Introduction
This Privacy Policy ("Policy") describes how S2 Data Systems ("HaloVoice", "Company", "we", "us", "our"), operating the HaloVoice platform at halovoice.in, collects, uses, shares, retains, and protects your personal information when you access or use our AI-powered voice agent platform and related services (collectively, the "Platform"). By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, you must not use the Platform. This Policy applies to all users, including account holders, team members, and visitors to our website.
Information We Collect
We collect the following categories of information: (A) Information You Provide Directly: account registration data (name, email address, phone number, company name, job title), billing and payment information (processed through Stripe, including payment card details, billing address, and transaction history), call scripts, campaign configurations, and contact/lead lists you upload, knowledge base documents (PDFs, text files, and other documents you upload), call recipient phone numbers and contact details, customer support correspondence, and any other information you voluntarily provide. (B) Information Collected Automatically: call recordings, AI-generated transcripts, and AI-generated summaries of calls made or received through the Platform, call metadata (duration, timestamps, caller ID, call disposition, call status), usage data (features accessed, actions taken, pages viewed, session duration, click patterns), device and technical information (IP address, browser type and version, operating system, device type, screen resolution, unique device identifiers), log data (server logs, error logs, access timestamps, referring URLs), and API usage data (endpoints called, request/response metadata, rate limit usage). (C) Information from Third Parties: data from integrated third-party services including Twilio (call data, phone number information), payment verification data from Stripe, and publicly available business information. (D) Cookies and Tracking Data: as described in Section 12 of this Policy.
How We Use Your Information
We use the information we collect for the following purposes: (a) Service Delivery: to provide, operate, and maintain the Platform, process voice calls, generate transcripts and AI summaries, manage campaigns, and deliver all Platform features; (b) Billing and Payments: to process payments, manage subscriptions, send invoices, and handle billing inquiries through our payment processor Stripe; (c) AI Processing: to process calls through AI voice models (via OpenAI, Cartesia, and Sarvam AI), generate transcriptions, create AI summaries, and power knowledge base search (via Pinecone vector database); (d) Analytics and Improvement: to analyze usage patterns, improve Platform functionality, optimize AI model performance, and develop new features; (e) Communications: to send transactional emails (account confirmations, billing receipts, service notifications), respond to support requests, and send marketing communications (with your consent or as permitted by law); (f) Security and Fraud Prevention: to detect, prevent, and respond to security incidents, fraud, abuse, and violations of our Terms of Service; (g) Compliance: to comply with legal obligations, respond to lawful requests from authorities, and enforce our Terms; (h) Aggregated Analytics: to create aggregated, de-identified, or anonymized datasets for research, benchmarking, product development, and marketing purposes. Such anonymized data is not considered personal information under this Policy and may be used without restriction.
AI and Call Recording Practices
As a core function of the Platform, HaloVoice records, transcribes, and analyzes voice calls using artificial intelligence. You should be aware of the following: (a) All inbound and outbound calls processed through the Platform are recorded and stored on our servers; (b) Call recordings are automatically transcribed using AI speech-to-text technology; (c) AI models generate summaries, sentiment analysis, and other analytics from call recordings and transcripts; (d) Call data may be processed by third-party AI providers including OpenAI, Cartesia, and Sarvam AI for voice synthesis, speech recognition, and natural language processing; (e) Knowledge base documents you upload are processed and indexed using Pinecone vector database to enable AI-powered responses during calls; (f) AI outputs (transcripts, summaries, analytics) are generated by machine learning models and may contain errors or inaccuracies; (g) You are solely responsible for informing call recipients about recording and AI processing and obtaining all necessary consents as required by applicable law. HaloVoice does not monitor or verify whether you have obtained proper consent from call recipients.
