Privacy Policy

1. Introduction and Scope

1.1. This Privacy Policy (this "Policy") is issued by AgentTech I/O, Inc., a corporation organized and existing under the laws of the State of Nevada ("Company," "we," "us," or "our"). This Policy describes how we collect, use, store, process, share, disclose, and protect information in connection with the AgentTech Dialer platform, our website located at agenttech.io, our APIs, and all related services (collectively, the "Service").

1.2. This Policy applies to all users of the Service, including account holders ("Customers"), authorized users and agents ("Authorized Users"), visitors to our website, and any other individuals whose information we collect or process in connection with the Service. Capitalized terms not defined in this Policy shall have the meanings ascribed to them in our Terms of Service, which are incorporated herein by reference.

1.3. By accessing or using the Service, creating an account, or providing information to us, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree to the practices described herein, you must immediately discontinue all use of the Service.

2. Information We Collect

We collect a broad range of information in connection with the provision, operation, and improvement of the Service. The categories of information we collect include, but are not limited to, the following:

(a) Account and Registration Data

When you create an account or register for the Service, we collect information including: full name; email address; telephone number; National Producer Number (NPN); company or agency name; agency vertical or industry classification; job title or role; login credentials (including username and hashed password); account roles and permissions; and account activation status.

(b) Device and Technical Data

When you access or use the Service, we automatically collect technical information including: Internet Protocol (IP) addresses; device fingerprints; user agent strings; browser type, version, and configuration; device type (desktop, mobile, tablet); operating system and version; session identifiers; session data; current page and navigation paths; login timestamps; last activity timestamps; screen resolution; and other technical identifiers and telemetry data.

(c) Call and Telecommunications Data

When calls are placed, received, or processed through the Service, we collect comprehensive call detail records and telecommunications data, including: caller identification numbers (caller ID); called telephone numbers; call direction (inbound, outbound, internal, transfer, conference); call start, answer, and end timestamps; ring duration; talk duration; total call duration; call status and disposition; hangup cause codes; Session Initiation Protocol (SIP) signaling data; call routing and queue information; conference identifiers; call monitoring events; and caller geographic information (state codes).

(d) Call Recording and Transcription Data

The Service records and transcribes calls as configured by the Customer. We collect and process: audio recordings of calls (in multiple file formats); recording metadata including start time, end time, file size, and file hash; recording status and processing information; real-time and post-call transcriptions with speaker identification (agent, caller, system); transcription confidence scores; transcription source provider identifiers; transcription chunk and segmentation data; voicemail recordings and transcriptions; and conference recording data including participant counts and durations.

(e) SMS and Messaging Data

When SMS text messages are sent or received through the Service, we collect: message content (body text); sender and recipient telephone numbers; message direction (inbound, outbound); delivery status (pending, sent, delivered, failed, read); timestamps (sent, delivered, read); message segment counts; messaging costs; conversation thread data; and last message previews.

(f) Email Communications Data

When emails are sent through the Service, we collect: sender and recipient email addresses; email subject lines; email body content; delivery status (sent, failed, bounced, opened); send and open timestamps; email service provider message identifiers; and error messages for failed deliveries.

(g) Contact and CRM Data

When Customers use the built-in CRM features of the Service, we collect and store: contact first and last names; dates of birth; email addresses; telephone numbers (home, mobile, work); physical mailing addresses (street, city, state, ZIP code, country); company and organization names; job titles; contact notes and annotations; disposition and outcome data; custom field data; contact tags and labels; contact sharing permissions and relationships; avatar or profile image URLs; and all associated interaction history.

(h) Calendar and Scheduling Data

When Customers use the calendar and scheduling features, we collect: event titles and descriptions; event dates and times; event types; participant names, contact types, and contact information; and all-day event flags.

(i) Compliance and Quality Assurance Data

The Service collects and generates compliance-related data, including: platform-level and agency-level compliance analysis results; compliance question responses and scores; compliance carrier information; compliance settings and configurations; AI-generated compliance scores and assessments; and quality assurance metrics and evaluations.

