Privacy Policy.

Last updated · 24 May 2026

1. Who we are

AICall.pw (“AICall”, “we”, “us”) is the AI voice-agent platform operated by PanicWorkz Digital Agency & Outsourcing, registered in İstanbul, Türkiye. We are the data controller for our website and account data, and a data processor for the call data you process through the platform.

2. What we collect

• Account data: name, work email, company, billing address and payment details.
• Call data: audio, transcripts, phone numbers and metadata for calls placed or received through the platform, on your behalf.
• Usage data: API logs, dashboard activity, device and IP information, used for security and reliability.
• Communications: emails, demo recordings and support tickets you send us.

3. How we use it

• To provide, operate and improve the voice-agent service.
• To meet contractual, billing, security and compliance obligations.
• To send service notices and, with your consent, product updates.

We do not sell personal data, and we do not use your call content to train models without your explicit instruction.

4. Legal bases

Where GDPR or KVKK applies, we rely on: performance of a contract (to provide the service), legitimate interests (security, service improvement), consent (marketing, certain cookies), and legal obligation (tax, accounting). You may withdraw consent at any time.

5. How we protect it

Call data runs on SOC 2 Type II infrastructure with TLS in transit, AES-256 at rest, role-based access controls and audit logging. HIPAA and PCI-DSS programs are available with the appropriate plan and agreements; PHI redaction runs before transcripts hit storage. See our Security page for detail.

6. Sharing & subprocessors

We share data only with vetted subprocessors necessary to operate the service — cloud hosting, telephony carriers and observability — under contractual confidentiality and data-protection terms. Our subprocessor list is published and updated quarterly. We also disclose data where required by law or to protect rights and safety.

7. International transfers

Data may be processed in the EU, the United States and Türkiye. Where data leaves your region, transfers rely on Standard Contractual Clauses or equivalent safeguards, and you may request a copy of the relevant mechanism.

8. Data retention

We retain account data while your account is active and as required for legal and accounting purposes. Call data is retained per your configured retention policy; you can shorten retention or delete records at any time. On account closure we delete personal data within a commercially reasonable period, subject to legal holds and routine backups.

9. Your rights

You can access, correct, export or delete your personal data at any time, and object to or restrict certain processing. Under GDPR/KVKK you may also lodge a complaint with your supervisory authority. Email [email protected] and we respond within 30 days.

10. Cookies & analytics

Our website uses essential cookies and privacy-friendly, cookieless analytics (self-hosted) to understand aggregate traffic. We do not use third-party advertising trackers. You can control non-essential cookies through your browser settings.

11. Children’s privacy

The service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal data from children; if you believe a child has provided data, contact us and we will delete it.

12. Changes & contact

We may update this policy and will post the new date and, for material changes, notify you in advance. Privacy questions: [email protected] · Postal: Nida Kule Batı, Ataşehir, İstanbul, Türkiye.