← Back to home

Privacy Policy

Effective Date: March 28, 2026

Last Updated: March 28, 2026

Company: Gegham Harutyunyan, doing business as Gegi Software

Website: gegisoftware.com

Gegi Software (“Company,” “we,” “us,” or “our”) provides AI-powered phone agent, call monitoring, CRM-like, appointment, order management, and related business automation services for small and medium-sized businesses.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website, contact us, use our services, or interact with an AI phone agent or business system powered by our technology.

In plain terms: when someone calls, texts, messages, books an appointment with, places an order with, or otherwise interacts with a business using our services, that interaction may be answered, processed, transcribed, summarized, routed, stored, and displayed to that business through our software.

For purposes of this Privacy Policy, a business that purchases, subscribes to, or uses our services is referred to as a “Client.” Individuals who call, text, message, book appointments with, place orders with, or otherwise interact with a Client using our services are referred to as “End Users.”

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Visitors to our website;
  • Clients and prospective Clients;
  • Authorized users of our dashboard, portal, or applications;
  • End Users who call, text, message, book appointments with, place orders with, or otherwise interact with a Client using our services.

In many cases, we process personal information on behalf of Clients. In those cases, the Client controls how the information is used, and we act as a service provider or processor.

2. Information We Collect

We may collect the following categories of information.

A. Information from website visitors and prospective Clients

This may include:

  • Name;
  • Business name;
  • Email address;
  • Phone number;
  • Website URL;
  • Message content submitted through forms;
  • Sales, demo, or support communications;
  • IP address, browser type, device information, and usage data.

B. Information from Clients and authorized users

This may include:

  • Account login information;
  • Name, email address, phone number, and role;
  • Business profile information;
  • Billing and subscription-related information;
  • Client requirements, business rules, service preferences, integrations, workflow instructions, and related configuration information;
  • Activity logs and usage information.

C. Information processed through AI phone agents and business modules

Depending on the services we provide to a Client, we may process:

  • Caller names;
  • Phone numbers;
  • Call audio;
  • Call transcripts;
  • Call summaries;
  • Call metadata, such as time, duration, call status, and phone number;
  • Appointment details;
  • Order details;
  • Delivery or service information;
  • Customer notes;
  • Support requests;
  • CRM records;
  • Business-specific information needed to complete a requested task.

Call recording, transcription, monitoring, summaries, and storage may depend on the services provided to the Client and the features included in the agreed scope of services.

D. Information from integrations

If a Client authorizes us to connect third-party systems, we may process data from those systems, such as:

  • Calendar data;
  • Appointment systems;
  • E-commerce platforms;
  • Order management systems;
  • CRM tools;
  • Phone and messaging providers;
  • Email or notification services;
  • Other systems authorized by the Client.

E. Sensitive information

Our Services are not designed or configured to collect payment card numbers, bank account numbers, Social Security numbers, government identification numbers, login credentials, Protected Health Information as defined under HIPAA, or other highly sensitive or regulated categories of information.

Prohibition

Clients may not use the Services to collect, transmit, request, store, or process Protected Health Information, payment card data, bank account numbers, Social Security numbers, government identification numbers, login credentials, or other regulated sensitive data categories. This prohibition applies regardless of whether the sensitive information is provided voluntarily by an End User or solicited by Client-configured prompts, scripts, workflows, or integrations. Any exception requires a separately executed Business Associate Agreement for PHI, payment-processing/security addendum for payment data, or other written security addendum specifying the applicable compliance controls. Services will not be configured or activated to support such data until the applicable agreement is fully executed and in effect.

Incidental Disclosure

If an End User volunteers sensitive information during a call — for example, by stating a Social Security number, account number, payment card number, login credential, or health condition without being prompted to do so — that information may be captured as part of the call audio, transcript, summary, or related records.

We do not intentionally use incidentally disclosed sensitive information to categorize End Users, create profiles, or make eligibility, credit, employment, healthcare, insurance, or legal decisions.

Sensitive information captured incidentally in call audio, transcripts, summaries, or related records is subject to the same default retention and deletion rules that apply to call data generally, as set forth in Section 8.

2.1. Voice Data and Biometric Identifiers

We do not use call audio to create, store, or use voiceprints, voice embeddings, or other voice-derived biometric identifiers. We do not knowingly instruct our subprocessors to create biometric identifiers from call audio for our purposes.

