Privacy Policy

Effective Date: January 6, 2025
Last Updated: May 7, 2026

Practical Mind Labs LLC ("we," "us," or "our") operates CallClara.ai (the "Service"), an AI-powered phone receptionist and appointment scheduling system. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, business name, phone number, and billing information
• Business Configuration: Business hours, services offered, pricing, policies, staff information, and scheduling preferences
• Calendar Data: When you connect Google Calendar or Microsoft Outlook, we access your calendar events (titles, times, attendees, locations) and free/busy status EXCLUSIVELY for appointment scheduling functionality. See Section 4 "Google Calendar Integration" for complete details on calendar data handling.

1.2 Information We Collect Automatically

• Call Data: Phone numbers, call duration, timestamps, and call metadata
• Voice Recordings: Audio recordings of phone calls handled by Clara (with appropriate consent)
• Transcripts: Text transcriptions of voice calls
• Usage Data: Information about how you interact with the Service, including features used and actions taken
• Device Information: IP addresses, browser type, operating system, and device identifiers

2. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service
• Answer incoming calls and interact with your customers via AI voice
• Schedule, update, and cancel appointments in connected calendars
• Generate call transcripts and summaries
• Process payments and manage subscriptions
• Send service notifications and updates
• Provide customer support
• Detect and prevent fraud or security issues
• Comply with legal obligations
• Train and improve our AI voice models using ONLY call transcripts and voice recordings (with aggregated, anonymized data). We NEVER use calendar data for AI training.

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

3.1 Service Providers

• Cloud Infrastructure: Microsoft Azure (hosting, storage, compute)
• AI Services: OpenAI (voice and language processing); Anthropic (call analysis, script optimization, scam-pattern reasoning)
• Telephony: Twilio (phone call handling, SMS where applicable)
• Calendar Integration: Google Calendar API and Microsoft Graph API (for calendar access with your explicit authorization, where supported by your edition). Calendar data is ONLY used for scheduling and is NEVER shared with AI training services or marketing platforms. See Section 4 for details. Note: the Family Protection edition does not include calendar integration.
• Payment Processing: Stripe (billing and payment processing)
• Authentication: Auth0 (user identity and access management)
• Transactional Email: Brevo / Sendinblue (call summaries and account email)

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Google Calendar Integration

CallClara integrates with Google Calendar to provide intelligent scheduling functionality. This section details exactly how we handle your Google Calendar data.

4.1 What Calendar Data We Access

When you connect your Google Calendar to CallClara, we access:

• Event titles and descriptions - To understand the nature of your appointments
• Event start and end times - To determine your availability
• Event attendees - To avoid scheduling conflicts
• Event locations - To provide context for scheduling
• Free/busy status - To check availability without accessing event details

4.2 How We Use Calendar Data

Your Google Calendar data is used exclusively for the following purposes:

• Availability Checking: Determining free time slots when Clara receives calls
• Appointment Scheduling: Creating calendar events for scheduled callbacks and appointments
• Conflict Prevention: Ensuring new appointments don't overlap with existing events
• Calendar Synchronization: Keeping your schedule up-to-date across Clara and Google Calendar
• Notification Delivery: Ensuring you receive Google Calendar notifications for Clara-scheduled events

4.3 What We DO NOT Do With Calendar Data

CallClara NEVER uses your Google Calendar data for:

• ❌ Training AI models (even in anonymized or aggregated form)
• ❌ Marketing or advertising purposes
• ❌ Sharing with third parties (except Google for API access)
• ❌ Analysis beyond scheduling functionality
• ❌ Profiling or behavioral tracking
• ❌ Any purpose not directly related to appointment scheduling

Your calendar data is strictly segregated from other data we collect and is used ONLY for scheduling functionality.

4.4 Calendar Data Storage and Security

• Encryption: Calendar data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Storage Location: Microsoft Azure US regions with Google's security standards
• Access Controls: Only authorized Clara scheduling functions can access calendar data
• Retention: Cached calendar data is retained for 48 hours, then refreshed from Google
• Token Security: OAuth tokens are encrypted and stored in Azure Key Vault

4.5 Disconnecting Your Calendar

You can disconnect your Google Calendar at any time:

Option 1: Through CallClara Settings

1. Log in to your CallClara portal
2. Navigate to Settings → Integrations
3. Click "Disconnect Google Calendar"
4. Confirm disconnection

Option 2: Through Google

1. Visit Google Account Permissions
2. Find "CallClara.ai" in your connected apps
3. Click "Remove Access"

What Happens When You Disconnect:

• All calendar access is immediately revoked
• Clara will no longer check your availability
• Cached calendar data is deleted within 24 hours
• Previously created calendar events remain in your Google Calendar
• OAuth tokens are immediately invalidated

4.6 Limited Data Sharing

Google Calendar data is shared ONLY with:

• Google Calendar API: To read and write calendar events (required for functionality)
• Microsoft Azure Services: For secure storage and processing (Azure Functions, Key Vault)

We DO NOT share your calendar data with:

• ❌ OpenAI or other AI training services
• ❌ Marketing platforms
• ❌ Analytics services
• ❌ Any third-party services beyond those listed above
• ❌ Other CallClara users

4.7 Your Rights Regarding Calendar Data

You have the right to:

• Access: Request a copy of cached calendar data we store
• Deletion: Request immediate deletion of all calendar data
• Revocation: Disconnect calendar access at any time
• Transparency: Request details about how your calendar data has been used
• Portability: Export your CallClara-created events (already in your Google Calendar)

To exercise these rights, contact us at privacy@callclara.ai

4.8 Compliance and Auditing

Our Google Calendar integration complies with:

• Google API Services User Data Policy
• Google OAuth 2.0 Policies
• Limited Use Requirements for Sensitive Scopes
• California Consumer Privacy Act (CCPA)
• General Data Protection Regulation (GDPR)

We undergo regular security audits and maintain detailed access logs for calendar data access.

