18,742voicemails landed today
the call guy
Draft — pending legal review. This document was generated from current best-practice templates for a US + Canadian SaaS targeting auto dealerships. It is not legal advice. We will commission a licensed business attorney's review before onboarding the first paying dealership.

Privacy Policy

Effective date: May 17, 2026

This Privacy Policy explains what personal information The Call Guy collects, how we use it, who we share it with, and the choices you have. It applies to our marketing site (the-call-guy.vercel.app and successor domains) and our dashboard.

1. Who we are

The Call Guy is operated by Cohen Bell, based in Calgary, Alberta, Canada. Contact: cohenbell23@gmail.com.

2. Information we collect

Account data: name, email, hashed password, role, IP address at signup.

Workspace data: dealership name, default caller ID, configured plan, attestation records (signer name, email, IP, timestamp).

Contact data uploaded by Subscribers: phone numbers, optional first/last name, email, time zone, tags, and consent metadata. We process this as a data processor on behalf of the Subscriber; the Subscriber is the data controller.

Voice samples and recordings: audio uploaded for cloning plus generated synthetic audio. Stored in Vercel Blob with workspace-scoped paths.

Delivery and usage data: per-drop status, provider session IDs, timestamps, costs, opt-outs.

Billing data: Stripe customer ID, purchased credits, payment timestamps. Card numbers are never seen or stored by us — Stripe handles all payment data directly.

Technical data: server access logs, error reports, anonymized analytics about feature usage.

3. How we use it

  • To operate the platform and deliver the campaigns you initiate.
  • To enforce compliance gates (federal DNC scrubbing, opt-out honoring, quiet-hours enforcement).
  • To bill you correctly and provide receipts.
  • To investigate abuse and respond to legal process.
  • To improve the platform (in aggregate, never to enable cross-Subscriber data use).

4. Legal bases (GDPR / UK GDPR)

For Subscribers and personnel in the EEA / UK: we process personal information on the basis of (a) performance of the contract for our Subscribers, (b) our legitimate interests in operating and securing the platform, (c) compliance with a legal obligation where applicable, and (d) consent where required by law.

5. Sub-processors

We use the following service providers to operate the platform. Each is bound by data protection terms and is reviewed before onboarding:

  • Vercel — application hosting and Blob storage.
  • Neon — Postgres database hosting (us-east-1).
  • Slybroadcast (MobileSphere) — ringless voicemail delivery.
  • Stripe — payment processing and billing portal.
  • Resend — transactional email delivery.
  • Telnyx — inbound/outbound SMS for opt-out handling.
  • DoNotCallDNC.com — federal Do Not Call list scrubbing.
  • ElevenLabs — synthetic voice generation.
  • Sentry — error monitoring.

6. Sharing

We never sell personal information. We share only with the sub-processors above to operate the platform, or where required by law, court order, or to defend our legal rights.

7. Retention

Account and workspace data: retained for the life of the account and 90 days after termination. Delivery and usage logs: 24 months. Billing records: 7 years for tax compliance. Voice samples: until you delete the corresponding voice clone, or 90 days after account termination. Opt-out / suppression records: indefinitely, to honor opt-outs across future re-imports.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal information; to object to certain processing; to withdraw consent; and to lodge a complaint with your local data protection authority. To exercise these rights, email cohenbell23@gmail.com. We will respond within 30 days (or as required by applicable law).

California residents (CCPA / CPRA): you have additional rights to know, delete, correct, and limit the use of sensitive personal information. We do not "sell" or "share" personal information for cross-context behavioral advertising.

Canadian residents (PIPEDA): you may request access to and correction of your personal information at any time.

9. Security

We encrypt data in transit (TLS) and at rest (provider-level encryption on Neon, Vercel Blob, Stripe). Webhook endpoints are hardened with per-tenant unguessable tokens. Passwords are bcrypt-hashed. We do not store payment card numbers. No system is perfectly secure; we'll notify affected Subscribers without undue delay following any confirmed breach.

10. Cookies

We use a single first-party session cookie (tcg_session) to keep you signed in. We do not use third-party advertising or analytics cookies.

11. Children

The platform is for business use only and not directed to anyone under 18. We do not knowingly collect personal information from minors.

12. International transfers

Our infrastructure is hosted in the United States (Vercel, Neon, Stripe). If you are accessing the platform from outside the US, your information will be transferred to and processed in the US, which may have different data protection rules than your jurisdiction.

13. Changes

We may update this Privacy Policy from time to time. Material changes will be posted on this page and notified by email to workspace administrators.

14. Contact

Privacy questions or requests: cohenbell23@gmail.com.

Questions? Contact us — see also our Terms, Privacy Policy, and Data Processing Addendum.