(j) Billing and Financial Data

We collect billing and payment information, including: Stripe customer identifiers and payment processing data; payment transaction records and history; prepaid wallet balances, transaction types (recharge, deduction, adjustment, refund), and transaction history; per-minute billing rates and per-seat pricing; usage records for VoIP minutes, SMS, AI transcription, and other metered services; billable minute calculations; phone number provisioning costs; and payment method information (processed and stored by our third-party payment processor, Stripe). We do not directly store full credit card numbers, debit card numbers, or bank account numbers on our servers.

(k) AI and Machine Learning Training Data

When Customers use AI-powered features, we collect and process: AI Agent configurations including system prompts, persona definitions (name, role, company, tone), knowledge base content, success and failure criteria, voice model preferences, language settings, temperature parameters, and interaction time limits; AI Mock Call training session results including overall scores, dimension scores, stage results, compliance violation records, knowledge accuracy assessments, AI-generated feedback summaries, identified strengths and weaknesses, and improvement recommendations; AI training competency items and evaluation criteria; AI compliance rule definitions and evaluation prompts; conversation stage definitions and behavioral prompts; objection angle configurations; and coaching knowledge base entries including trigger keywords, categories, and content.

(l) Suppression and Do Not Call Data

We maintain suppression lists containing: telephone numbers that have been suppressed from outbound communications; the agency associated with each suppression; the user who created the suppression; associated notes; and active/inactive status.

(m) Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your interactions with the Service and our website. See Section 13 (Cookies and Tracking Technologies) for additional details.

3. How We Use Your Information

We use the information we collect for the following purposes, and for any other purpose consistent with the context in which the information was collected or as otherwise described at the time of collection:

• (a) Providing the Service: To operate, provide, maintain, administer, and deliver the Service, including processing and routing voice calls, SMS messages, voicemail, and email communications;
• (b) Recording and Transcription: To record, transcribe, monitor, and analyze voice calls, voicemail messages, and other communications as configured by the Customer;
• (c) AI Compliance Monitoring: To perform AI-powered compliance scoring, monitoring, alerting, and quality assurance analysis on calls and communications;
• (d) AI Transcription and Coaching: To provide real-time and post-call transcription, AI-powered coaching recommendations, sentiment analysis, and call summarization;
• (e) AI Agent Operations: To operate AI Agents for autonomous call handling, AI Mock Calls for agent training, and related AI-powered communication features;
• (f) Billing and Payments: To process payments, manage subscriptions, calculate usage-based charges, manage prepaid wallet balances, generate invoices, and administer billing;
• (g) Customer Support: To respond to inquiries, provide technical support, troubleshoot issues, and resolve disputes;
• (h) AI Model Development and Training: To develop, train, test, validate, improve, retrain, and refine our artificial intelligence models, machine learning algorithms, neural networks, and related technologies, including using Customer Data, Platform Data, call recordings, transcriptions, and all other data collected through the Service as training data for AI/ML models that may be used to provide services to other customers and third parties;
• (i) Derivative and Aggregated Data: To create, generate, and use Derivative Data and Aggregated Data for any lawful commercial purpose, including industry benchmarking, analytics products, and services to third parties;
• (j) Platform Improvement: To analyze usage patterns, conduct internal research, develop new features, improve existing functionality, optimize performance, and enhance the user experience;
• (k) Security and Fraud Prevention: To detect, prevent, investigate, and respond to security incidents, fraud, abuse, and violations of our Terms of Service;
• (l) Legal Compliance: To comply with Applicable Law, respond to legal process (including subpoenas, court orders, and regulatory inquiries), cooperate with law enforcement and regulatory authorities, and protect our legal rights;
• (m) Research and Analytics: To conduct internal research, compile benchmarks, generate statistical analyses, and produce anonymized industry reports;
• (n) Marketing Communications: To send promotional offers, product updates, newsletters, and marketing communications (subject to your opt-out rights as described in Section 10);
• (o) Enforcement: To enforce our Terms of Service, this Privacy Policy, and any other agreements, and to protect the rights, property, and safety of Company, our customers, and others.

