top of page
Picture11_edited.png

Privacy Policy

1. Who We Are

Calling AVA ("we," "us," or "our") operates a conversational communication platform that provides scheduled face-to-face video conversations using AI-powered avatar technology, user-configured reminders, family update summaries, and post-call digests.

For the purposes of applicable data protection law, Calling AVA is the data controller for personal information collected through the Service. Our contact details are set out in Section 16.

This Policy applies to all users of the Service, including Subscribers (adult family members who set up and manage the account) and call recipients (the aging loved ones who receive AVA's calls).

2. Information We Collect

2.1 Information You Provide Directly

Important: The information you enter into the Service — including medication names, dosages, doctor details, and personal preferences — may be sensitive. You should only enter information you have the right and permission to share. Do not enter information about a third party without their knowledge and consent. Do not enter information that is more sensitive than what is necessary to personalize AVA's conversations.

When you create an account or use the Service, you provide us with:

• Account information: name, email address, password, and billing information (processed by Apple App Store or Google Play — we do not store card data directly).

• Recipient profile information: name, preferred call time, time zone, and any personal details you choose to include to personalize AVA's conversations (such as family member names, interests, or preferences).

• Medication reminders: medication names, dosages, timing, and any other reminder information you enter for the call recipient.

• Appointment details: doctor names, appointment types, dates, times, clinic information, and any associated notes.

• Family milestones and preferences: birthdays, anniversaries, and other personal information you choose to add.

• Communications with us: emails, support tickets, or feedback you send to us.

2.2 Information Collected Through the Service

When the Service is in use, we collect:

• Call session data: metadata about each call, including time, duration, connection status, and outcome (answered, declined, missed, incomplete).

• Conversation processing data: voice and language data processed during each call by our AI avatar provider to deliver the real-time conversation. This may include voice characteristics and linguistic patterns. See Section 6 for details on biometric data.

• Post-call summaries: AI-generated summaries of call content, created from session data processed by our AI language model provider after each call.

• Contextual memory data: a structured, limited set of key highlights extracted from previous calls and retained to support conversational continuity. We do not retain full verbatim transcripts for family distribution by default.

• Usage data: how you interact with the app, including features used, settings configured, notification responses, and subscription activity.

• Device and technical data: device type, operating system, app version, IP address, and push notification tokens.

2.3 Information From Third Parties

We may receive limited information from:

• Apple App Store and Google Play: subscription status, purchase confirmation, and renewal or cancellation events.

• Our AI avatar provider: session completion status and session message history used for post-call processing.

• Analytics providers: aggregated usage patterns to help us improve the Service.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Operate the Service

• Scheduling and triggering AVA's calls at the times you configure.

• Delivering real-time AI avatar video conversations to the call recipient.

• Reading user-provided reminders, medications, and appointments during calls as instructed by you.

• Generating post-call summaries and delivering them to you and any other authorized family members you designate.

• Maintaining limited conversational continuity between sessions using structured context data.

• Sending push notifications for scheduled calls, missed calls, and account alerts.

3.2 To Manage Your Account and Subscription

• Creating and maintaining your account.

• Processing subscription purchases, renewals, and cancellations through Apple or Google.

• Communicating with you about your account, billing, and Service updates.

3.3 To Improve and Protect the Service

• Analyzing usage patterns to improve performance, reliability, and user experience.

• Detecting, investigating, and preventing fraud, abuse, or violations of our Terms and Conditions.

• Ensuring the security and integrity of our systems.

3.4 To Comply With Legal Obligations

• Responding to lawful requests from courts, regulators, or law enforcement.

• Enforcing our Terms and Conditions and protecting our legal rights.

• Maintaining records as required by applicable law.

4. How We Share Your Information

We do not sell your personal information. We do not share your personal information with third parties for their own independent marketing or advertising purposes. We share information only in the following limited circumstances, and only as necessary to provide the Service or comply with legal obligations:

4.1 Service Providers (Sub-Processors)

We work with trusted third-party service providers who process data on our behalf to deliver the Service. Each provider is contractually required to use your data only to provide their service to us and to maintain appropriate security measures.

Our current key service providers include:

• AI avatar platform (ANAM.ai): delivers the real-time AI avatar video conversation and processes voice and session data during calls. Data handling by ANAM.ai is governed by their terms of service and privacy policy. We encourage you to review ANAM.ai's data practices directly.

• AI language model provider (OpenAI): processes call session data after each call to generate post-call summaries and extract contextual notes. Data handling by OpenAI is governed by their API terms of service and privacy policy. We encourage you to review OpenAI's data practices directly.

