Privacy Policy · Cavorite

1. Introduction

Cavorite AI LLC, a Delaware limited liability company ("Cavorite," "we," "our," or "us"), is the data controller responsible for your personal data when you visit cavorite.ai, use the Cavorite mobile application, or use our AI phone receptionist service (collectively, the "Platform"). This Privacy Policy explains how we collect, use, and safeguard information about people who use the Platform and about people whose voice and data flow through the Platform when they call a business that uses Cavorite.

This policy is part of, and should be read alongside, our Terms of Service.

2. Who This Policy Covers

The Platform involves two distinct categories of people whose data we handle, and the basis on which we collect their data differs.

Customers

Business owners and operators who sign up for Cavorite, accept the Terms of Service, configure an AI receptionist, and pay for the service. We refer to these as "Customers" in this policy.

Callers

Individuals who place an inbound call to a phone number associated with a Customer's account, regardless of whether they have any prior relationship with that business or with Cavorite. Callers do not register with the Platform, but their voice and the information they share during a call flow through our systems while the AI handles the call on the Customer's behalf.

A person can be both — a Cavorite Customer might also be a Caller if they dial their own business line. The kinds of information we collect from each group, and the rights each group has, are described in Sections 3, 4, and 13.

3. Information We Collect from Customers

When you sign up for and use the Platform as a Customer, we collect the following kinds of information.

Account Information

Your email address, name, and business name
Your authentication credentials (if you sign in with a third-party identity provider such as Apple Sign In or Google Sign In, we receive only the minimum information needed to create your account)
Profile preferences (notification settings, language, appearance)

Business Configuration

Phone numbers you provision or forward through the Platform
Greetings, prompts, and AI behavior instructions you supply
Voice selection and tone preferences
Business hours, transfer destinations, and booking rules
Documents you upload to build your AI's knowledge base (menus, FAQs, service descriptions, and similar materials)
Calendar credentials when you connect Google Calendar or Microsoft Outlook to enable appointment booking

Subscription and Billing

Plan tier and renewal cadence
Usage metrics tied to your plan (minutes consumed, SMS sent, calls handled)
Payment-method tokens and transaction records (processed through our payment provider; we do not store full payment card numbers)

Device and Application Data

Device type, operating system version, and app version
Push notification token (only if you enable notifications, used solely to deliver call and account alerts)
App diagnostic and crash data

Identity Verification

One-time passwords ("OTPs") we deliver to your email address and, where applicable, to the mobile phone number you provide
Verification timestamps and outcomes (the OTP value itself is short-lived and is not stored after verification)

SMS Messaging Records

When you enable SMS features on the Platform, we collect and retain the phone numbers associated with your account, records of consent obtained from recipients of messages sent through your account, message content and delivery metadata, and opt-out preferences. SMS consent records are retained for the period required by applicable telecommunications law to demonstrate compliance with opt-in requirements. Section 12 of our Terms of Service governs the underlying SMS compliance obligations.

Google Workspace and Microsoft Calendar Integrations

When you connect Google Calendar, Microsoft Outlook, or another supported calendar to Cavorite, the Platform reads availability and creates events strictly to provide the appointment-booking functionality you have asked for. Cavorite's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

Calendar data is used only for the scheduling functionality you have explicitly requested
Calendar data is not transferred to any other application or third party except as strictly necessary to provide the service you have requested
Calendar data is not used for advertising of any kind
Calendar data is not used to develop, improve, or train generalized artificial intelligence or machine learning models
No person at Cavorite reads your calendar data except where required to investigate a specific security incident, abuse report, or legal request

You can revoke Cavorite's access to your calendar at any time through your Cavorite account settings or through your calendar provider's own access-management page.

4. Information We Collect from Callers

When a Caller phones a number associated with a Customer's account, the Platform handles the call on the Customer's behalf. In the course of doing so, we may receive:

The Caller's phone number, as supplied by the calling network
Audio of the Caller's voice during the call
The text transcript automatically generated from that audio
A summary of the call generated by the AI
Any information the Caller shares with the AI during the call (for example, their name, an email address, a description of what they need, an appointment time, or other details relevant to the business)
The duration, time, and disposition of the call (transferred, completed, missed, or similar)

Callers do not register with the Platform. We process Caller data on behalf of the Customer they called. Section 13 describes the rights Callers retain over their information.

The Customer is responsible for disclosing to Callers, before the call begins, that the call is being handled by an AI assistant and that it is being recorded, as required by the Terms of Service and by applicable state and federal law.

5. Information Automatically Collected

When you visit cavorite.ai or use the Cavorite mobile application, our infrastructure providers automatically collect server-level data, including:

IP address and approximate geographic location (city or region level)
Browser type and version, device type, and operating system
Pages visited and time spent on the website
Referring website, if any
Mobile application version and performance telemetry

This information is used for security, performance optimization, abuse prevention, and high-level analytics about how the Platform is used.

6. How We Use Information

We use the information we collect to:

Operate the AI receptionist service, including answering calls, generating transcripts and summaries, and notifying you of activity
Authenticate you and maintain account security
Process subscriptions, charges, refunds, and overage usage
Provide real-time call monitoring, takeover, and history through the mobile application
Send the transactional and product or marketing communications described in Section 6 of the Terms of Service
Improve the Platform, diagnose technical issues, and produce de-identified, aggregated analytics
Detect and prevent fraud, abuse, and violations of our Terms of Service
Comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others

We do not use Caller voice, audio, or content for advertising or marketing purposes.

Cavorite does not intentionally use identifiable Customer Content or identifiable Caller content (as defined in Section 18 of the Terms of Service) to train generalized AI models intended for use across customers. Any service-improvement or model-tuning work we conduct ourselves uses de-identified, aggregated patterns only.

7. Voice, Recordings, and Transcripts

Recording, transcription, and AI processing are essential to what the Platform does. The Platform records calls by default.

Recording

When the AI answers a call, the Platform captures audio of both the Caller and the AI agent. The recording is stored on infrastructure controlled by Cavorite and by the third-party service providers we engage to run the Platform (including providers responsible for telecommunications, voice processing, storage, computation, and database hosting).

Transcripts and Summaries

Audio is automatically transcribed into text in real time. A short summary of each call is generated by the AI after the call ends. Transcripts and summaries are stored alongside the recording and are accessible to the Customer through the mobile application.

AI Processing

During a call, audio and transcribed text are processed in real time by third-party voice and language model providers we engage to operate the AI agent. These providers process the data to generate the AI's response and to deliver the service. Their handling of Caller content, including any retention windows and operational uses, is governed by their own policies and by applicable law, and the relationship is structured to support the privacy purposes described in this policy.

Cavorite Enforcement Rights

Cavorite may suspend calling, recording, or AI-disclosure functionality on an account where required disclosures are not configured, where the configuration creates legal or regulatory risk, or where Customer use otherwise conflicts with the obligations in Section 11 of the Terms of Service.

Greeting and Consent

The Customer is responsible for configuring the AI greeting to disclose that the call is being recorded and that the Caller is speaking with an AI assistant, as required by federal and state law and by Section 11 of the Terms of Service.

Customer Access

Customers can review the recordings, transcripts, and summaries associated with their account through the mobile application and other Platform interfaces during the retention period described in Section 11 of this policy.

8. Cookies and Tracking

Our website does not use cookies for advertising or third-party tracking. We do not use Google Analytics or similar tracking services. Our hosting provider may set essential cookies for security and performance purposes; these are necessary for the website to function.

Our mobile application does not use advertising cookies, advertising identifiers (such as IDFA on iOS or AAID on Android), or third-party behavioral tracking SDKs. The application uses standard authentication and session identifiers required for the app to function securely.

9. Third-Party Services

We rely on third-party service providers to deliver portions of the Platform. The categories of provider we use include:

Cloud database and authentication providers (Customer account data, Customer Content storage, strict access controls)
Voice and call telecommunications providers (call routing, voice quality, carrier connectivity)
Voice and language model providers (real-time AI conversation, automatic transcription)
Object and file storage providers (recordings, document uploads)
Push notification delivery providers (mobile alerts)
Payment processors (subscription billing)
Email delivery providers (transactional and product communications)
Hosting and content delivery providers (website performance, security, and protection against denial-of-service attacks)
Identity providers when you choose to use them (Apple Sign In, Google Sign In, and similar OAuth-based sign-in)
Calendar providers when you connect them (Google Calendar, Microsoft Outlook)

These providers process data on our behalf under contractual obligations to maintain appropriate security and confidentiality, and to use the data only for the purposes we specify. We select providers that operate primarily in the United States.

We do not name individual vendors in this Privacy Policy as their specific identities may change over time. Cavorite AI LLC will share the current list at its discretion in response to a reasonable written request from a Customer for legitimate purposes such as vendor-risk review.

10. Data Sharing and Sales

We do not sell, rent, or trade Customer personal information or Caller personal information to third parties for advertising or marketing purposes.

We do not provide data to data brokers.

We do not use Caller voice, transcripts, summaries, or other Caller information for advertising or marketing of any kind.

We share data only with:

The service providers described in Section 9, strictly as needed for them to perform their function
The Customer whose account a Caller called, through the Platform interfaces (the Customer can see their own call recordings, transcripts, summaries, and Caller-supplied details — this is the core service)
Authorities and other parties when required by law, lawful process, or to protect the rights, property, or safety of Cavorite AI LLC, our Customers, our Callers, or the public

We may use anonymized, aggregated data (such as call counts, general language patterns, and performance metrics with no link to any individual) to operate, evaluate, and improve the Platform. Aggregated data cannot be used to identify any individual.

11. Data Retention

Customer Account Data

Account data, business configuration, uploaded documents, and related materials are retained while your Cavorite account is active. You can delete individual items (configurations, uploaded documents, knowledge-base entries) within the app at any time.

Account Deletion

When you delete your account, we permanently delete your associated data (account profile, configurations, uploaded documents, recordings, transcripts, summaries, and billing history not required for tax or audit purposes) from our systems within 30 days, except for data we are legally required to retain.

Call Recordings, Transcripts, and Summaries

Retained while the associated Customer account is active and for up to 30 days after the Customer account is terminated, suspended, or non-renewed. A Customer can initiate earlier deletion of individual calls through the mobile application.

Phone Numbers

Provisioned phone numbers are held for up to 30 days after Customer termination to allow porting to another carrier (see Section 9 of the Terms of Service), and are then released back to the carrier pool.

Inactive Accounts

Accounts that have been inactive for more than 24 months may be deleted after notice to the email address on file.

Aggregated and Anonymized Data

May be retained indefinitely as it cannot be linked back to an identifiable individual.

Backups

The retention periods above describe data in our live production systems. Copies of data may persist in encrypted, access-controlled archival backups for a reasonable additional period required for disaster recovery, business continuity, and security purposes, before being overwritten or destroyed in the ordinary course of those systems.

Important. Uninstalling the mobile application does not automatically delete your account or the data we hold for it on our servers. To request deletion, delete your account through the app settings or contact contact@cavorite.ai.

12. Data Security

We implement industry-standard technical and organizational measures to protect personal data, including:

Encryption of data in transit and at rest
Strict access controls, with each Customer scoped to their own data and a Customer's data shielded from any other Customer
Secure authentication; we do not store plain-text passwords
Regular security review and monitoring
Restricted employee and contractor access to personal data on a need-to-know basis
Contractual security and confidentiality commitments from our service providers

No method of transmission or storage over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify affected individuals and appropriate authorities as required by applicable law.

13. Your Rights

Depending on your location and the law that applies to you, you may have the following rights with respect to personal data we hold about you:

Access: request a copy of the personal data we hold
Correction: request correction of inaccurate data
Deletion: request deletion of personal data
Portability: receive your data in a portable format
Objection: object to certain processing
Withdraw consent: where processing relies on consent, withdraw that consent at any time

Customer Rights

Customers can exercise most of these rights directly in the mobile application: view your data, delete uploaded documents, delete individual recordings or transcripts, or delete the entire account. For anything that cannot be handled in-app, email contact@cavorite.ai.

Caller Rights

Callers may exercise their rights either by contacting us directly at contact@cavorite.ai, or by contacting the business they called and asking that business to delete or export the relevant call data using the Platform's tools. When a Caller contacts us directly, we will work with the relevant Customer to honor the request to the extent applicable law requires.

To make any rights request, please provide enough information to allow us to verify your identity and identify the data in question. We may decline requests that we cannot reasonably verify or that conflict with our legal obligations.

14. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). These include:

Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that collection, the business purposes for which it is used, and the categories of third parties with which it is shared
Right to delete — request deletion of personal information we have collected, subject to legal retention obligations
Right to correct — request correction of inaccurate personal information
Right to opt out of sales and sharing — as stated in Section 10, we do not sell personal information and we do not share personal information for cross-context behavioral advertising
Right to limit use of sensitive personal information — request that we limit our use of sensitive personal information (including voice recordings and voiceprints) to what is necessary to provide the service you have asked for
Right to non-discrimination — exercise these rights without being penalized in service quality or pricing

How to Exercise These Rights

Email contact@cavorite.ai with the subject line "CCPA Request" and include enough information to allow us to verify your identity and identify the data in question.

Response Timeframes

We will confirm receipt of a verifiable CCPA or CPRA request within 10 business days and respond substantively within 45 calendar days. Where reasonably necessary, we may extend the substantive response period by one additional 45-day window and will notify you in writing of any such extension and the reason for it.

Use of Sensitive Personal Information

Voice recordings, voiceprints, and similar audio-derived data may qualify as sensitive personal information under the CCPA and CPRA. Cavorite uses such sensitive personal information solely as reasonably necessary to provide the Platform, to maintain security, to prevent fraud, and to comply with legal obligations, and not for inferring characteristics or for any purpose to which the right to limit use under the CPRA would apply.

15. Voiceprints and Biometric Privacy

The Platform records and processes voice audio. Several U.S. states regulate the collection of voice-derived biometric data, including the Illinois Biometric Information Privacy Act ("BIPA"), the Texas Capture or Use of Biometric Identifier Act ("CUBI"), and Washington's biometric privacy statute. The following terms apply to residents of those states and other jurisdictions whose voice is captured by the Platform; where similar laws elsewhere impose stricter requirements, the stricter rules govern.

Definitions

For purposes of this Section 15:

Voiceprint means a digital representation of vocal characteristics derived from an individual's voice that can be used to identify that individual
Biometric identifier means a voiceprint as defined above, together with any other physiological or behavioral characteristic that BIPA or a comparable state law treats as a biometric identifier
Biometric information means information, regardless of how it is captured, converted, stored, or shared, based on an individual's biometric identifier that is used to identify the individual

Disclosure

We collect, store, and process voice audio when an Illinois resident calls a business that uses Cavorite. The purpose of this collection is to operate an AI receptionist that can answer the call, converse with the caller, schedule appointments, generate transcripts and summaries, and pass the resulting information back to the business. Audio, transcripts, summaries, and any derived voiceprint data are stored on infrastructure controlled by Cavorite AI LLC and the third-party service providers we engage to operate the Platform.

Consent

The Customer (the business the caller has dialed) is required by Section 11 of our Terms of Service and by Illinois law to inform the caller, before any substantive conversation, that the call is being recorded and that the caller is speaking with an AI assistant. A caller's decision to continue the call after that disclosure constitutes consent to the collection, storage, and processing of voice and voiceprint data as described in this Section 15. A caller who does not consent may end the call at that point.

