# Privacy Policy — Greeta Voice (Business Users)

**Legal entity:** J.A.P TECH CONSULTING LLC, dba Greeta Voice  
**Effective date:** June 21, 2026  
**Last updated:** June 21, 2026  
**Website:** https://greetavoice.com  
**Privacy requests:** legal@greetavoice.com (subject line: **Privacy Request**)

---

## Introduction

Greeta Voice ("Greeta Voice," "we," "us," or "our") provides an AI-powered business communications and appointment platform for beauty, grooming, and similar non-medical service businesses.

This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you:

- (**Business User**) register for or use the Greeta Voice web dashboard, mobile app, and related services;
- (**End Customer**) interact with a Business User's AI assistant by phone or SMS; or
- visit **greetavoice.com** (including our newsletter or marketing pages).

This policy applies to the **standard Greeta Voice product**. A separate medical or HIPAA-regulated offering, if made available in the future, will be governed by separate documentation at a dedicated URL.

By using our services, you acknowledge this Privacy Policy. If you do not agree, do not use the services.

---

## 1. Information We Collect

### 1.1 Information You Provide Directly (Business Users)

When you register, subscribe, configure your account, or contact us, we may collect:

- Name, email address, phone number, and business name
- Business address and state/jurisdiction (used for account configuration, including call-recording defaults)
- Account credentials (authentication is handled by our identity provider; we do not store your password in plain text)
- Appointment, service, staff, team, and customer data you enter in the dashboard or mobile app
- AI agent configuration (assistant name, voice selection, language settings, call routing, recording preferences)
- Support messages and feedback
- Legal acceptance records (Terms of Service and Privacy Policy version, timestamp, language, and IP address)

**Payment information:** Subscription billing is processed by **Stripe**. Depending on your account, you may pay by card charged automatically or complete payment through a **Stripe Checkout** session or **Stripe Invoice** payment link. Greeta Voice does **not** store full payment card numbers. Stripe processes payment methods on our behalf.

**Square and other integrations:** If you connect Square, Google Calendar (where available), or other third-party services, we receive data necessary to sync bookings and business configuration. You are responsible for ensuring you have the right to share that data with us.

### 1.2 Demo Plan

If you use our free **Demo** plan ($0):

- We create a workspace with **sample services, staff, and business hours** for testing.
- The **customer list starts empty**; you may add a limited number of customers manually to try booking flows.
- Demo includes **limited AI test-call minutes** (as shown in your plan).
- Demo does **not** enable live call forwarding to your real business number or paid third-party integrations until you upgrade.

Information you enter during Demo (including test bookings and test-call audio or transcripts) is processed the same way as production data, but applies only to your Demo workspace unless and until you upgrade.

### 1.3 Product Updates and Marketing Communications

If you subscribe to our newsletter or product updates on greetavoice.com, we collect:

- Email address
- Date and time of signup
- Language preference (if selected)
- Referral or campaign source (if available)

We use this information to send product news, feature updates, and promotional offers you opted into. You may unsubscribe at any time using the link in our emails or by contacting legal@greetavoice.com.

### 1.4 End Customer Data

When your End Customers interact with your AI assistant, we collect and process certain information on your behalf and at your direction.

For all End Customer Data (including names, phone numbers, appointment details, call transcripts, and call audio when recording is enabled), **you (the Business User) are the data controller**, and Greeta Voice acts exclusively as a **service provider / data processor**. We process this data solely to provide the services you have configured, in accordance with your instructions and this Privacy Policy.

We do **not**:

- Use identifiable End Customer Data (raw calls, transcripts, or recordings) to train, retrain, or improve any AI models (ours or third-party).
- Share End Customer Data with third parties except as expressly permitted in Section 4 (Service Providers) or as required by law.
- Use End Customer Data for our own marketing, advertising, or product development purposes beyond operating and securing the Service you subscribed to.

We may use strictly anonymized and aggregated operational metrics (e.g. total call duration, success rate of booking, number of calls per day) that do not contain any personal information and cannot reasonably be used to re-identify any individual, solely for internal analytics and service improvement.

During Demo test calls, the caller may be you (the Business User) testing the system; we still process voice audio and transcripts for that session.

### 1.5 Information Collected Automatically

When you use our platform, mobile app, or website, we automatically collect:

- IP address and approximate location
- Browser type, operating system, and device identifiers
- Pages visited, session duration, and usage patterns
- Call logs, transcripts, AI interaction metadata, and consumed AI minutes (including End Customer Data processed on your behalf)
- Referral sources and advertising attribution data (where permitted)

### 1.6 Cookies and Tracking Technologies

We use:

- **Essential cookies** — required for platform functionality and authentication
- **Analytics cookies** — to understand usage and improve our services
- **Advertising or attribution technologies** — to measure campaign performance where permitted by law
- **Session cookies** — for account security

You may control cookies through your browser. Disabling certain cookies may affect functionality. Where required by law, we honor applicable privacy preference signals (including Global Privacy Control) for opt-out of certain sharing or processing.