• Cloud infrastructure (Amazon Web Services): hosts our backend systems, databases, and APIs.

• Push notification services (Firebase / Apple Push Notification Service / Google Firebase Cloud Messaging): delivers push notifications to your device.

• SMS provider (Twilio, if applicable): delivers SMS notifications where SMS is enabled on your account.

• Weather and news data providers: supply contextual information used during AVA's calls where enabled by your plan.

• Email provider: delivers transactional emails, account notifications, and family summaries.

• Payment platforms (Apple App Store / Google Play): process subscription payments. We do not receive or store your payment card details.

Our list of sub-processors may change as we update our technology stack. We will update this Policy when material changes occur.

4.2 Within Your Family Account

Post-call summaries, missed call alerts, and account notifications are shared with you and any other family members or caregivers you designate as authorized users on your account. You are responsible for only adding individuals who have the recipient's knowledge and consent.

4.3 Legal and Safety Disclosures

We may disclose your information if we believe in good faith that disclosure is necessary to: comply with a legal obligation, court order, or lawful governmental request; protect the rights, property, or safety of Calling AVA, our users, or the public; investigate fraud, security incidents, or violations of our Terms; or enforce our agreements.

4.4 Business Transfers

If Calling AVA is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for other purposes with your express prior consent.

5. Call Processing, Session Data, and Summaries

5.1 How Calls Are Processed

All calls made through the Service are processed by automated systems. This processing includes real-time AI avatar delivery, voice and conversation processing by our AI avatar provider, session data retention by our technology providers, and post-call AI processing to generate summaries and contextual notes.

To the extent any of the foregoing constitutes recording under applicable law, the pre-activation consent acknowledgment required before AVA's first call covers this processing. A disclosure is also provided to the recipient at the start of each call.

5.2 Post-Call Summaries

After each call, our AI language model processes session data to generate a summary of the conversation. This summary is designed to capture key themes, reminders discussed, and general conversation highlights — not to reproduce the call verbatim. Summaries are not a clinical assessment, diagnostic report, or health evaluation of any kind.

Summaries are delivered to you and any authorized family members you have designated. They are not provided to third parties, used for advertising, or shared with healthcare providers unless you specifically choose to share them.

Summaries are AI-generated and may contain errors, omissions, or misinterpretations. They are not official records, clinical notes, or caregiving assessments of any kind.

5.3 Contextual Memory

We maintain a deliberately limited memory model. Before each call, AVA receives a structured context snapshot — not a full transcript — containing the recipient's name and preferences, a summary from the previous call, scheduled reminders, and family-provided milestones. This approach is a deliberate product design decision to reduce hallucination risk and prevent AVA from re-surfacing sensitive or negative past content unnecessarily.

5.4 What We Do Not Do

• We do not provide verbatim call transcripts to family members by default.

• We do not use call content to train third-party AI models without your consent.

• We do not share call content with advertisers.

• We do not make call recordings available for playback to family members by default.

6. Biometric Data

The Service uses AI avatar and voice processing technology. Depending on applicable state law, the processing of voice characteristics during calls may constitute the collection or processing of biometric data, including biometric identifiers or biometric information.

Where required by applicable law — including but not limited to the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifiers Act (CUBI), and Washington's My Health MY Data Act — a separate, standalone biometric consent flow is required before activating the Service for any recipient in a covered jurisdiction. This consent must be obtained independently of the general Terms and Conditions acceptance. Accepting our Terms and Conditions alone does not constitute biometric consent under these laws. This biometric consent flow must be implemented in the product prior to launch in any jurisdiction where it is required. If you are unsure whether a separate biometric consent is required in your jurisdiction, contact us before activating the Service.

Our biometric data practices:

• Purpose: biometric data is processed solely to deliver real-time AI avatar video conversations. It is not used for identification, surveillance, marketing, or any secondary purpose.

• Sale: we do not sell, lease, trade, or otherwise profit from biometric data.

• Disclosure: we disclose biometric data only to our AI avatar provider (ANAM.ai) as necessary to operate the Service, and as required by law.

• Retention: biometric data processed during a session is retained by our AI avatar provider in accordance with their data retention policy and our contractual terms, and is deleted or anonymized within a commercially reasonable period following the end of the subscription or as required by applicable law, whichever is sooner.

• Security: we maintain reasonable technical and organizational measures to protect biometric data from unauthorized access, disclosure, or destruction.