4. Legal Basis for Processing

We process personal information under the following legal bases:

• (a) Performance of Contract: Processing necessary for the performance of our contract with you, including providing the Service, processing communications, and managing your account;
• (b) Legitimate Interests: Processing necessary for our legitimate business interests, including platform improvement, AI model training and development, security and fraud prevention, analytics and research, and enforcing our rights, where such interests are not overridden by your fundamental rights;
• (c) Legal Obligations: Processing necessary to comply with our legal obligations, including tax and accounting requirements, regulatory compliance, responding to legal process, and cooperating with law enforcement and regulatory authorities;
• (d) Consent: Where you have provided your consent to specific processing activities, such as marketing communications and certain uses of cookies. Where processing is based on consent, you have the right to withdraw consent at any time, though withdrawal shall not affect the lawfulness of processing conducted prior to withdrawal.

5. Data Sharing and Disclosure

We may share, disclose, or transfer your information with or to the following categories of recipients, for the purposes described in this Policy:

• Telecommunications Providers: We share call data, caller identification information, and telephone numbers with VoIP and telephony carriers and providers who facilitate the routing, delivery, and processing of voice calls and SMS messages through the Service.
• Payment Processors: We share billing and payment information with Stripe, Inc. and other payment processors for the purpose of processing payments, managing subscriptions, and administering billing.
• AI and Machine Learning Service Providers: We share call audio, transcription data, text content, and other data with third-party AI and machine learning service providers, including but not limited to AssemblyAI and xAI, for the purpose of providing transcription, compliance analysis, sentiment analysis, coaching recommendations, and other AI-powered features.
• Email Service Providers: We share email addresses, message content, and delivery data with SendGrid and other email service providers for the purpose of delivering transactional and marketing email communications.
• Cloud Infrastructure Providers: We store and process data on servers and infrastructure provided by third-party cloud hosting, storage, content delivery network (CDN), and database service providers.
• Analytics Providers: We share usage data and telemetry with analytics providers for platform performance monitoring, usage analytics, and product improvement.
• Professional Advisors: We may disclose information to our legal counsel, auditors, accountants, insurers, and other professional advisors in connection with legal, compliance, audit, and insurance matters, subject to confidentiality obligations.
• Law Enforcement and Regulatory Authorities: We may disclose information (including Customer Data, call recordings, transcriptions, call detail records, account information, and any other data) to governmental authorities, regulatory bodies, law enforcement agencies, and courts: (i) in response to valid legal process, including subpoenas, court orders, search warrants, civil investigative demands, and regulatory inquiries; (ii) as required by Applicable Law; or (iii) voluntarily, where Company in its sole discretion deems disclosure reasonably necessary to protect the safety of any person, prevent fraud or abuse, protect Company's rights or property, or comply with any legal or regulatory obligation.
• Business Transfers: In connection with any merger, acquisition, consolidation, reorganization, asset sale, joint venture, financing, bankruptcy, dissolution, or similar corporate transaction involving Company, Customer Data and all other information may be disclosed, transferred, or assigned to the acquiring or succeeding entity. You acknowledge and agree that any such successor entity shall be bound by this Privacy Policy and shall have the same rights to your data as Company.
• Affiliates and Subsidiaries: We may share information with our current and future corporate parent entities, subsidiaries, and affiliated companies for purposes consistent with this Policy.
• With Your Consent: We may share your information with additional third parties where you have provided your express consent to such sharing.

6. Perpetual Data License and Rights

6.1. As set forth in Section 12 of our Terms of Service, by using the Service, you grant Company a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, transferable, sublicensable (through multiple tiers), non-exclusive license to access, collect, use, copy, store, process, modify, create derivative works from, distribute, display, perform, transmit, analyze, aggregate, anonymize, de-identify, and otherwise exploit all Customer Data, Platform Data, and all data collected through the Service, for any purpose whatsoever. This license survives any termination, expiration, or cancellation of your account or our Terms of Service, and shall continue in perpetuity.