### 1.7 Do Not Track

Certain browsers send "Do Not Track" (DNT) signals. Unless required by applicable law, we do not respond to DNT signals. Where required, we process qualifying browser-based privacy signals in accordance with applicable law.

### 1.8 Third-Party Websites

Our website or platform may link to third-party sites. We are not responsible for their privacy practices.

---

## 2. How We Use Your Information

We use information to:

- Provide, operate, maintain, and secure the Greeta Voice platform and AI features
- Process Demo workspaces, subscriptions, billing (via Stripe), and usage metering
- Facilitate integrations you connect (such as Square or Google Calendar, where available)
- Send service-related communications, security notices, and legal updates
- Operate product-update and marketing communications you opted into
- Detect fraud, abuse, and security incidents
- Comply with legal obligations

**We do not sell personal information for monetary consideration.**

**End Customer Data:** We process End Customer Data strictly as a data processor according to the Business User's instructions. We do not use identifiable End Customer conversations, transcripts, or recordings for training our AI models or for any purpose other than providing the Service. Any use of de-identified or aggregated data is limited to operational analytics and platform improvement and is subject to technical and organizational measures designed to prevent re-identification.

**AI and model training:** We do not use identifiable Business Data, raw call recordings, transcripts, or identifiable End Customer Data to train, retrain, or fine-tune third-party foundation models or Greeta Voice proprietary models without your **express written authorization**. We may use anonymized, aggregated, or de-identified operational data for analytics, security, quality assurance, and service improvement, consistent with this policy and applicable law.

---

## 3. Call Recording, Audio Processing, and Transcripts

### 3.1 How voice calls work

Our AI assistant processes live call audio in real time to understand speech and complete booking actions. We use synthetic text-to-speech voices. We do **not** clone individual human voices for identification, create **voiceprints**, perform **speaker diarization** for biometric identification, or use voice data for biometric authentication (see Section 12).

### 3.2 Optional call recording (Business User setting)

Call recording is **optional** and **disabled by default** for many accounts. When **enabled** in your agent settings:

- Callers may hear a disclosure that the call may be recorded (when configured).
- Call audio may be stored in our secure cloud storage (via our telephony provider) for up to the retention period in Section 5.

When call recording is **disabled**:

- We do **not** store call audio recordings.
- We may still process audio **in real time** to operate the service and may retain **call metadata, transcripts, and booking records** as described in Section 5.

**State-based defaults:** For Business Users registered in certain U.S. states with heightened recording or privacy requirements (including Illinois and Texas), call recording may be **unavailable or disabled by default**. You are responsible for compliance with laws that apply to your business and your callers' locations.

### 3.3 Recording consent

Laws on call recording and monitoring vary by jurisdiction (including one-party and all-party consent regimes). Business Users must configure appropriate disclosures where required. Tools and settings we provide are for operational convenience and **do not constitute legal advice**.

If a caller does not consent to recording where required by law, they may disconnect. By continuing a call after a disclosure where recording is enabled, callers may be deemed to have consented as permitted by applicable law.

### 3.4 SMS

When SMS features are enabled, messages are sent on your behalf for appointment-related communications. Business Users are responsible for TCPA-compliant consent from End Customers. See our Customer Privacy Policy for End Customer-facing SMS disclosures.

### 3.5 Google Calendar integration (optional)

When you connect **Google Calendar** on a supported paid plan, Greeta Voice accesses Google user data **only** to:

- Sync appointments between Greeta Voice and the Google Calendars you authorize  
- Map staff members to calendars you select in the dashboard  
- Create, update, or cancel calendar events needed to reflect bookings handled through the Service  

We store OAuth tokens **encrypted** on our servers. We do **not** use Google Calendar data for advertising, do not sell it, and do not use it to train AI models.

**Google API Services User Data:** Greeta Voice's use of information received from Google APIs adheres to the [Google API Services User Data Policy](https://developers.google.com/terms/api-services-user-data-policy), including the **Limited Use** requirements. We use Google user data only to provide the Calendar integration features you enable. We do not transfer Google user data except as necessary to operate the Service (for example, secure hosting with our subprocessors) or as required by law.

You may **revoke access** at any time by disconnecting Google Calendar in **Settings → Integrations** in the dashboard, or through your Google Account permissions at [myaccount.google.com/permissions](https://myaccount.google.com/permissions).

