Privacy Policy

We collect information that you provide directly, information generated through your use of the Services, and limited information from third-party sources. The categories of data we collect include:

Account Information

When you create an account, we collect your name, email address, company name, job title, phone number, and billing information. If you sign up through a single sign-on (SSO) provider, we receive your basic profile information from that provider.

Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, call volume metrics, agent configurations, API request logs, timestamps, IP addresses, browser type, and device identifiers.

Voice & Conversation Data

When you use Tevity Voice agents, we process audio recordings, real-time transcriptions, conversation metadata (duration, sentiment scores, intent classifications), and any structured data extracted during calls. The specific data processed depends on your agent configuration.

Communications

We collect information from your communications with us, including support tickets, emails, feedback submissions, and survey responses.

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve the Tevity Voice platform, including processing voice calls, generating transcriptions, and powering AI agent responses.
• Account Management: To manage your account, process payments, send service-related notifications, and provide customer support.
• Analytics & Improvement: To analyse usage patterns, monitor system performance, identify and fix bugs, and develop new features. We use aggregated, anonymised data for these purposes wherever possible.
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues that could harm us or our users.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including tax reporting and audit requirements.
• Communication: To send you product updates, security alerts, and (with your consent) marketing communications. You may opt out of marketing emails at any time.

We implement industry-leading security measures to protect your data at every level of our infrastructure:

We conduct regular penetration testing, vulnerability assessments, and security audits by independent third-party firms. Our security team monitors for threats around the clock and maintains an incident response plan that is tested and updated quarterly.

Voice data is central to our service. We handle it with the highest degree of care and transparency:

• Processing Purpose: Audio is processed in real-time for speech-to-text transcription, natural language understanding, intent detection, and response generation. Audio is streamed and processed ephemerally unless recording is explicitly enabled in your agent configuration.
• Storage: If call recording is enabled, audio files and transcripts are stored in your designated data region (US, Ireland, or South Africa) and are accessible only to authorised users on your account.
• No Model Training: Your voice data and conversation transcripts are never used to train, fine-tune, or improve our foundational AI models without your explicit, written opt-in consent. Custom fine-tuning for your account uses isolated model instances.
• Redaction: Our platform supports automatic PII redaction in transcripts, including credit card numbers, social security numbers, and other sensitive identifiers. Redaction settings are configurable per agent.
• Caller Consent: You are responsible for ensuring that call recording and AI processing comply with applicable consent laws in your jurisdiction (e.g., two-party consent states in the US, GDPR in the EU). We provide configurable disclosure prompts to assist with compliance.

We retain your data only for as long as necessary to fulfil the purposes described in this policy, or as required by law:

You may request early deletion of your data at any time by contacting our support team or through your account settings. Deletion requests are processed within 30 days. Some data may be retained in encrypted backups for up to 90 days after deletion before being permanently purged.

Depending on your location, you may have the following rights regarding your personal data. We honour these rights regardless of where you are located, to the extent practicable:

Under the GDPR (EU/EEA)

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete data.
• Right to Erasure: You may request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
• Right to Restrict Processing: You may request that we limit how we process your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, machine-readable format.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Under POPIA (South Africa)

• Right to Access: You may request confirmation of whether we hold your personal information and request access to it.
• Right to Correction: You may request that we correct or delete inaccurate, irrelevant, excessive, out-of-date, incomplete, or misleading personal information.
• Right to Deletion: You may request destruction or deletion of your personal information if we no longer have a lawful basis to retain it.
• Right to Object: You may object to the processing of your personal information for direct marketing or on grounds relating to your particular situation.
• Right to Complain: You may lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.

To exercise any of these rights, contact us at privacy@tevity.com. We will respond to all requests within 30 days (or sooner where required by law).

We use cookies and similar tracking technologies to operate and improve our platform. The types of cookies we use include:

• Essential Cookies: Required for the platform to function, including authentication tokens, session management, and security cookies. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with our platform so we can improve the experience. We use privacy-focused analytics that do not track you across other websites.
• Preference Cookies: Remember your settings and preferences, such as language, timezone, and dashboard layout.
• Marketing Cookies: Used only on our public website (not the application) with your consent to measure the effectiveness of our marketing campaigns.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Disabling non-essential cookies will not affect the core functionality of the platform.

We use a limited number of trusted third-party service providers to deliver and improve our Services. These providers are bound by data processing agreements and are required to maintain security standards equivalent to our own. Categories include:

• Cloud Infrastructure: We use SOC2/ISO 27001 certified cloud providers for hosting, compute, and storage in our US, Ireland, and South African regions.
• Payment Processing: Billing and payment information is processed by PCI DSS Level 1 compliant payment processors. We do not store full credit card numbers on our servers.
• Communication Services: Email delivery, in-app notifications, and SMS are handled by established providers with appropriate data protection agreements.
• Analytics: We use privacy-focused analytics tools to understand platform usage and performance. Individual user data is anonymised before processing.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

Tevity operates across multiple jurisdictions. Your data may be transferred to and processed in countries other than your own, including the United States, Ireland, and South Africa. We ensure that all international data transfers are protected by appropriate safeguards:

Enterprise customers may select a primary data region to ensure that voice data processing and storage occur exclusively within their chosen jurisdiction. Cross-region transfers for operational purposes (such as support) are protected by the mechanisms described above and documented in your Data Processing Agreement.

The Tevity Voice platform is designed for business use and is not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you believe that a child has provided us with personal information, please contact us immediately at privacy@tevity.com, and we will take steps to delete such information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on our website with a revised “Last Updated” date.
• Send an email notification to the account owner at least 30 days before material changes take effect.
• Display a prominent notice within the platform dashboard.

We encourage you to review this policy periodically. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.