6.2. Company exclusively owns all right, title, and interest in and to all Derivative Data (including AI-generated analyses, compliance scores, transcriptions, call summaries, sentiment analyses, coaching recommendations, and statistical outputs), Aggregated Data, and all improvements to Company's AI models, algorithms, and technology resulting from the processing of your data.

6.3. Aggregated Data and de-identified data are not considered personal information and are not subject to access, correction, or deletion requests. Company may use Aggregated Data for any purpose without restriction, including publishing industry benchmarks, providing analytics services to third parties, and training AI models for use in services provided to other customers.

6.4. AI model outputs, learnings, weights, parameters, and improvements derived from or informed by your data are Company's exclusive intellectual property and may be used to generate outputs for other customers and third parties without restriction, attribution, or compensation to you.

7. Call Recording, Monitoring, and Transcription

7.1. Recording Disclosure. The Service provides call recording, real-time transcription, AI-powered monitoring, compliance scoring, sentiment analysis, and quality assurance capabilities. All voice calls, voicemail messages, conference calls, and other communications processed through the Service may be recorded, transcribed, monitored, and analyzed, both in real-time and post-call.

7.2. Customer-Configured Policies. Call recording and retention policies are configurable by the Customer at multiple levels, including global, agency, department, queue, and individual agent levels. Customers may configure recording percentages and retention periods within the Platform. Company has no obligation to verify that Customer-configured recording or retention policies comply with Applicable Law.

7.3. Third-Party Processing. Call recordings and audio data are processed by third-party AI service providers for transcription, speaker identification, compliance analysis, and other AI-powered features. By using the Service, you consent to the transmission and processing of call audio and transcription data by such third-party providers.

7.4. Company Access and Use. Company reserves the unrestricted right to access, review, listen to, copy, retain, store, process, analyze, and use all call recordings, transcriptions, voicemail recordings and transcriptions, conference recordings, SMS messages, and all other communications data for any purpose, including: (a) providing and improving the Service; (b) quality assurance and compliance monitoring; (c) dispute resolution and litigation support; (d) safety, security, and fraud prevention; (e) developing, training, testing, and improving AI and machine learning models and technologies; (f) creating Derivative Data and Aggregated Data; (g) responding to legal process and regulatory inquiries; (h) enforcing our Terms of Service; and (i) any other lawful purpose.

7.5. Customer Consent Obligations. Customer is solely and exclusively responsible for obtaining all consents required under applicable federal and state recording consent laws (including one-party and two-party/all-party consent jurisdictions) before recording any call or communication through the Service. Company assumes no liability for Customer's failure to obtain required recording consents.

8. Data Retention

We retain information for the periods described below, or longer where required by Applicable Law, permitted by our Terms of Service, or reasonably necessary to protect our legal interests:

• Account and Registration Data: Retained during the active subscription period and for twenty-four (24) months following termination or expiration of the account, unless longer retention is required by Applicable Law or necessary for the resolution of pending disputes.
• Call Recordings: Retained in accordance with Customer's configured retention policy within the Platform, subject to a minimum retention period of one (1) year regardless of Customer's configuration. Company reserves the right to retain copies of call recordings for compliance verification, dispute resolution, and AI model training purposes indefinitely, including in anonymized, de-identified, or aggregated form.
• Transcriptions: Retained for the same period as the corresponding call recordings. Transcriptions may be retained indefinitely in anonymized, de-identified, or aggregated form for AI model training, research, and analytics purposes.
• Billing and Financial Records: Retained for seven (7) years following the date of the transaction, in accordance with applicable tax, accounting, and financial record-keeping requirements.
• SMS Messages: Retained for three (3) years from the date of transmission or receipt.
• Compliance and Quality Assurance Data: Retained for ten (10) years, consistent with CMS Medicare record retention requirements and industry best practices for regulatory compliance documentation.
• Session and Login Data: Retained for two (2) years from the date of the session or login event.
• AI Training Data and Results: Retained indefinitely as part of AI model training datasets, knowledge bases, and research archives. AI training data contributes to the development and improvement of Company's AI models and is not subject to deletion requests.
• Derivative Data and Aggregated Data: Retained indefinitely. Derivative Data and Aggregated Data are Company's exclusive property and are not subject to access, correction, or deletion requests.
• Suppression and DNC Data: Retained for the duration of the applicable suppression period and for two (2) years thereafter for compliance verification purposes.