---

## 4. Sharing of Information

We act as a **data processor** with respect to End Customer Data. We only disclose such data to subprocessors (see table below) under strict contractual obligations that require them to process data solely on our behalf and in accordance with our documented instructions and this Privacy Policy.

We do not sell or rent personal information. We may disclose information to:

### 4.1 Service providers (subprocessors)

Third parties that help us operate the platform, under contractual or legal obligations to protect data and use it only to provide services to us. Current categories include:

| Provider (examples) | Purpose |
|---------------------|---------|
| **Stripe** | Subscription billing, invoices, payment processing |
| **Twilio** | Telephony, SMS, native call recordings (when enabled) |
| **xAI** | AI voice, speech-to-text, and text-to-speech for call handling |
| **Supabase** | Database, authentication infrastructure |
| **Cloudflare (R2)** | Secure storage of call recordings and voice artifacts |
| **Square** | Optional booking integration (when you connect) |
| **Google** | Optional Calendar integration; analytics (where used) |

This list may change as we update our infrastructure. Additional subprocessors may be provided upon request at legal@greetavoice.com or on our website.

### 4.2 Integration partners

When you connect third-party services, we share data necessary to enable those integrations.

### 4.3 Legal requirements

When we reasonably believe disclosure is required by law, regulation, legal process, or to protect rights, safety, or security.

### 4.4 Business transfers

In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality obligations.

### 4.5 Aggregated or de-identified data

We may use or share anonymized, aggregated, or de-identified information that cannot reasonably identify an individual.

---

## 5. Data Retention

| Data type | Retention period | Purpose |
|-----------|------------------|---------|
| Business account and profile | Active account + **90 days** after deletion | Operations, support |
| Demo sample data | Deleted with account | Testing |
| Call audio (when recording enabled) | **90 days**, then deleted | QA, disputes, consent documentation |
| Call audio (when recording disabled) | **Not stored** | — |
| Call transcripts and AI logs | **12 months**, then anonymized or deleted | Booking history, troubleshooting |
| Call recording consent / disclosure records | **4 years** | Legal compliance |
| Appointments and booking records | **12 months** after last activity, or with account + 90 days | Service functionality |
| Stripe billing and invoices | **7 years** | Tax and accounting |
| Contracts and legal acceptances | **5 years** after termination | Legal protection |
| Dispute-related records | **4 years** | Legal claims |
| End Customer Data after account deletion | Deleted or anonymized within **90 days** of account closure (subject to legal holds) | Processor obligations |
| Waitlist / marketing opt-out | Until unsubscribe + as needed to honor opt-out | CAN-SPAM / marketing compliance |

We may retain information longer where required by law or to establish, exercise, or defend legal claims.

---

## 6. Data Security

We implement commercially reasonable administrative, technical, and organizational measures, including:

- Encryption in transit (TLS)
- Role-based access controls
- Secure payment processing through Stripe
- Encrypted storage with reputable cloud providers

No method of transmission or storage is completely secure. In the event of a confirmed material breach affecting Business User personal information, we will notify affected Business Users without unreasonable delay and in accordance with applicable law. Business Users may have independent obligations to notify their End Customers.

---

## 7. Your Rights and Choices

Submit privacy requests to **legal@greetavoice.com** with subject line **Privacy Request**.

- We acknowledge requests within **10 business days** and respond within **45 days**, or as required by law.
- We may verify your identity before processing a request.
- Deletion is subject to legal retention, billing, and dispute requirements.

**End Customers:** If you are a customer of a salon using Greeta Voice, contact the **business** first for appointment records, call recordings, or transcripts. We process End Customer Data on the business's behalf.

**European Economic Area / UK / Poland:** Where applicable law grants you rights of access, rectification, erasure, restriction, portability, or objection regarding personal information we process as a **controller** (e.g., your Business User account data), contact legal@greetavoice.com. For End Customer Data, we respond as processor in coordination with the Business User where required.

You may opt out of marketing emails via unsubscribe links or by contacting us.

---

## 8. California and U.S. State Privacy Rights

California residents may have rights under the CCPA/CPRA, including access, deletion, correction, and information about our data practices. We do not sell personal information for monetary consideration.

Residents of other U.S. states may have additional rights under applicable state privacy laws. We honor applicable rights where required and may verify identity before processing requests. Where required, you may appeal a denial by contacting legal@greetavoice.com.

---

## 9. Children's Privacy

Our services are for business use and are not directed to individuals under **18**. We do not knowingly collect personal information from minors. If we learn we have collected such information, we will delete it promptly.

---

## 10. Emergency Services

Greeta Voice is **not** an emergency service. Do not use it for medical emergencies or immediate danger. Call **911** or local emergency services.

---

## 11. Non-Medical Use; Protected Health Information

### 11.1 Standard product scope

Greeta Voice standard is intended for **non-medical** businesses such as hair salons, barber shops, beauty studios, and similar appointment-based grooming and wellness services that do **not** require clinical or HIPAA-regulated workflows.

Unless you have a separate written agreement with us (including a Business Associate Agreement), Greeta Voice is **not** configured or certified to store, transmit, or process **Protected Health Information (PHI)** under HIPAA.

### 11.2 Prohibited uses

You must not use the standard Greeta Voice product for medical practices, clinical dermatology, plastic surgery, dental offices, mental health facilities, or other environments requiring HIPAA or equivalent medical privacy regimes.

### 11.3 Voluntary health information

End Customers should not volunteer clinical diagnoses, medical history, or sensitive health information during calls. If such information is spoken, it may appear in transcripts like any other speech. **We do not provide automated medical-data redaction** in the standard product.

### 11.4 Future medical offering

If we offer a separate medical or HIPAA-regulated product, it will be provided under **separate terms, pricing, privacy documentation, and technical environment** at a dedicated URL. The standard product terms and this Privacy Policy do not apply to that offering unless you explicitly enroll under those separate terms.

---

## 12. Voice Processing and Biometric Information

### 12.1 No biometric identification

We process live voice audio and generate transcripts solely to operate call handling and appointment booking. We do **not**:

- Create or store **voiceprints** or voice templates for identification or authentication;
- Use **speaker diarization** or similar technology to biometrically identify individuals;
- Use voice data for profiling or tracking beyond operational call handling.

Recent litigation under laws such as the Illinois Biometric Information Privacy Act (BIPA) often involves systems that **identify or distinguish speakers** using vocal characteristics. Our standard voice pipeline is designed for **conversation and booking**, not biometric identification.

### 12.2 Your compliance responsibilities

Business Users remain responsible for compliance with applicable laws governing call recording, electronic monitoring, and privacy—including laws that may apply based on the Business User's location and End Customers' locations. Greeta Voice does not block calls based on caller geography. We provide configurable recording disclosures; you must determine whether additional notices or consents are required.

### 12.3 Compliance with recording and privacy laws

Business Users remain solely responsible for compliance with applicable laws governing call recording, electronic monitoring, and privacy—including laws that may apply based on the Business User's location and End Customers' locations. Claims arising from unlawful recording, missing disclosures, or misuse of the Service are addressed in our [Terms of Service](https://greetavoice.com/terms) (including indemnification where applicable).

---

## 13. International Data Processing

We operate from the United States. If you access the Service from outside the U.S. (including Poland or the EU), you acknowledge that information may be transferred to, processed, and stored in the U.S. and other jurisdictions where we or our providers operate. Where required by law, we use appropriate transfer mechanisms (such as Standard Contractual Clauses).

---

## 14. Data Processing Agreements

Upon request, or as required by applicable law (including GDPR), we will enter into a **Data Processing Agreement (DPA)** with Business Users that further details our obligations as a data processor, including subject matter, duration, nature and purpose of processing, types of personal data, categories of data subjects, and subprocessors.

Our standard DPA is available by contacting **legal@greetavoice.com** (subject line: **DPA Request**). Execution of a DPA does not modify End Customer controller/processor roles described in Section 1.4 unless expressly stated in the DPA.

---

## 15. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy with a revised "Last updated" date.

**Material changes** will be communicated by **email** where practicable before or when they take effect.

**Material changes to our Terms of Service** require **affirmative acceptance in the dashboard** before continued use, as described in our Terms of Service. Non-material updates to this Privacy Policy may take effect upon posting.

---

## 16. Artificial Intelligence Optimization

We may use strictly de-identified and aggregated system metadata and operational statistics to evaluate, maintain, secure, and improve the performance of the Greeta Voice platform.

We do **not** use identifiable Business Data, call recordings, conversation transcripts, or any identifiable End Customer Data to train, fine-tune, or improve any AI models without your separate, **express written authorization**.

---

## 17. Contact Us

**J.A.P TECH CONSULTING LLC** (dba Greeta Voice)  
111 Town Square Place, Suite 1201  
Jersey City, NJ 07310  
United States  

**Email:** legal@greetavoice.com  
**Website:** https://greetavoice.com  

**Related policies:**  
- [Customer Privacy Policy](https://greetavoice.com/customer-privacy) (for salon clients / callers)  
- [Terms of Service](https://greetavoice.com/terms) (Business Users)

---

*This document is provided for publication on greetavoice.com and integration with the Greeta Voice dashboard. Have a qualified attorney review before relying on it in regulated contexts.*