3. How We Use Information

We use personal information to:

  • Provide, operate, and improve our services;
  • Design, configure, implement, and operate AI phone agents and automated workflows for Clients;
  • Route calls, create summaries, and display call history;
  • Manage appointments, orders, customer records, and other business modules;
  • Authenticate users and protect accounts;
  • Provide customer support;
  • Send service-related messages;
  • Monitor system performance, security, and reliability;
  • Debug errors and prevent misuse;
  • Customize services for Clients;
  • Comply with legal obligations;
  • Enforce agreements and protect our rights.

We do not use Client call transcripts, recordings, CRM data, appointment records, order records, or similar business data for unrelated advertising purposes. Company will only use Client's business name, logo, or testimonial materials for marketing or promotional purposes with Client's permission.

3.1. Internal Access to Service Records

We and our authorized personnel may access and review call recordings, call transcripts, call summaries, call metadata, routing decisions, tool call logs, error logs, and related service records when access is reasonably necessary for the following purposes:

  • Providing customer support or troubleshooting service issues reported by a Client or identified through monitoring;
  • Evaluating AI agent performance, verifying call routing accuracy, or assessing service quality;
  • Investigating potential misuse, security incidents, or violations of our terms of service;
  • Complying with applicable law, legal process, or regulatory obligations;
  • Enforcing our agreements with Clients;
  • Improving the services, including identifying error patterns or evaluating the accuracy of AI-generated outputs.

4. Use of Data for AI Model Training

We use third-party artificial intelligence, transcription, speech recognition, and text-to-speech providers to operate the services.

We do not use Client call audio, call transcripts, call summaries, CRM records, appointment records, order records, or similar business data to train our own general-purpose AI models.

We also do not authorize third-party AI providers to use Client call content or business records to train general-purpose or “global” AI models, unless the applicable Client has expressly agreed to that use.

Third-party AI providers may process call audio, transcripts, text, metadata, and related information as necessary to provide the services, maintain security, prevent abuse, debug errors, comply with law, and operate their systems.

Where available, we configure our AI providers to disable model-training or service-improvement uses of Client data, use enterprise or business settings, and limit data retention. However, provider practices may vary depending on the provider, service plan, configuration, and applicable agreement.

Clients may not submit, request, or permit End Users to submit payment card numbers, bank account numbers, government identification numbers, Protected Health Information, or other regulated sensitive data through the Services except pursuant to a separately executed Business Associate Agreement or written security addendum. Violation of this restriction may result in suspension or termination of services.

5. Call Recording, Transcription, AI Interactions, and Automated Communications

As part of the Services we provide to Clients, we may enable AI-powered call handling, call recording, call transcription, call summarization, call monitoring, outbound calls, SMS messages, or related communication features. The availability and scope of these features depends on the services agreed to with each Client.

When enabled, calls or messages may be answered, processed, transcribed, summarized, routed, stored, and displayed to the applicable Client through our software. Clients and their authorized users may use this information to monitor, manage, and respond to customer communications and business operations.

We process call audio, transcripts, summaries, call metadata, messages, and related records as a service provider acting on the Client's instructions and for the purpose of providing the Services.

5.1. Call Recording and Transcription

Call recording, call monitoring, and call transcription may be subject to federal, state, and local consent and disclosure requirements. Some jurisdictions require the consent of all parties before a call may be recorded, monitored, or transcribed.

Clients are responsible for determining whether recording, transcription, monitoring, or similar features are lawful for their use case and for obtaining any notices, consents, or permissions required by applicable law.

The Services may include tools to help Clients configure caller disclosures, recording settings, transcription settings, and related call-handling workflows. These tools are provided to support Client compliance efforts, but they do not guarantee compliance with any particular law or jurisdiction.

Suggested disclosure language, if provided, is for informational purposes only and does not constitute legal advice. Clients should consult legal counsel regarding their specific disclosure and consent obligations.

Call recordings, transcripts, summaries, and related records are retained according to the applicable Client agreement, Client configuration, or the default retention periods described in Section 8.

5.2. Artificial Intelligence Disclosure

Our Services may use artificial intelligence systems to answer calls, respond to caller inquiries, collect information, route communications, schedule appointments, process order-related requests, generate summaries, or assist with similar business tasks.

When an End User interacts with a Client using our Services, the End User may be communicating with an AI-powered or automated system rather than a human employee of the Client.

Clients are responsible for providing any AI, automated system, bot, or similar disclosures required by applicable law. Our Services may include configurable prompts or settings to help Clients provide these disclosures.