Company reserves the right to retain any information for such additional periods as may be required by Applicable Law, ordered by a court or regulatory authority, or reasonably necessary to establish, exercise, or defend legal claims, enforce our agreements, or protect Company's legitimate business interests.

9. Data Security

9.1. Security Measures. We implement and maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, and destruction. Our security measures include, but are not limited to: encryption of data in transit using Transport Layer Security (TLS 1.2 or higher); encryption of data at rest using Advanced Encryption Standard (AES-256) or equivalent; cryptographic hashing of authentication credentials; role-based access controls; multi-factor authentication capabilities; regular security assessments and vulnerability testing; and incident response procedures.

9.2. Breach Notification. In the event of a data security breach involving the unauthorized acquisition of unencrypted personal information that triggers notification obligations under Applicable Law, Company shall notify affected individuals and applicable regulatory authorities as required by the Nevada data breach notification statute (NRS 603A.220) and any other applicable federal or state breach notification laws. Company shall provide notification within seventy-two (72) hours of confirming a reportable breach, or within such other timeframe as required by Applicable Law.

9.3. Disclaimer. While we implement reasonable security measures, no method of transmission over the Internet, no method of electronic storage, and no security system is impenetrable or guaranteed to be completely secure. We cannot and do not guarantee the absolute security of your information. You acknowledge that you transmit information to and through the Service at your own risk and that Company shall not be liable for any unauthorized access, use, or disclosure of your information except to the extent directly caused by Company's gross negligence or willful misconduct.

10. Your Privacy Rights

(a) General Rights (All Users)

Subject to the limitations set forth in this Section 10 and in our Terms of Service, all users may: (i) request access to the categories and specific pieces of personal information we have collected about them; (ii) request correction of inaccurate personal information; (iii) request deletion of personal information (subject to applicable exceptions and Company's retention rights); and (iv) opt out of promotional marketing communications by following the unsubscribe instructions in such communications or by contacting us at privacy@agenttech.io.

(b) Nevada Residents (NRS 603A.345)

If you are a Nevada resident, you have the right to submit a verified request directing us not to sell your personal information. We do not currently sell personal information as defined under Nevada Revised Statutes Chapter 603A. To submit a request, contact us at privacy@agenttech.io with the subject line "Nevada Privacy Request."

(c) California Residents (CCPA/CPRA)

If you are a California resident, you may have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purposes for collecting or selling it, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions under the CCPA, including where retention is necessary for: performing our contract with you; complying with legal obligations; exercising or defending legal claims; internal uses reasonably aligned with your expectations; and other purposes permitted under the CCPA.
• Right to Opt Out: You have the right to opt out of the "sale" or "sharing" of your personal information, as those terms are defined under the CCPA. To opt out, contact us at privacy@agenttech.io.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

CCPA Business Exemptions: Certain categories of information we process may be exempt from the CCPA, including: (i) personal information reflecting a written or verbal business-to-business communication or transaction; (ii) personal information collected about a person acting in their capacity as an employee, officer, director, or contractor of a company, partnership, sole proprietorship, or government agency; and (iii) personal information processed by a service provider on behalf of a business pursuant to a written contract.

(d) Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Indiana, Iowa, Delaware, New Hampshire, New Jersey, Nebraska, Kentucky, Maryland, Minnesota, and other states with applicable consumer privacy laws may exercise privacy rights as provided under those laws. To submit a request, contact us at privacy@agenttech.io and specify your state of residence.

