隐私政策
最后更新:2026年7月3日
EnvoyOne provides AI-powered call center software. This policy explains what personal data we collect, why we process it, and the choices you have. It covers both our customers (the businesses that create EnvoyOne workspaces) and the people who call or are called by an EnvoyOne-powered agent.
Who we are and the two roles we play
For the account, billing, and usage data of our customers, EnvoyOne acts as the data controller: we decide how that data is processed in order to run the service.
For the content of calls handled by a customer's AI or human agents — caller phone numbers, call recordings, transcripts, and any details a caller shares during a conversation — the customer is the controller and EnvoyOne processes that data on the customer's behalf and instructions. If you called a business that uses EnvoyOne and want your data corrected or deleted, contact that business first; we support them in fulfilling your request.
Data we collect
We collect only what the service needs to function:
- Account data — name, email address, password hash, optional two-factor authentication secrets, and your organization membership and role.
- Workspace configuration — the agents, call flows, knowledge documents, and integration settings your team creates.
- Call data (processed for the customer) — recordings, transcripts, caller and callee numbers, call timing, and outcome metadata.
- Billing data — your plan, metered usage (AI minutes, seats, telephony minutes), credit ledger entries, and payment status. Card details go directly to our payment processor and never touch our servers.
- Operational telemetry — structured service logs and traces used to keep the platform reliable and secure. Secrets are redacted from logs by design.
How we use data
We process data to provide and secure the service: authenticating you, running your agents and call flows, storing and replaying recordings and transcripts for your workspace, metering usage, charging for the service, preventing abuse, and debugging faults. We do not sell personal data, and we do not use your workspace content or call data to train foundation models.
AI processing and subprocessors
Conversations with AI agents are processed by large-language-model and speech providers. By default EnvoyOne routes voice conversations through the OpenAI API using the API key your workspace configures (bring-your-own-key); in that case OpenAI processes the audio and text under your organization's own agreement with OpenAI. Optionally, workspaces can use an OpenAI-compatible endpoint of their choice (including self-hosted models), in which case that provider's terms apply.
We additionally rely on a small set of subprocessors to run the platform:
- AI providers — OpenAI (or the OpenAI-compatible provider your workspace configures) for speech and language processing.
- Payment processing — Stripe, for subscription and prepaid-credit payments.
- Cloud hosting — the infrastructure provider on which the deployment runs, for compute, storage, and networking.
- Email delivery — a transactional email provider, for sign-in, verification, and billing notices.
Tenant isolation and security
Every workspace's data is isolated at the database layer with enforced row-level security, provider API keys and call recordings are encrypted at rest, and traffic is encrypted in transit. The full picture — including how to report a vulnerability — is on our Security page.
Retention and deletion
Account and workspace data is retained while your organization is active. Call recordings and transcripts are retained under your workspace's settings and can be deleted by workspace administrators. When an organization is deleted, its tenant data — agents, flows, knowledge, recordings, transcripts, and encrypted secrets — is deleted from the production systems, with residual copies aging out of backups on a fixed schedule. We may retain minimal billing records where tax or accounting law requires it.
Your rights
Depending on where you live (for example under the GDPR or similar laws), you may have the right to access, correct, export, restrict, object to the processing of, or delete your personal data. Workspace members can exercise most of these directly in the dashboard; for anything else, email us and we will respond within the timeframe the applicable law sets. If you are a caller, we will refer your request to the business that controls your data and assist them in fulfilling it.
International transfers
Where data moves across borders — for example to an AI provider — we rely on appropriate safeguards such as standard contractual clauses with our subprocessors. Deployments can also be operated in-region, and the on-prem connector keeps designated systems inside your own network.
Cookies
The marketing site sets no advertising or analytics cookies. The dashboard uses strictly necessary cookies only: an authentication session cookie and security-related state. There is no third-party ad tracking.
Children
EnvoyOne is a business tool and not directed at children under 16. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
Changes to this policy
When we change this policy we will update the date at the top of this page, and for material changes we will notify workspace owners by email before the change takes effect.
Contact
Questions, requests, or complaints about privacy: email hello@envoyone.ai with the subject "Privacy". You also have the right to lodge a complaint with your local data-protection authority.