Privacy Policy

01 Introduction & Our Commitment

SmartOnCall ("we", "our", "us") is a real-time AI meeting assistant for Windows. We built SmartOnCall with a privacy-first, zero data retention architecture because we believe your conversations are your business.

This Privacy Policy explains what data we do and do not collect, how we use it, who we share it with, and your rights under applicable data protection laws worldwide including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR) applicable in the EU and UK, and other applicable privacy legislation.

02 Data Controller

The data controller responsible for your personal data is:

03 Data We Collect

We collect the minimum data necessary to provide, secure, and improve our service. The data falls into three categories:

3.1 Account & Authentication Data

When you sign in to SmartOnCall, we receive the following from your Microsoft identity provider:

• Name (display name and/or given name)
• Email address (used as your username)
• Authentication tokens (for securing API access)

Purpose: To authenticate your identity, manage your account, and secure access to paid features.

3.2 Device & Technical Data

On each sign-in, we collect basic device information to ensure compatibility, prevent abuse, and support troubleshooting:

• Operating system name and version (e.g., Windows 11)
• Screen resolution
• Processor architecture and count
• App version
• Time zone, language, and locale

Purpose: Compatibility assurance, abuse prevention, and technical support.

3.3 Usage & Session Data

During use of SmartOnCall, we collect session-level analytics to manage your credit balance and improve the product:

• Session start, pause, resume, and end timestamps
• Session duration (for credit deduction)
• Number of questions detected per session
• Number of AI answers and explanations requested per session
• Periodic heartbeat signals (to confirm active usage for billing accuracy)

Purpose: Credit/billing management, product analytics, and service improvement.

3.4 Feedback Data

If you choose to submit feedback through the app or website, we collect the content of your message and your email address (for responding).

04 Data We Do Not Collect

• Audio recordings - Your microphone and system audio streams are sent directly from your device to our speech-to-text provider (Deepgram). We never intercept, route, or store audio.
• Transcriptions - Real-time transcription text is processed on your device and sent directly to our AI provider (Google Gemini) for question detection and answer generation. Transcription content is never sent to SmartOnCall servers.
• Uploaded documents - Files you upload (resumes, sales playbooks, technical docs) are cached locally on your device and sent directly to the AI provider as context. They are automatically deleted when you close the preparation screen. SmartOnCall servers never receive these files.
• AI-generated answers - Answers generated by the AI are delivered directly from the AI provider to your device. We do not see or store these.
• Meeting content or participant information - We have no visibility into who is on your call, what platform you use, or any meeting metadata.

Local-Only Data

The following data is stored only on your device and is never transmitted to SmartOnCall servers:

• Application preferences (theme, window position and size)
• AI request logs (questions detected, answers requested) - stored in your local AppData directory for your reference
• Authentication token cache (for silent sign-in)
• Cached uploaded files (automatically deleted on session end)

05 How We Use Your Data

06 Third-Party Data Processors

The following third parties process data as part of SmartOnCall's functionality. Note that for audio and transcript data, these providers receive data directly from your device - not from SmartOnCall servers.

We encourage you to review each provider's privacy policy to understand how they handle data received directly from your device. We have entered into appropriate data processing agreements with these providers where required.

07 International Data Transfers

SmartOnCall and our third-party service providers operate globally, with data processing infrastructure primarily located in the United States. When personal data is transferred internationally, we implement appropriate safeguards to ensure your data remains protected, including:

• Data processing agreements with our service providers that include robust data protection obligations
• Standard Contractual Clauses or equivalent cross-border data transfer mechanisms where required by applicable law
• Compliance with applicable data protection frameworks in the jurisdictions where we operate

Audio and transcript data sent directly from your device to third-party AI providers is subject to those providers' own privacy practices and international transfer mechanisms as described in their respective privacy policies.

08 Data Retention

• Account data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
• Device information: Retained for up to 12 months from collection, then automatically deleted.
• Session analytics: Retained for up to 24 months for billing records and product improvement, then aggregated or deleted.
• Uploaded documents: Automatically deleted from your local device when you leave the call preparation screen. Never stored on our servers.
• Audio and transcripts: Not retained by SmartOnCall. Refer to Deepgram's and Google's retention policies for their handling of data received directly from your device.
• Local AI logs: Stored on your device indefinitely until you delete them manually. SmartOnCall never accesses these files.

09 Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data under applicable privacy laws, including:

• Right to access - Request a copy of the personal data we hold about you.
• Right to correction - Request correction of inaccurate personal data.
• Right to deletion - Request deletion of your personal data in certain circumstances.
• Right to data portability - Receive your data in a structured, machine-readable format.
• Right to opt-out - Opt out of certain data processing activities, including the sale or sharing of personal information (where applicable under laws such as CCPA).
• Right to limit use of sensitive data - Limit our use of sensitive personal information (where applicable).
• Right to non-discrimination - Not receive discriminatory treatment for exercising your privacy rights.

Note: SmartOnCall does not sell personal information. We do not use your data for targeted advertising. Your most sensitive data (audio, transcripts, documents) never reaches our servers.

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@smartoncall.com. We will respond within the timeframe required by applicable law (typically 30-45 days depending on jurisdiction). For complex requests, we may extend this period and will notify you if additional time is needed.

Complaints

If you believe we have not adequately addressed your concerns, you may have the right to lodge a complaint with your local data protection authority or relevant privacy regulator.

10 Security Measures

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit: All communications between the SmartOnCall app and our backend API use HTTPS/TLS encryption.
• Token-based authentication: API keys for third-party services (Deepgram, Google Gemini) are never embedded in the application. They are fetched dynamically from our secure backend with automatic expiry and refresh.
• No persistent sensitive data: We do not store audio, transcripts, or uploaded documents on our servers. This eliminates the most sensitive data from our threat surface.
• Session security: Authentication is handled via Microsoft Entra ID (formerly Azure AD) with industry-standard OAuth 2.0 and token caching.
• Minimal data collection: We collect only the data strictly necessary for service operation and billing.

11 Children's Privacy

SmartOnCall is designed for professional use and is not directed at individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@smartoncall.com.

12 Cookies & Website Analytics

The SmartOnCall website (smartoncall.com) may use cookies and similar technologies for:

• Essential cookies: Required for basic website functionality (e.g., contact form). These do not require consent.
• Analytics cookies: To understand how visitors use our website and to improve our content. These are only set with your consent.

The SmartOnCall desktop application does not use cookies.

You can manage cookie preferences through your browser settings or through our cookie consent mechanism on the website.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you through the SmartOnCall application or via email for significant changes

We encourage you to review this policy periodically.

14 Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us: