Article 1: Scope & Operational Entitlement

1.1 Usage Entitlement

By accessing the Service, You affirmatively grant Company an irrevocable, worldwide, royalty-free right and entitlement to monitor, analyze, and record Your usage of the Platform ("Usage Entitlement"). This Entitlement is fundamental to the provision of the Service and is exercised for the purposes of: (a) verifying compliance with usage limits; (b) detecting security anomalies; (c) enforcing billing obligations; and (d) optimizing resource allocation for the multi-tenant architecture.

1.2 Application of Policy

This Policy applies to:

• Authorized Users: Individuals registered to use the SaaS platform.
• Conversation Participants: Individuals who interact with our AI agents via telephony.
• Website Visitors: Individuals navigating our digital properties.

Article 2: Data Collection Framework

2.1 Voice Data Specifics

We collect and process audio recordings of calls made through our system. These recordings are processed by third-party transcription and inference engines (e.g., Vapi.ai, OpenAI). By using the Service, You explicitly authorize this processing chain and warrant that You have obtained all necessary third-party consents for such recording.

Article 3: Processing Purposes & Legal Basis

We process Data under the following legal bases:

• Contractual Necessity: To deliver the AI calling functionality, execute campaigns, and provide real-time coaching tools.
• Legitimate Business Interest: To ensure platform security, prevent fraud (e.g. "toll fraud"), bill accurate usage fees, and improve platform latency/reliability.
• Legal Obligation: To comply with telecommunications regulations (e.g. Traceback requests) and tax requirements.

Article 4: Disclosure Chain & Sub-Processors

To provide the Service at scale, we transfer data to specific infrastructure providers. You acknowledge and agree to the following data processing chain:

Article 5: International Data Sovereignty

CallView AI Inc. is a Delaware Corporation with operations in the United States and the Philippines. You acknowledge that Your Data will be transferred to, processed, and stored in the United States.

For Customers in the EEA, UK, or Switzerland, we execute Standard Contractual Clauses (SCCs) to validate these transfers under GDPR. We implement supplementary measures including encryption-at-rest and strict access controls to ensure data protection equivalent to stringent European standards.

Article 6: Security Posture

We maintain a comprehensive information security program designed to protect the integrity of Your Data. Key controls include:

• Encryption: TLS 1.2+ for all data in transit; AES-256 for data at rest.
• Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all administrative access.
• Monitoring: 24/7 automated monitoring of infrastructure for intrusion attempts and DDoS attacks.
• Segregation: Logical tenant isolation to prevent data commingling.

Article 7: Data Subject Rights

Depending on your jurisdiction (e.g., CCPA for California, GDPR for EU, DPA for Philippines), you may have specific rights regarding your personal information:

Article 8: Philippines Data Privacy Act

For data subjects in the Philippines, we fully adhere to the Data Privacy Act of 2012 (Republic Act No. 10173). We respect your rights to information, object, access, rectification, erasure or blocking, and damages. Our Data Protection Officer (DPO) oversees compliance with the NPC.

Article 9: Service Partner Data Protocols

Applicability: These protocols apply specifically to "Authorized Service Partners" (Human Pilots) accessing the platform to fulfill client campaigns.

9.1 Data Sovereignty

Service Partners acknowledge that all Data (including Lead Lists, Audio Recordings, Call Transcripts, and Enriched Notes) accessed or generated via the Platform is the **Exclusive Property of CallView AI**. Partners have no ownership rights to this data and are strictly prohibited from exporting, copying, or using it for any purpose other than authorized CallView fulfillment.

9.2 "Clean Desk" & Data Destruction

Upon termination of the Service Partner Agreement, the Partner must certify the **irreversible destruction** of any local data caches, downloaded reports, or offline copies of Client information. Retention of CallView data for use with other clients constitutes data theft and will be prosecuted.

9.3 The PII "Red Line"

Zero Tolerance Policy: Service Partners are technically restricted and contractually prohibited from soliciting or recording sensitive financial PII (Credit Card Numbers, Social Security Numbers) over the voice channel. Any attempt to solicit this data is a "Fatal 5" violation resulting in immediate termination.

9.4 Communication Channels

To ensure a complete audit trail and data security, Partners are strictly prohibited from contacting Clients or Leads via personal / unmonitored channels (e.g., Personal WhatsApp, Facebook Messenger, Personal Email). All extensive data exchange must occur within the authorized secure channels (Platform or Official Discord).