Data Sharing with Third Parties
We do not sell your personal information. We share data with the following categories of third parties solely as necessary to operate the Platform: (A) Telephony Provider - Twilio: call routing, phone number provisioning, call recording delivery, SMS messaging. Twilio processes call audio, phone numbers, and call metadata. (B) AI and Voice Providers - OpenAI: language model processing, voice synthesis, and speech recognition. Cartesia: voice synthesis. Sarvam AI: voice processing and speech recognition. Google Gemini: language model processing. These providers process call audio, transcripts, and knowledge base content. (C) Vector Database - Pinecone: stores and indexes vectorized representations of your knowledge base documents for AI retrieval. (D) Payment Processor - Stripe: processes all payment transactions, stores payment method details, manages subscriptions. HaloVoice does not store complete credit card numbers. (E) Email/SMTP Provider: sends transactional and marketing emails on our behalf. (F) Cloud Infrastructure: hosting, storage, and computing services. (G) Legal and Compliance: we may disclose information when required by law, subpoena, court order, or government request; to enforce our Terms of Service; to protect the rights, safety, or property of HaloVoice, our users, or the public; or in connection with a merger, acquisition, or sale of assets. All third-party service providers are bound by data processing agreements and are prohibited from using your data for purposes other than providing their services to HaloVoice.
International Data Transfers
HaloVoice is operated by S2 Data Systems from India. Your data may be transferred to, stored, and processed in countries other than your country of residence, including India, the United States, and other jurisdictions where our third-party service providers (Twilio, OpenAI, Cartesia, Sarvam AI, Pinecone, Stripe) operate. These countries may have data protection laws that are different from the laws of your jurisdiction. By using the Platform, you consent to the transfer of your information to these countries. Where required by applicable law (such as GDPR), we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful transfer mechanisms. HaloVoice shall not be liable for data processing activities conducted by third-party providers in their respective jurisdictions.
Data Retention Periods
We retain different categories of data for different periods: (a) Account Information: retained for the duration of your account plus thirty (30) days after termination; (b) Call Recordings and Transcripts: retained for the duration of your account plus thirty (30) days after termination, unless a shorter retention period is configured in your account settings; (c) Payment and Billing Records: retained for seven (7) years after the transaction to comply with tax and accounting obligations; (d) Usage and Analytics Data: retained for twenty-four (24) months from collection; (e) Server Logs: retained for twelve (12) months; (f) Support Correspondence: retained for thirty-six (36) months after resolution; (g) Knowledge Base Documents: retained for the duration of your account plus thirty (30) days after termination. Upon expiration of the retention period, data is permanently deleted or irreversibly anonymized. We may retain data beyond these periods where required by law, regulation, or legal hold. Aggregated and anonymized data may be retained indefinitely.
Your Rights and Choices
Subject to applicable law and the specific rights provisions in Sections 16-18 of this Policy, you have the following rights regarding your personal information: (a) Access: you may request a copy of the personal information we hold about you; (b) Correction: you may request correction of inaccurate or incomplete personal information; (c) Deletion: you may request deletion of your personal information, subject to our retention obligations; (d) Portability: you may request a machine-readable copy of your data; (e) Objection: you may object to certain processing of your personal information; (f) Restriction: you may request that we restrict certain processing activities; (g) Withdrawal of Consent: where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at support@halovoice.in. We will verify your identity before processing requests and respond within thirty (30) days, or within the timeframe required by applicable law. We may deny requests that are unreasonable, repetitive, technically impractical, or where an exemption under applicable law applies. Certain data may be retained even after a deletion request for legal, regulatory, compliance, or legitimate business purposes.
Data Security Measures
We implement commercially reasonable administrative, technical, and physical safeguards to protect your data, including: AES-256 encryption for data at rest, TLS 1.2+ encryption for data in transit, encrypted credential storage using Fernet symmetric encryption, role-based access controls (RBAC), JWT-based authentication, API token-based security with rate limiting, regular security assessments and vulnerability scanning, audit logging of access and changes, multi-tenant data isolation at the organization level, and employee security training. However, no method of electronic transmission or storage is completely secure. While we employ commercially reasonable measures, we cannot guarantee absolute security. HaloVoice shall not be liable for any unauthorized access, data breach, or loss of data that occurs despite our reasonable security measures. Please refer to our Security page for comprehensive details on our security practices.
Knowledge Base and Document Processing
When you upload documents (PDFs, text files, and other materials) to the HaloVoice knowledge base, these documents are: (a) stored securely on our servers; (b) processed and parsed to extract text content; (c) converted into vector embeddings and stored in Pinecone vector database for AI-powered retrieval during calls; (d) used by AI models to generate contextually relevant responses during voice interactions. You represent and warrant that you have all necessary rights and permissions to upload and process these documents, and that they do not contain information that you are prohibited from sharing. HaloVoice is not responsible for reviewing the content of uploaded documents for legal compliance, confidentiality obligations, or intellectual property restrictions. Documents are deleted from the Platform and vector database within thirty (30) days of account termination.
Lead and Contact Data
The Platform allows you to store and manage leads, contacts, and phone numbers for use in voice campaigns and individual calls. You represent and warrant that: (a) you have obtained all necessary consents and permissions to store and process the contact information of the individuals in your contact lists; (b) your contact lists comply with all applicable data protection, privacy, and telemarketing laws; (c) you have honored all opt-out, do-not-call, and do-not-disturb requests; and (d) you will promptly update or remove contact data upon request from the data subject. HaloVoice provides DNC list management tools to assist your compliance efforts but does not independently verify the legality of your contact lists. You are solely liable for any claims arising from improper collection, use, or processing of contact data through the Platform.
Cookie Policy
HaloVoice uses the following types of cookies and tracking technologies: (A) Strictly Necessary Cookies: required for Platform functionality, authentication, security, and session management. These cannot be disabled. (B) Performance and Analytics Cookies: used to collect information about how visitors use the Platform, including pages visited, time spent, and error messages. This data helps us improve Platform performance. (C) Functional Cookies: remember your preferences and settings to provide a personalized experience. (D) Marketing Cookies: used to track visitors across websites to display relevant advertisements. These are only used with your consent where required by law. You may manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you before a cookie is placed. Disabling certain cookies may limit your access to some Platform features. We use cookies set by both HaloVoice (first-party) and our service providers (third-party). Cookie lifespans range from session-only to up to twenty-four (24) months.
Children's Privacy
The HaloVoice Platform is intended for use by businesses and individuals who are at least eighteen (18) years of age. We do not knowingly collect, solicit, or process personal information from anyone under the age of 18. If we become aware that we have collected personal data from a person under 18, we will take prompt steps to delete such information from our servers and all third-party systems. If you are a parent or guardian and believe that your child under 18 has provided personal information to HaloVoice, please contact us immediately at support@halovoice.in so we can take appropriate action.
Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals to websites. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, HaloVoice does not respond to or honor DNT signals or similar mechanisms transmitted by web browsers. If a uniform standard for responding to DNT signals is adopted, we will revisit this policy and update our practices accordingly.
Marketing Communications
We may send you marketing communications about our products, services, features, and promotions via email. You may opt out of marketing emails at any time by: (a) clicking the "unsubscribe" link included in every marketing email; (b) contacting us at support@halovoice.in; or (c) adjusting your communication preferences in your account settings. Please allow up to ten (10) business days for your opt-out request to take effect. Even if you opt out of marketing communications, we will continue to send you transactional and service-related communications, including billing notifications, security alerts, account updates, and essential service announcements, as these are necessary for the operation of your account.
Data Breach Notification
In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, HaloVoice will: (a) investigate and take prompt steps to contain and remediate the breach; (b) notify affected users without unreasonable delay and in accordance with applicable data breach notification laws; (c) where required by law, notify relevant supervisory authorities or regulatory bodies within the legally mandated timeframe (e.g., 72 hours under GDPR); (d) provide information about the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach. Notification may be provided via email to the address associated with your account, through the Platform interface, or by other reasonable means. HaloVoice's liability in connection with data breaches is subject to the limitation of liability provisions in our Terms of Service.
GDPR Compliance (European Economic Area Users)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR) and equivalent laws: (a) Legal Bases for Processing: we process your personal data based on the following legal bases: performance of a contract (to provide the Platform services), legitimate interests (analytics, security, fraud prevention, Platform improvement), consent (marketing communications, certain cookies), and legal obligations (compliance with applicable laws). (b) Data Controller: S2 Data Systems acts as the data controller for personal data collected through the Platform. For data you upload (contact lists, call recordings of third parties), you act as the data controller and HaloVoice acts as the data processor. (c) Data Protection Officer: for GDPR-related inquiries, contact our designated privacy team at support@halovoice.in. (d) Additional Rights: you have the right to lodge a complaint with your local data protection supervisory authority. (e) Data Processing Agreements: where HaloVoice acts as a data processor on your behalf, we will enter into a Data Processing Agreement (DPA) upon request. (f) Cross-Border Transfers: data transfers outside the EEA are subject to appropriate safeguards as described in Section 6.
Data Processing Agreement (DPA)
For enterprise and business users processing personal data through HaloVoice, a Data Processing Agreement is available upon request at support@halovoice.in. The DPA includes Standard Contractual Clauses (SCCs) for international data transfers, sub-processor notification procedures, and data processing obligations under GDPR Article 28. HaloVoice acts as a data processor on behalf of the user (data controller) for call data, recordings, and contact information processed through the Platform.
Sub-Processor Notifications
HaloVoice uses the following categories of sub-processors: cloud infrastructure providers, AI/ML service providers, telephony providers, payment processors, and email service providers. A current list of sub-processors is available upon request. HaloVoice will notify users of any material changes to sub-processors with at least 30 days notice. Users may object to a new sub-processor by contacting support@halovoice.in within 15 days of notification.
Automated Decision-Making and Profiling
HaloVoice uses AI and automated systems to process calls, generate transcripts, produce analytics, and manage workflows. These automated processes may constitute profiling under GDPR Article 22 and CPRA. Users have the right to request human review of automated decisions that significantly affect them. HaloVoice does not make automated decisions that produce legal effects on call recipients without user oversight. Users are solely responsible for any automated decisions made based on AI outputs.
CCPA Compliance (California Residents)
If you are a California resident, the following additional provisions apply to you under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): (a) Categories of Personal Information Collected: identifiers (name, email, phone number, IP address), commercial information (payment records, subscription history), internet activity (usage data, browsing history on our Platform), professional information (company name, job title), and audio information (call recordings). (b) Right to Know: you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share it. (c) Right to Delete: you have the right to request deletion of your personal information, subject to certain exceptions. (d) Right to Opt-Out of Sale: we do not sell your personal information as defined under CCPA/CPRA. (e) Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights. (f) Authorized Agent: you may designate an authorized agent to submit requests on your behalf with proper verification. To exercise your CCPA/CPRA rights, contact us at support@halovoice.in with the subject line "CCPA Request." We will verify your identity and respond within forty-five (45) days.
California Privacy Rights Act (CPRA) Compliance
In addition to CCPA rights, California residents have the right to: (a) correct inaccurate personal information; (b) limit use and disclosure of sensitive personal information; (c) opt out of automated decision-making technology; and (d) access information about automated decision-making. HaloVoice does not sell or share personal information as defined under CPRA. To exercise these rights, contact privacy@halovoice.in or support@halovoice.in.
Indian IT Act and DPDP Act Compliance
HaloVoice is operated by S2 Data Systems from Pune, India, and complies with the Information Technology Act, 2000 (IT Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act), as applicable. Under Indian law: (a) we implement reasonable security practices and procedures as prescribed under the IT Act and associated rules to protect sensitive personal data; (b) we obtain consent before collecting and processing sensitive personal data as required by applicable rules; (c) under the DPDP Act, we recognize your rights as a Data Principal, including the right to access, correct, and erase your personal data, and the right to nominate another person to exercise these rights; (d) we process personal data only for lawful purposes and in accordance with the consent provided; (e) we maintain appropriate security safeguards commensurate with the sensitivity of the data processed; (f) the designated Grievance Officer for purposes of Indian law can be reached at support@halovoice.in. We will acknowledge complaints within forty-eight (48) hours and resolve them within thirty (30) days.
Digital Personal Data Protection (DPDP) Act, 2023 Compliance
HaloVoice processes personal data in accordance with the DPDP Act, 2023. Voice recordings and biometric voice data may constitute sensitive personal data under the Act. HaloVoice obtains consent for data processing as required, provides data principal rights including access, correction, and erasure, and implements reasonable security safeguards. Data retention is limited to the period necessary for the purposes stated in this Policy. Cross-border data transfers are conducted in compliance with applicable government notifications. Users acting as data fiduciaries are responsible for obtaining valid consent from data principals before processing their data through HaloVoice.
Limitation of Liability
To the fullest extent permitted by applicable law, HaloVoice and S2 Data Systems shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to any breach of privacy, unauthorized access, data loss, or any data processing activities, regardless of the cause of action or theory of liability. Our total aggregate liability for any claims arising under this Policy shall not exceed the fees paid by you to HaloVoice in the six (6) months immediately preceding the event giving rise to the claim. This limitation applies to the maximum extent permitted by law in your jurisdiction.
Changes to This Privacy Policy
HaloVoice reserves the right to modify, update, or replace this Privacy Policy at any time at its sole discretion. For material changes, we will provide at least thirty (30) days advance notice by posting the updated Policy on this page with an updated effective date and, where practicable, sending a notification to the email address associated with your account. Non-material changes may be made without prior notice. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree with the revised Policy, you must discontinue use of the Platform. It is your responsibility to review this Policy periodically. The "Last updated" date at the top of this page indicates when this Policy was last revised.
Biometric Data Notice
HaloVoice processes voice recordings which may contain biometric identifiers (voiceprints). We do not use voice recordings to create biometric templates for identification purposes. However, third-party AI providers may process voice data as part of transcription and analysis services. Users operating in jurisdictions with biometric privacy laws (e.g., Illinois BIPA, Texas CUBI, Washington Biometric Identifiers law) are solely responsible for obtaining necessary consents from call participants regarding biometric data processing. HaloVoice disclaims all liability for user's failure to comply with biometric privacy laws.
Data Subject Rights Request Handling
HaloVoice responds to verified data subject access requests within 30 days (or within the shorter timeframe required by applicable law). Requests may be submitted to privacy@halovoice.in or support@halovoice.in. HaloVoice will verify the identity of the requestor before processing any request. For requests relating to call recipients (non-users), the user (data controller) is primarily responsible for handling such requests. HaloVoice will assist users in fulfilling data subject requests to the extent technically feasible. HaloVoice may charge a reasonable fee for manifestly unfounded or excessive requests as permitted by law.
Cross-Border Data Transfer Safeguards
HaloVoice transfers personal data between India, the United States, and other jurisdictions where our service providers operate. We implement the following safeguards for international transfers: (a) Standard Contractual Clauses (SCCs) approved by the European Commission for EU data transfers; (b) compliance with applicable government notifications under India's DPDP Act for transfers from India; (c) adherence to applicable data protection frameworks; and (d) contractual commitments with all sub-processors requiring equivalent data protection standards. By using the Platform, you consent to the transfer of your data to these jurisdictions.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us using the following information. Privacy and Data Protection Inquiries: support@halovoice.in. General Inquiries: info@halovoice.in. Mailing Address: S2 Data Systems, Office 205, Amanora Ascent Avenue, Amanora, Hadapsar, Pune 411028, Maharashtra, India. For GDPR-related inquiries, please include "GDPR Request" in your subject line. For CCPA-related inquiries, please include "CCPA Request" in your subject line. For Indian DPDP Act inquiries or grievances, please include "DPDP Grievance" in your subject line. We will acknowledge receipt of your inquiry within forty-eight (48) hours and endeavor to resolve all matters within thirty (30) days.