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Least-privilege access with role-based permissions
• Authentication: Multi-factor authentication for account access
• Monitoring: Continuous security monitoring and audit logging
• Compliance: Regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active, plus 90 days after account closure
• Call Recordings and Transcripts: Retained according to your subscription plan (typically 90 days to 2 years)
• Calendar Data: Cached calendar data retained for 48 hours for performance, then refreshed from Google. OAuth access tokens retained until you disconnect your calendar. All calendar data deleted within 24 hours of disconnection.
• Billing Records: Retained for 7 years for tax and accounting purposes
• Aggregated Analytics: Retained indefinitely in anonymized form

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Export: Receive your data in a portable format
• Opt-Out: Unsubscribe from marketing communications (service notifications will continue)
• Calendar Disconnection: Revoke calendar access at any time through your account settings

To exercise these rights, contact us at privacy@callclara.ai or through your account settings.

8. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to limit the use of sensitive personal information (including voice recordings)
• Right to non-discrimination for exercising CCPA/CPRA rights

To exercise any of these rights, contact us at privacy@callclara.ai. We will respond within 45 days as required by law.

11. HIPAA Compliance

For Enterprise/HIPAA customers, we enter into a Business Associate Agreement (BAA) and implement additional safeguards to comply with HIPAA requirements for protected health information (PHI).

12. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in to your account
• Remember your preferences
• Analyze Service usage
• Improve user experience

You can control cookies through your browser settings, but some features may not function properly without them.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Family Protection Edition — Special Privacy Provisions

The CallClara Family Protection edition is designed to screen calls on behalf of an "Account Owner" or a "Protected Person" (which may be the Account Owner themselves, or a family member such as a parent, grandparent, or spouse). When the Account Owner enrolls a Protected Person other than themselves, the following additional terms apply:

14.1 Authority to Enroll a Protected Person

By enrolling a Protected Person in the Service, the Account Owner represents and warrants that they have the legal authority and the Protected Person's informed consent (or, where applicable, the consent of a legal guardian, agent under a Power of Attorney, or court-appointed conservator) to (a) operate the Service on the Protected Person's phone line, (b) receive call recordings and transcripts of calls made to or from that line, and (c) configure scam-screening and trusted-caller settings on the Protected Person's behalf. The Account Owner is solely responsible for confirming this authority.

14.2 Protected Person's Data Subject Rights

The Protected Person remains a data subject under applicable privacy laws (including CCPA/CPRA and GDPR). The Protected Person — or the Account Owner acting on their behalf — may request access to, correction of, or deletion of the Protected Person's personal information by contacting privacy@callclara.ai. We may require reasonable verification of identity and authority before fulfilling such requests.

14.3 Call Recording Notice and Two-Party Consent

Clara records and transcribes calls placed to the phone line associated with a Protected Person's account. Recording laws vary by jurisdiction. Several U.S. states (including California, Florida, Illinois, Massachusetts, Pennsylvania, Washington, and others) require all parties to a call to consent to recording. By default, Clara's greeting includes language that the call is being handled by an AI assistant; the Account Owner is responsible for ensuring the Service is configured and used in compliance with the recording laws of every jurisdiction in which calls may be made or received. Practical Mind Labs LLC does not provide legal advice and makes no representation that any specific configuration of the Service satisfies any particular jurisdiction's recording-consent law.

14.4 Information Shared with the Account Owner

If the Account Owner is not the Protected Person, the Account Owner will receive notifications, summaries, transcripts, and recordings of calls placed to the Protected Person's line. This information may include sensitive personal, medical, financial, religious, political, or family information disclosed by callers. The Account Owner agrees to handle this information with care and only for the purpose of protecting the Protected Person.

14.5 Sensitive Personal Information

Because the Service is designed to detect scams targeting older adults, callers may attempt to elicit Social Security numbers, financial-account credentials, Medicare or insurance identifiers, or other sensitive information. Clara is configured to refuse to disclose any such information. If sensitive information is volunteered by a caller and captured in a recording or transcript, that data will be treated as Sensitive Personal Information under CCPA/CPRA and stored with the same encryption and access controls as all other call data, and you may exercise your right to limit its use as described in Section 10.

14.6 No Calendar Data Collection (Family Protection)

The Family Protection edition does not collect or process Google Calendar or Microsoft Outlook data. Sections 4 and 8.x of this Policy (Calendar Integration) do not apply to Family Protection accounts.

15. Contact Us

For questions about this Privacy Policy or our privacy practices, contact us:

• Email: legal@practicalmindlabs.com
• Phone: (949) 386-2300
• Mail: Practical Mind Labs LLC
  30 N Gould St Ste R
  Sheridan, WY 82801
  USA