Clients may not configure the Services to intentionally mislead End Users into believing they are speaking with a human when they are speaking with an AI-powered or automated system.

5.3. Outbound Calls, SMS, and Automated Communications

The Services may allow Clients to initiate outbound calls, SMS messages, automated voice messages, AI voice calls, appointment reminders, delivery scheduling calls, order updates, and other customer communications.

Clients are solely responsible for ensuring that all outbound calls, SMS messages, and automated communications comply with the Telephone Consumer Protection Act, state telemarketing and robocall laws, carrier rules, industry requirements, and any other applicable laws.

Clients must obtain and maintain any legally required consent before using the Services to contact End Users. Marketing or promotional communications may require prior express written consent. Transactional or informational communications, such as order updates, delivery scheduling, service notices, and appointment reminders, may require prior express consent and must remain limited to the purpose for which consent was provided.

Clients are responsible for honoring opt-out and consent revocation requests, maintaining appropriate suppression lists, observing applicable calling-hour restrictions, and keeping records of consent where required.

The Services may provide tools such as call logs, message logs, opt-out flagging, suppression lists, or timestamped communication records. These tools support Client compliance efforts but do not replace the Client's independent legal obligations.

6. How We Share Information

A. Clients

Our business clients and their authorized users may access information collected or generated through the Services, including call logs, call summaries, transcripts, customer inquiries, appointments, messages, and related records. This access is provided so clients can monitor, manage, and respond to their customer communications and business operations.

B. Service providers

We may share information with vendors that help us provide the services, such as:

  • Cloud hosting providers;
  • Database providers;
  • AI model providers;
  • Transcription providers;
  • Text-to-speech providers;
  • Telephony and messaging providers;
  • Email and notification providers;
  • Analytics, monitoring, and security tools;
  • Payment processors, if applicable.

These providers may process information only as needed to provide services to us, subject to confidentiality and data processing obligations consistent with this policy.

We may maintain a list of key subprocessors or service providers on our subprocessors page.

C. Legal and safety purposes

We may disclose information if we believe it is necessary to:

  • Comply with law, subpoena, court order, or legal process;
  • Protect our rights, users, Clients, End Users, or the public;
  • Detect, prevent, or address fraud, abuse, security issues, or technical problems;
  • Enforce our agreements.

D. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be transferred as part of that transaction.

7. Sale or Sharing of Personal Information

We do not sell Client call transcripts, recordings, CRM records, appointment records, order records, or similar business data. We do not use that data for cross-context behavioral advertising.

If we use analytics or advertising tools on our website, those tools may collect identifiers or usage data that could be considered “sharing” under certain privacy laws. Where required, we will provide appropriate opt-out rights.

8. Data Retention

We retain personal information for as long as reasonably necessary to provide the services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support business operations.

Default Retention Periods

Unless a different retention period has been agreed in writing or configured by the Client through their account settings, the following default retention periods apply:

Data TypeDefault Retention
Call recordings60 days
Call transcripts60 days
Call summaries60 days
Call metadata (time, duration, status)60 days
CRM records, appointment records, order recordsDuration of Client account, or 90 days after account closure
Client account recordsDuration of Client account, plus 5 years after closure

We may retain certain security, configuration, and operational logs for longer periods where reasonably necessary for security, legal compliance, dispute resolution, or enforcement of our agreements.

Client-Configurable Retention

Clients may configure shorter retention periods for call recordings, transcripts, and summaries through their account settings where that feature is available. Clients may also request deletion of specific records subject to technical, legal, and contractual limitations.

Deletion

When retention periods expire, data is deleted or de-identified using reasonable methods. Deletion may not be immediate and may occur within a reasonable processing window after the retention period ends.

Clients may request deletion of call records and related data at any time by contacting us at [email protected]. Deletion requests are subject to technical, legal, and compliance requirements, including any obligations to retain data under applicable law.

9. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include:

  • Access controls;
  • Authentication protections;
  • Encryption in transit where supported by the applicable protocol or provider;
  • Logging and monitoring;
  • Data minimization practices;
  • Security reviews of key systems.

Access to call recordings, transcripts, summaries, and related service records is limited to authorized personnel with a business need to access that information.

No system is completely secure, and we cannot guarantee absolute security.

