the AI captures information from a person who self-identifies as, or is reasonably apparent to be, under 13 years old:

  • The AI is instructed not to collect address, payment, or scheduling information from that caller and to ask for an adult to come to the phone or to call back from an adult's number;
  • The captured call recording, transcript, and any contact record will be flagged for expedited review by the business account owner and, on the owner's confirmation or on our own discovery, deleted within 30 days in accordance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501 et seq.) and 16 C.F.R. Part 312;
  • Business customers must not configure the AI receptionist or any messaging campaign to solicit, induce, or knowingly engage with persons under 13. Doing so is a violation of the Acceptable Use Policy and may result in account suspension.

To request deletion of information you believe was collected from a minor, contact support@callbackorelse.com with the subject line "COPPA Request" and the date and phone number of the call in question.

11. International Users and Cross-Border Data Transfers

CallBackOrElse is a U.S.-based service. Our customers (the businesses that subscribe to the Service) operate in Florida, Georgia, and Alabama. We do not market to, target, or solicit users in the European Economic Area, the United Kingdom, Switzerland, Canada, or California, and we do not have establishments in those jurisdictions. If you are accessing the Service from outside the United States, your information will be transferred to and processed in the United States and in the global processing regions of the subprocessors listed in Section 5. By using the Service from outside the United States, you acknowledge and consent to that transfer.

European Economic Area / United Kingdom / Switzerland. The Service is not intended for EEA, UK, or Swiss residents. We do not knowingly target or accept registrations from those jurisdictions. To the extent the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the United Kingdom General Data Protection Regulation, or the Swiss Federal Act on Data Protection applies to a visitor's data because that visitor accessed our public website or called a customer's phone line, our lawful basis for processing is (a) the legitimate interest of operating and securing our Service and the customer's legitimate interest in handling inbound calls (Art. 6(1)(f) GDPR) and (b) where applicable, the data subject's consent (Art. 6(1)(a) GDPR). EEA / UK / Swiss data subjects may request access, correction, deletion, restriction, portability, and objection by emailing support@callbackorelse.com with the subject line "GDPR Request" or "UK GDPR Request." We will respond within thirty (30) days. Cross-border transfers to the United States from these jurisdictions are made in reliance on (i) the adequacy decision of the European Commission for the EU-U.S. Data Privacy Framework, the UK Extension to the DPF, and the Swiss-U.S. DPF where the receiving subprocessor is a self-certified participant; or (ii) the Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to third countries, where applicable. Visitors who do not consent to U.S. processing should not use the Service. EU/UK residents have the right to lodge a complaint with their local supervisory authority.

Canada. The Service is not marketed to Canadian residents. If you access the Service from Canada, your information is transferred to and processed in the United States. To the extent the Personal Information Protection and Electronic Documents Act ("PIPEDA") or a substantially similar provincial law applies, you may request access, correction, or deletion of your information by emailing support@callbackorelse.com.

California. Although our customer base is in Florida, Georgia, and Alabama, callers calling our customers' phone lines or visitors to our website may occasionally be California residents. The CCPA/CPRA disclosures in Sections 9 and 9A apply to those California residents notwithstanding our service area, and the same data-handling commitments apply to all users regardless of state of residence.

Google Analytics and other US-routed analytics. Our website uses Google Analytics 4 (Section 5). When a visitor outside the United States loads our site, the GA4 SDK transmits truncated IP, device metadata, and event data to Google servers in the United States and Google's global cloud regions. Google self-certifies participation in the EU-U.S. Data Privacy Framework, the UK Extension to the DPF, and the Swiss-U.S. DPF. Visitors who do not want this telemetry can decline analytics cookies in our cookie consent banner (per-category controls), use browser-level Do Not Track or ad-blocking, or refrain from visiting the site.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

13. Contact

For privacy-related questions or to exercise your rights, contact: support@callbackorelse.com