(e) Exercising Your Rights

To exercise any of the rights described in this Section 10, submit a request to privacy@agenttech.io. We will verify your identity before processing your request. We will respond to verifiable requests within forty-five (45) calendar days of receipt, or within such other timeframe as required by Applicable Law. If we require additional time, we will notify you of the extension and the reason therefor. We may decline requests where we are unable to verify your identity, where the request is manifestly unfounded or excessive, or where processing the request is not required under Applicable Law.

(f) Limitations on Deletion Rights

You acknowledge and agree that, due to the perpetual, irrevocable license granted to Company under our Terms of Service, your deletion rights are subject to the following limitations: (i) Company may retain and continue to use Derivative Data, Aggregated Data, de-identified data, and AI model training data even after a deletion request is processed; (ii) data that has been incorporated into trained AI models cannot be extracted or deleted from such models; (iii) deletion requests apply only to identifiable Customer Input Data that is not otherwise required for legal compliance, contract performance, dispute resolution, or platform operations; (iv) Company may retain copies of data as required by Applicable Law, including regulatory record-keeping requirements; and (v) data that has been shared with third-party service providers may be subject to those providers' separate retention practices. Deletion of your personal information from our active systems does not constitute deletion from backup systems; backup data will be overwritten in the ordinary course of operations.

11. Children's Privacy

The Service is not directed at, marketed to, or intended for use by individuals under the age of eighteen (18). We do not knowingly collect, solicit, or receive personal information from children under the age of eighteen (18). If we become aware that we have collected personal information from a child under eighteen (18) without verification of parental consent, we will take commercially reasonable steps to promptly delete such information from our records. If you believe that we have collected personal information from a child under eighteen (18), please contact us immediately at privacy@agenttech.io.

12. International Data Transfers

12.1. The Service is operated from, and all data is processed and stored on servers located in, the United States of America. If you access or use the Service from a location outside the United States, you acknowledge and agree that your information will be transferred to, processed, and stored in the United States, where data protection laws may differ from and may be less protective than the laws of your jurisdiction.

12.2. By accessing or using the Service, you expressly and irrevocably consent to the transfer, processing, and storage of your information in the United States in accordance with this Privacy Policy and our Terms of Service. We do not represent or warrant that the Service or our data practices comply with the data protection or privacy laws of any jurisdiction other than the United States. If you do not consent to the transfer of your information to the United States, you must not access or use the Service.

13. Cookies and Tracking Technologies

13.1. Types of Cookies. We use the following categories of cookies and similar tracking technologies:

• Strictly Necessary Cookies: Essential for the operation of the Service, including session management, authentication, security, and load balancing. These cookies cannot be disabled without impairing the functionality of the Service.
• Analytics and Performance Cookies: Used to collect information about how users interact with the Service and our website, including pages visited, features used, error occurrences, and performance metrics. This data helps us improve the Service and optimize the user experience.
• Preference and Functionality Cookies: Used to remember your settings, preferences, and choices (such as language preferences and display configurations) to provide a more personalized experience.
• Third-Party Cookies: Placed by third-party analytics and advertising partners to collect information for analytics, advertising, and marketing purposes.

13.2. Managing Cookies. You may control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may impair the functionality of the Service. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. Because there is no universally accepted standard for how to interpret and respond to DNT signals, the Service does not currently alter its data collection and use practices in response to DNT signals. We will continue to monitor developments in DNT standards and may update this practice in the future.

15. Changes to This Privacy Policy

15.1. We reserve the right to modify, amend, or update this Privacy Policy at any time, in our sole discretion. When we make material changes to this Policy, we will update the "Last updated" date at the top of this page and provide not less than thirty (30) days' advance notice to registered users via email or in-platform notification.

15.2. Your continued access to or use of the Service after the effective date of any changes to this Privacy Policy shall constitute your acceptance of and agreement to the revised Policy. If you do not agree to any changes, your sole and exclusive remedy is to terminate your account and discontinue use of the Service prior to the effective date of such changes.

15.3. Prior versions of this Privacy Policy are available upon written request to privacy@agenttech.io.

16. Contact Information

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us: