Privacy Policy

This Privacy Policy explains how Optify LLC(“Optify”, “we”, “us”) collects, uses, shares, and safeguards personal information when you use Operavo— our real-time voice agent that answers, qualifies, books, and hands off inbound calls — together with our dashboard, websites, and related services (the “Service”).

Operavo is sold to and configured by businesses (our Customers) who route their inbound phone calls through us. When you, as an end caller, dial a Customer using Operavo, the Customer is the “controller” of your personal information and Optify acts as a “processor” on their behalf. For our own marketing site and dashboard accounts, Optify is the controller.

Depending on how you interact with Operavo, we collect the following categories of information:

• Account data. Name, work email, company, password hash, role, and approval status you submit when you request access at /signup or sign in at /login.
• Call audio and transcripts. Inbound call recordings, real-time speech-to-text transcripts, and structured turn-by-turn logs of what was said by the caller and by Operavo.
• Caller details. Phone number, caller ID where available, and any details the caller shares on the call (typically full name, email, address, appointment preferences, and reason for calling).
• Booking and CRM data. Appointment time, calendar invite metadata, lead score (Hot / Warm / Cold), AI-generated summary, recommended next action, and any CRM or spreadsheet rows we write on your behalf.
• SMS confirmations. Phone numbers and message content sent through our telephony partners when Operavo texts a booking confirmation.
• Integration data. Read and write tokens for the third-party tools you connect — for example Google Calendar, Google Drive, Google Sheets, and SMS providers — limited to the scopes required to deliver the feature you enabled.
• Usage and device data. IP address, browser, operating system, pages visited, referring URL, and product interaction events for the dashboard. Used to keep the Service secure and to debug problems.
• Cookies. Strictly necessary cookies for authentication (session token, theme), and optional analytics cookies if you accept them. See Cookies & tracking below.

Operavo answers and records inbound phone calls on behalf of our Customers. Many U.S. states (including California, Florida, Pennsylvania, Massachusetts, and Washington) and several countries require all parties to consent before a call is recorded.

• Disclosure. Every Operavo workspace is configured to play a short recording disclosure at the start of the call (for example: “This call may be recorded for quality and scheduling.”). Customers are responsible for keeping that disclosure enabled in their region.
• Caller controls. A caller can ask Operavo to stop the recording or to be transferred to a human at any time. Operavo will not store audio if a caller opts out before consent is captured.
• Retention. Recordings are retained for the period configured by the Customer (default 90 days) and then permanently deleted.

We use the information described above to:

• Run live calls — route caller intent, check calendar availability, book the appointment, and trigger the SMS confirmation.
• Hand off to a human agent and pass a short spoken brief when the caller asks for a person or the conversation falls outside what Operavo should handle.
• Tag every call Hot / Warm / Cold, write a two-sentence summary, and recommend the next action so your team knows who to call back first.
• Provide and improve the Service, including debugging failed calls, tuning recovery prompts, and training internal speech models on de-identified data only.
• Keep accounts, audio, and integrations secure — detect abuse, prevent fraud, and respond to incidents.
• Send transactional messages (workspace approval, billing, security alerts) and, only with your consent, product updates and release notes.
• Comply with legal obligations and enforce our Terms.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

• Contract. To provide the Service to a Customer or to you as the dashboard user.
• Legitimate interests. To keep the Service secure, prevent abuse, improve product quality, and operate our business — balanced against your rights.
• Consent. For optional analytics cookies, marketing emails, and any recording in jurisdictions that require it.
• Legal obligation. To meet tax, accounting, and law-enforcement requirements.

We do not sell or rent personal information. We share it only with:

• Customers. The business whose number the caller dialed receives the call audio, transcript, lead score, and booking record so they can follow up.
• Sub-processors. Vetted vendors that run essential parts of the Service — telephony, speech-to-text, large-language-model inference, SMS delivery, calendar sync, error monitoring, cloud hosting, and email delivery. Each is bound by a written data-processing agreement and may only use the data to deliver their service.
• Professional advisors. Lawyers, auditors, and accountants under confidentiality obligations.
• Authorities. Where required by valid legal process, or to protect the rights, property, or safety of Optify, our Customers, or the public.
• Successors. In connection with a merger, acquisition, or sale of all or part of Optify — under equivalent privacy commitments.

Operavo is operated from the United States. When personal information is transferred from the EEA, UK, or Switzerland to the United States or other countries, we rely on the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures such as encryption in transit and at rest.

Retention defaults are listed below. Customers can shorten any of these in their workspace settings; we will not extend them without a written agreement.

• Call audio. 90 days from the call, then permanently deleted from primary storage and backups within a further 30 days.
• Transcripts & lead records. 13 months, so quarterly reporting works year-over-year.
• SMS message bodies. 90 days. Delivery metadata is kept for 13 months for deliverability auditing.
• Account & billing records. For the life of the account, plus 7 years after closure to meet tax and accounting obligations.
• Server logs. 30 days.

Subject to local law, you have the right to access, correct, delete, export, restrict, or object to our processing of your personal information, and to withdraw consent where processing is based on consent.

• Dashboard users. Manage most of these directly from your account, or email privacy@optifyllc.com.
• End callers. Submit your request to the Customer you called (they control your data); we will support them in fulfilling it.
• California (CCPA / CPRA). You have the right to know, delete, correct, and limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.
• Appeals. If we decline a request, you may appeal by replying to our decision email — we’ll respond within 45 days.

We protect your data with industry-standard safeguards: TLS 1.2+ in transit, AES-256 at rest, scoped access tokens, least-privilege IAM, mandatory two-factor authentication for staff with production access, and continuous logging of administrative actions. No system is perfectly secure — please tell us about a vulnerability at security@optifyllc.com.

We use a small set of cookies and similar technologies. You can manage non-essential cookies through your browser or our cookie banner where shown.

• Strictly necessary. Session, CSRF, and theme — required for the dashboard to work. Cannot be disabled.
• Product analytics. Aggregated usage events to improve flows. Loaded only after you opt in.
• No third-party advertising. We do not run ad-tracking pixels or share data with ad networks.

Operavo is built for businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@optifyllc.com and we will delete it.

We update this policy as the Service evolves. Material changes will be announced in-product and by email to workspace admins at least 14 days before they take effect. The “Last updated” date at the top of this page always reflects the current version.

For privacy questions, data-subject requests, or to designate an authorized agent, write to:

• Email. privacy@optifyllc.com
• Mail. Optify LLC, 1007 N Orange St, 4th Floor, Suite #1382, Wilmington, DE 19801, United States
• Security disclosures. security@optifyllc.com