Privacy Policy

Calrio ("Calrio," "we," "us," or "our") provides a platform for creating, managing, and deploying business AI agents across channels such as WhatsApp, Telegram, Slack, and email. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit calrio.ai, use our applications, or interact with agents powered by Calrio.

This policy applies to visitors, account holders, team members, and administrators. If you use Calrio on behalf of an organization, you represent that you have authority to bind that organization to this policy.

By using Calrio, you agree to the practices described here. If you do not agree, do not use our services.

We collect information in three broad categories: information you provide, information generated through use of the service, and information collected automatically.

Information you provide may include:

• Account details such as name, email address, password or authentication tokens, organization name, and billing contact information
• Profile and workspace settings, including team roles and permissions
• Payment information processed by our payment providers (we do not store full card numbers)
• Support requests, survey responses, and communications with our team
• Content you upload to knowledge bases, including documents, URLs, integration credentials, and agent instructions
• Waitlist and marketing form submissions

Information generated through use of the service may include:

• Agent configurations, prompts, tools, routing rules, and deployment settings
• Conversation logs between end users and your agents, including message content and metadata
• Analytics such as response times, credit usage, channel activity, and error logs
• Audit logs of administrative actions within your workspace

Information collected automatically may include:

• Device and browser type, operating system, IP address, and general location derived from IP
• Pages viewed, features used, referral URLs, and timestamps
• Cookies, local storage, and similar technologies as described in Section 10
• Security signals such as login attempts and session identifiers

We use collected information to:

• Provide, operate, maintain, and improve the Calrio platform
• Authenticate users and enforce team permissions
• Process subscriptions, credits, invoices, and billing disputes
• Index and retrieve knowledge base content so agents can respond accurately
• Route messages to and from connected channels on your behalf
• Monitor performance, debug errors, and protect against abuse or security incidents
• Send service announcements, security alerts, and account-related messages
• Respond to support requests and communicate about early access or product updates
• Comply with legal obligations and enforce our Terms of Service
• Generate aggregated or de-identified analytics to understand product usage

We do not use your private knowledge base content or end-user conversation data to train general-purpose AI models shared across customers. Model providers may process prompts and responses to deliver inference services under their own terms and data handling policies. We configure available provider settings to minimize retention where supported.

Where applicable law requires a legal basis, we rely on:

• Performance of a contract when processing is necessary to provide the services you request
• Legitimate interests for security, fraud prevention, product improvement, and direct communication about similar services, balanced against your rights
• Consent for non-essential cookies, certain marketing messages, and optional features where required
• Legal obligation when we must retain or disclose information to comply with law

We do not sell personal information. We may share information in the following circumstances:

• Service providers who assist with hosting, analytics, payment processing, email delivery, customer support, and AI inference, subject to contractual confidentiality and security obligations
• Channel partners such as Meta, Slack, or email providers when you connect integrations required to deliver messages
• Your organization administrators and authorized team members within shared workspaces
• Professional advisers, auditors, or authorities when required by law, court order, or to protect rights, safety, and security
• A successor entity in connection with a merger, acquisition, financing, or sale of assets, with notice where required by law

When you deploy agents to external channels, message content may be transmitted to end users and third-party platforms according to your configuration. You are responsible for providing appropriate notices to your end users.

For account, billing, and website data, Calrio generally acts as a data controller.

For content you submit and end-user messages processed by your agents, Calrio typically acts as a data processor on your instructions. You determine what data is collected from your customers and must have a lawful basis to share it with us. A Data Processing Agreement is available for team and enterprise customers upon request or through Settings > Legal.

We retain information for as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type:

• Account data is retained while your account is active and for a reasonable period afterward
• Conversation logs and analytics are retained according to your plan settings and workspace configuration
• Billing records may be retained for up to seven years where required for tax and accounting purposes
• Backups containing deleted workspace data are purged within 30 days of deletion requests, subject to technical limitations
• Support tickets and security logs may be retained longer where necessary for compliance or incident investigation

You may request deletion as described in Section 9.

We implement administrative, technical, and organizational measures designed to protect information, including encryption in transit, access controls, logging, and vendor review. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

You are responsible for safeguarding credentials, configuring team permissions appropriately, and reviewing connected integrations. Notify us promptly at [email protected] if you suspect unauthorized access.

Depending on your location, you may have rights to:

• Access a copy of personal information we hold about you
• Correct inaccurate or incomplete information
• Delete personal information, subject to exceptions
• Restrict or object to certain processing
• Receive portable data in a structured, commonly used format
• Withdraw consent where processing is based on consent
• Opt out of sale or sharing of personal information as defined under applicable U.S. state laws
• Lodge a complaint with a supervisory authority

Account holders can access, export, and delete much of their data from Settings > Privacy. Workspace owners may submit requests on behalf of team members where permitted. Contact [email protected] to exercise rights or appeal a decision. We may verify your identity before responding.

We aim to respond within 30 days, or the timeframe required by applicable law.

We use cookies and similar technologies to keep you signed in, remember preferences, measure product usage, and support security features.

• Essential cookies required for authentication and core functionality
• Preference cookies that store language and UI settings
• Analytics cookies that help us understand how features are used
• Support cookies used by tools such as Intercom on help pages when enabled

You can manage non-essential cookies through the cookie banner on calrio.ai or Settings > Privacy. Browser controls may also block cookies, though some features may not function properly.

Calrio may process information in the United States and other countries where we or our service providers operate. When we transfer personal information from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms where required.

Calrio is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, contact [email protected] and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice by email, in-product notification, or by updating the "Last updated" date at the top of this page. Continued use after changes become effective constitutes acceptance of the revised policy.

Questions about this Privacy Policy or our data practices may be sent to [email protected] or:

Calrio Privacy Team Email: [email protected]