Retention Schedule

Voice recordings, transcripts, summaries, and any derived voiceprint data are retained until the earliest of the following events:

The Customer deletes the corresponding call through the Platform
The Customer's account is terminated and the 30-day post-termination retention window described in Section 11 expires
Three (3) years have passed since the Customer's last account activity

Voiceprints and recordings are permanently deleted within 30 days of any of these events. Where applicable biometric privacy laws impose shorter or more specific retention requirements, those requirements control.

Restrictions on Use

Voiceprints, voice recordings, and transcripts derived from voice will NOT be sold, leased, traded, or otherwise disclosed for profit by Cavorite AI LLC. They will not be used for advertising or marketing of any kind. They will not be used to identify a caller in any context other than the call that produced them, and they will not be used in identifiable form to train or develop generalized AI models.

Withdrawal of Consent

To withdraw consent and request deletion of voice data associated with you, contact us at contact@cavorite.ai with enough information to identify the calls in question. We will route the request to the relevant Customer and assist them in honoring it under our normal deletion process.

16. International Data Transfers and GDPR

Where Data Is Processed

Your data may be processed in the United States, where the Platform is hosted. By using the Platform, you consent to this transfer.

Cross-Border Transfer Mechanisms

For users in the European Economic Area, the United Kingdom, or other jurisdictions with cross-border data-protection requirements, we process data in accordance with applicable regulations, including where relevant the General Data Protection Regulation ("GDPR") and the UK GDPR. Where required by applicable law, international transfers are carried out using approved mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful basis for transfer.

Controller and Processor Roles

For personal data we collect about Customers and people who interact with us directly (account holders, contact form submitters, prospects), Cavorite AI LLC acts as the data controller.

For Caller personal data that flows through the Platform in the course of operating the Customer's AI receptionist, the Customer acts as the data controller and Cavorite AI LLC acts as a data processor on the Customer's behalf. Customers who require a Data Processing Addendum to formalize this arrangement may request one by emailing contact@cavorite.ai.

Lawful Bases

Where the GDPR or UK GDPR applies, we process personal data under one or more of the following lawful bases:

Performance of a contract — to provide the Platform and the services you and your business have signed up for
Legitimate interests — to operate, secure, and improve the Platform, prevent abuse, and communicate with you about the service, where those interests are not overridden by your rights
Consent — where the law requires consent for a specific processing activity, and only for the activity to which you have consented
Compliance with legal obligations — to meet our obligations under applicable laws and lawful requests from authorities

17. Children's Privacy

The Platform is not directed at children. We do not knowingly collect personal data from children under the age of 18. You must be at least 18 years old to register as a Customer.

Callers who phone a Customer's business number may be of any age, but the Platform is not designed for direct interaction with children and we do not knowingly use the Platform to collect personal information from children. If you believe that a child has shared personal information through a Caller interaction with the Platform, please contact us at contact@cavorite.ai and we will work with the relevant Customer to delete that information.

18. Ownership Transfer

In the event that Cavorite AI LLC is sold, merged, acquired, or transfers substantially all of its assets, your personal data may be part of that transfer, subject to commitments from the successor entity to provide substantially similar privacy protections. If such a transfer occurs, we will notify Customers via email before the transfer takes effect. You may delete your account and all associated data at any time. Any changes to data practices following a transfer will be subject to the notification requirements described in Section 19.

19. Changes to This Policy

We may update this Privacy Policy from time to time. All changes will be posted on this page with an updated "Last updated" date and a plain-language summary of what changed.

Notification

For material changes, we will notify registered Customers via email before the changes take effect. The notification will include a summary of what changed. For visitors without an account, we will display a prominent notice on our website or within the mobile application.

Consent

For routine updates (clarifications, formatting changes, typographical corrections), continued use of the Platform after notification constitutes acceptance. For material changes that affect how personal data is collected, used, or shared, we will provide reasonable notice before the changes take effect. If you do not agree with the updated policy, you may delete your account and discontinue use of the Platform.

20. Contact Us

If you have any questions about this Privacy Policy, or to make a rights request, please contact us:

Cavorite AI LLC
16192 Coastal Highway, Lewes, DE 19958
Email: contact@cavorite.ai
Website: cavorite.ai/contact