If you have questions about biometric data processing, or if a standalone biometric consent step was not presented to you as required by your jurisdiction, contact us immediately at hello@callingava.com

7. Children's Privacy

The Service is not directed to and should not be used by or for children under 18. We do not knowingly collect personal information from persons under 18. If you are a parent or guardian and believe a child under 18 has used the Service or that information about a child has been submitted, please contact us at [Insert Email] and we will promptly delete such information.

COPPA: We do not knowingly collect, use, or disclose personal information from children under 13 as defined by the Children's Online Privacy Protection Act. By using the Service, you represent that no account is being created for or on behalf of a person under 13.

8. Data Retention

We retain your personal information for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention practices:

• Account information: retained for the duration of your subscription and for a reasonable period thereafter to allow for account reactivation, dispute resolution, and legal compliance. Deletion timelines are governed by our internal data retention schedule and applicable legal requirements.

• Recipient profile and reminder data: retained for the duration of your subscription. Typically deleted within a reasonable period following account closure or deactivation of the recipient profile, subject to our internal data retention schedule.

• Call session data and contextual memory: retained for the duration of your subscription to support conversational continuity. Typically deleted or anonymized within a reasonable period following account closure, subject to our internal data retention schedule.

• Post-call summaries: retained for the duration of your subscription and for a reasonable period thereafter, to allow you to access historical summaries before they are deleted. Exact retention periods are set out in our internal data retention schedule.

• Biometric data: see Section 6 above.

• Legal and compliance records: retained for the period required by applicable law, which may exceed the periods above.

You may request deletion of your data as described in Section 11 (Your Rights). We will honor deletion requests subject to our legal retention obligations and technical feasibility. Note that data held by third-party sub-processors — such as our AI avatar or language model providers — is subject to their own retention schedules as described in their privacy policies.

9. Data Security

We implement reasonable and appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security assessments.

However, no electronic system or method of data transmission is completely secure. We cannot guarantee absolute security of your data. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant regulatory authorities as required by applicable law.

You are responsible for maintaining the security of your account credentials. If you believe your account has been compromised, contact us immediately at hello@callingava.com.

10. Third-Party Services and Links

The Service integrates with and depends on third-party providers listed in Section 4.1. Each third party operates under its own privacy policy, which governs how they handle data they receive. We encourage you to review the privacy policies of key providers:

Privacy policies for each provider are available on their respective websites. We encourage you to review them directly, as URLs may change. Search for the privacy policy of each provider by name. Key providers include: ANAM.ai, OpenAI, Amazon Web Services, Google Firebase, Apple, and Google.

We are not responsible for the privacy practices of third-party providers. Their policies govern how they handle data they receive in connection with providing their services.

11. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information. To exercise any of these rights, contact us at [Insert Email].

11.1 Access

You have the right to request a copy of the personal information we hold about you and information about how we use it.

11.2 Correction

You have the right to request that we correct inaccurate or incomplete personal information. Much of your profile information can be updated directly within the app.

11.3 Deletion

You have the right to request that we delete your personal information. We will honor deletion requests subject to our legal retention obligations and any outstanding dispute or legal requirement. Deletion of your account will result in loss of access to the Service and all associated data.

11.4 Portability

Where required by applicable law, you have the right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller.

11.5 Objection and Restriction

You have the right to object to or request restriction of our processing of your personal information in certain circumstances, including where processing is based on legitimate interests or where you contest the accuracy of your data.

11.6 Withdrawal of Consent

Where our processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. To withdraw consent for the Service for a call recipient, see Section 4.4 of our Terms and Conditions.

11.7 Biometric Rights

Where applicable state law grants specific rights regarding biometric data — including the right to know, the right to have biometric data deleted, and the right to prevent sale of biometric data — those rights apply to biometric data we or our providers collect. Contact us at [Insert Email] to exercise biometric data rights.

11.8 Response Timeframes

We will respond to verifiable rights requests within the timeframe required by applicable law — generally within 45 days, with the possibility of a 45-day extension where permitted. We may need to verify your identity before processing a request.

12. California Resident Rights — CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) gives you specific rights in addition to those described above.

12.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information as defined under the CCPA:

• Identifiers: name, email address, IP address, device identifiers.

• Personal records: account credentials, subscription information.

• Commercial information: subscription plan, payment history (processed by Apple/Google).

• Internet or network activity: app usage data, interaction data.

• Audio/electronic data: voice and conversation data processed during calls.

• Biometric information: voice characteristics processed during calls (see Section 6).

• Inferences: contextual notes derived from call sessions used to personalize future calls.

12.2 Sources of Personal Information

We collect personal information directly from you, from your use of the Service, and from our technology providers as described in this Policy.

12.3 Business or Commercial Purposes for Collection

We collect personal information for the business purposes described in Section 3 of this Policy.

12.4 Sale or Sharing of Personal Information

We do not sell personal information to third parties for money. We do not engage in cross-context behavioral advertising as currently defined under the CPRA.

If we use any third-party analytics, advertising, or tracking technologies — such as analytics platforms, advertising pixels, or retargeting tools — sharing of certain data with those providers may qualify as "sharing" under applicable law, including the CPRA, even if no money is exchanged. We disclose all such tools below and provide opt-out mechanisms where required by law.

Third-party analytics and advertising tools currently in use: [INSERT: list all analytics, advertising, and tracking tools in use, or state "None at this time"]. We will update this section promptly if our use of such tools changes.

12.5 Sensitive Personal Information

Under the CPRA, certain categories of personal information we collect may qualify as Sensitive Personal Information (SPI), including: voice data and biometric information collected during calls; medication names and health-adjacent reminder information; and precise geolocation if collected. California residents have the right to limit our use and disclosure of Sensitive Personal Information to what is necessary to provide the Service.

We use Sensitive Personal Information solely to provide, operate, and improve the Service. We do not use Sensitive Personal Information for inferring characteristics about you, for advertising, or for any purpose beyond those described in this Policy.

12.6 Your California Rights

California residents have the right to: know what personal information is collected, used, disclosed, and sold or shared; request deletion of personal information; correct inaccurate personal information; opt out of the sale or sharing of personal information; limit use and disclosure of Sensitive Personal Information; and not be discriminated against for exercising these rights.

To submit a California privacy request, contact us at [Insert Email] with the subject line "California Privacy Request." We will respond within 45 days.

12.7 Authorized Agent

California residents may designate an authorized agent to make requests on their behalf. We may require verification of the agent's authority and the resident's identity before processing such requests.

12.8 Shine the Light

California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes under California's Shine the Light law. We do not disclose personal information for third-party direct marketing purposes.

13. Other U.S. State Privacy Rights

Residents of certain states — including Colorado, Connecticut, Virginia, Texas, Montana, Oregon, Nevada, and others with comprehensive privacy legislation — may have rights similar to those described in Sections 11 and 12, including rights to access, correct, delete, and port personal data, and to opt out of certain processing activities.

We apply our privacy commitments consistently across all U.S. states to the extent required by law. To exercise any state-specific privacy rights, contact us at [Insert Email] identifying your state of residence. We will respond within the timeframe required by your applicable state law.

14. International Users — European Economic Area, United Kingdom, and Switzerland

If you access the Service from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following additional provisions apply.

14.1 Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract performance: to provide the Service you have contracted for, including delivering calls, processing reminders, and generating summaries.

• Legitimate interests: to operate, maintain, secure, and improve the Service, provided that our interests do not override your fundamental rights and freedoms.

• Legal obligation: to comply with applicable law.

• Consent: where we specifically request your consent, such as for biometric data processing or optional features.

14.2 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, UK, or Switzerland, including the United States. We implement appropriate safeguards for such transfers, including Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office where required.

14.3 Data Protection Officer

If required by applicable law, we will appoint a Data Protection Officer. Contact details for the DPO (if appointed) will be listed at [Insert Email].

14.4 Right to Lodge a Complaint

If you are an EEA or UK resident and believe we have not complied with applicable data protection law, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ico.org.uk). In the EU, contact your local Data Protection Authority.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this Policy and notify you through the app, by email, or by other reasonable means with at least thirty (30) days' advance notice before the changes take effect.

Your continued use of the Service after a revised Policy becomes effective constitutes your acknowledgment of the updated Policy. If you do not agree with changes, you must stop using the Service before they take effect.

16. How to Contact Us

For privacy questions, rights requests, biometric data inquiries, consent withdrawals, or to report a privacy concern:

 

Calling AVA

Email: hello@callingava.com

Website: www.CallingAva.com

 

For urgent matters — including consent withdrawal, data breach concerns, or biometric data requests — please use the subject line "URGENT — PRIVACY" and we will respond within one (1) business day.

For California privacy requests, use subject line "California Privacy Request."

For biometric data requests, use subject line "Biometric Data Request."

 

© 2026 Calling AVA. All rights reserved.

bottom of page