10. Client Responsibilities

Clients are responsible for the following, as applicable to their use of the services:

  • Providing lawful notice to their own customers, callers, and End Users;
  • Obtaining required consent for call recording, transcription, SMS, email, or automated communications;
  • Ensuring their use of the services complies with applicable laws;
  • Avoiding collection of sensitive information unless supported by an appropriate written agreement;
  • Ensuring they have prior express written consent, where applicable, for automated calls or SMS;
  • Scrubbing outbound marketing or promotional call campaigns against the National Do Not Call Registry where required by law;
  • Complying with Twilio’s Acceptable Use Policy, A2P 10DLC registration requirements, and other applicable telephony or messaging requirements;
  • Maintaining accurate privacy notices for their own business;
  • Providing accurate business information, service requirements, and lawful instructions needed for us to configure, implement, and operate the services.

Company's responsibility is limited to implementing instructions and configurations as directed by the Client and within the agreed scope of services. Company is not responsible for the accuracy, legality, or appropriateness of business information, scripts, or instructions provided by the Client.

Client Legal Compliance Responsibility

Company may assist Client with implementing call recording notices, SMS compliance measures, A2P registration, opt-out workflows, consent language, or similar operational features as part of the services. However, Client remains solely responsible for ensuring that its communications, disclosures, consent practices, and use of the services comply with applicable laws, regulations, carrier requirements, and industry rules.

11. Security Incidents

We take reasonable steps to investigate and respond to suspected security incidents involving our systems or the personal information we process.

If we become aware of a confirmed or reasonably suspected security incident that affects personal information we process on behalf of a Client, we will notify the affected Client without unreasonable delay, consistent with applicable law and our agreement with that Client.

Our notice may include, to the extent reasonably available at the time:

  • A general description of the incident;
  • The categories of information involved;
  • The systems or services affected;
  • Steps we have taken or plan to take in response;
  • Any information reasonably needed for the Client to assess its own notification obligations.

Clients are responsible for determining whether they are required to notify their own customers, End Users, regulators, or other third parties, unless applicable law requires us to provide notice directly.

We may notify affected individuals, regulators, law enforcement, or other parties when required by law, when directed by the applicable Client, or when we believe notice is necessary to protect rights, safety, or security.

12. Your Choices and Rights

Depending on your location, you may have rights to:

  • Request access to personal information;
  • Request correction of inaccurate information;
  • Request deletion of information;
  • Request a copy of information;
  • Object to or restrict certain processing;
  • Opt out of certain disclosures, sales, sharing, or targeted advertising;
  • Withdraw consent where processing is based on consent.

To exercise privacy rights, contact us at [email protected].

If your information was collected through a Client using our services, we may direct your request to that Client because they may be the controller of your information.

13. California Privacy Notice

California residents may have additional rights under the California Consumer Privacy Act and related regulations. In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers, such as name, phone number, email address, IP address, and account identifiers;
  • Customer records, such as business contact information and other details related to the services provided;
  • Commercial information, such as products or services requested;
  • Internet or network activity, such as website usage and app activity;
  • Audio information, such as call recordings if enabled;
  • Professional or business information, such as company name, role, and business contact details;
  • Service-related insights such as call categorization, summary, and sentiment analysis.

We collect this information from you, Clients, End Users, authorized users, integrated systems, service providers, and automatic website and application technologies.

We do not knowingly sell personal information for money. We do not knowingly sell or share Client call transcripts, recordings, or CRM records for behavioral advertising.

California residents may submit requests by contacting [email protected]. We will not discriminate against you for exercising privacy rights.

14. Cookies and Analytics

Our website may use cookies, pixels, local storage, and similar technologies to:

  • Keep the site functioning;
  • Understand website traffic;
  • Improve user experience;
  • Measure marketing performance;
  • Protect against abuse.

You can adjust cookie settings through your browser. Some features may not work properly if cookies are disabled.

15. Communications

We may send service-related emails, such as account, security, billing, or support messages.

We may also send marketing communications to business contacts. You can unsubscribe from marketing emails using the unsubscribe link or by contacting us.

For SMS or automated communications sent on behalf of Clients, Client is responsible for obtaining required consent and honoring opt-out requests.

If we collect phone numbers through our own website forms, we will use those numbers for the purposes described at the point of collection. Where required, we will obtain consent before sending marketing text messages. Message and data rates may apply. Recipients may opt out of marketing SMS by replying STOP, where supported.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

16. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete it.

17. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised effective date.

Material changes may be communicated by email, in-app notice, or other reasonable means.

18. Contact Us

For questions, contact:

Gegi Software — Gegham Harutyunyan
Email: [email protected]
Website: gegisoftware.com