Privacy Policy

Voice Pilot — It is a secure, AI-powered app designed to help businesses capture, transcribe, and analyze consent-given conversations. Turn discussions into actionable insights that drive better decision-making, improve team performance, and enhance business outcomes.

Effective Date: March 24, 2026  |  Last Updated: March 24, 2026

Calance (“Company,” “we,” “us,” or “our”) operates the Voice Pilot mobile application and related services (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use our Service.

1. Definitions

• “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• “Recorded Party” or “Participant” means any individual whose voice, statements, or conversations are captured in an audio recording made through the Service.
• “User” or “Agent” means the individual who has registered for an Voice Pilot account and uses the Service to make recordings.
• “Client” means a third party whose information is entered by the User in connection with a recording (e.g., a prospective buyer, seller, or other party to a real estate transaction).
• “Processing” means any operation performed on Personal Information, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, restriction, erasure, or destruction.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

• Full name
• Email address
• Phone number (optional)
• Organization/brokerage name
• Account credentials (password stored in hashed form only)
• User role within the organization

2.2 Audio Recording Data

• Audio recordings of conversations captured through the Service
• Recording metadata, including:
  • Date and time of recording
  • Duration of recording
  • Recording type (e.g., property showing, client meeting, phone call, negotiation, open house)
  • Recording title
  • File format and file size

2.3 Client and Transaction Information

• Client name
• Client email address
• Client phone number
• Property address
• Property MLS ID
• Additional notes entered by the User

2.4 AI-Generated Content

• Transcripts generated from audio recordings
• AI-generated conversation insights, including:
  • Conversation summaries
  • Key discussion points
  • Client objections and suggested responses
  • Follow-up action items
  • Sentiment analysis scores
  • Deal interest assessments
  • Client profile data (budget preferences, preferred areas, timelines, financing details)
  • Property-specific insights

2.5 Device and Technical Information

• Device type and operating system
• Application version
• IP address
• User agent information
• Unique device identifiers
• Crash logs and performance data

2.6 Usage Information

• Feature usage patterns
• Recording frequency and duration statistics
• Login timestamps and session data

2.7 Consent Records

• Consent confirmation timestamps
• Records of consent acknowledgment prior to each recording session

3. How We Collect Information

We collect information through the following methods:

• Directly from you when you create an account, make recordings, or enter metadata
• Automatically through your use of the Service (device information, usage data, logs)
• From third-party AI services that process your recordings (transcription results, generated insights)
• From your CRM integrations if you choose to connect external services (Quickbase, Kintone)

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Core Service Delivery

• Providing audio recording functionality
• Transcribing audio recordings using AI-powered speech recognition
• Generating conversation insights, summaries, and action items using large language models (LLMs)
• Storing and organizing your recordings, transcripts, and insights
• Enabling search and retrieval of past recordings and insights

4.2 Account Management

• Creating and managing your account
• Authenticating your identity and securing your sessions
• Processing password resets and account recovery
• Managing user roles and permissions within your organization

4.3 CRM and Third-Party Integrations

• Synchronizing recording data, transcripts, and insights with your configured CRM platforms (e.g., Quickbase, Kintone) at your direction
• Facilitating data export to external systems you have authorized

4.4 Service Improvement

• Analyzing usage patterns to improve Service features and performance
• Identifying and fixing bugs, errors, and security vulnerabilities
• Conducting internal analytics and reporting

4.5 Communications

• Sending transactional emails (password resets, account verification)
• Providing notifications about recording processing status
• Sending service-related announcements

4.6 Legal Compliance

• Maintaining audit logs as required for regulatory compliance
• Responding to legal process, subpoenas, or government requests
• Enforcing our Terms of Service

5. Audio Recordings and Transcription

5.1 Nature of Audio Data

Audio recordings are among the most sensitive data processed by the Service. They may contain:

• Voices and vocal characteristics of all participants
• Personal financial information discussed during conversations
• Property preferences, purchase intentions, and negotiation positions
• Contact details shared verbally
• Any other information discussed during recorded conversations

5.2 Transcription Process

Audio recordings are transmitted securely to third-party AI transcription services for speech-to-text conversion. The primary transcription provider is OpenAI (using the Whisper model), with Google Gemini as a fallback provider. Transcription data includes:

• Full text of the spoken conversation
• Timestamped segments for each portion of the transcript
• Language detection results
• Confidence scores

5.3 Audio Storage

• Audio files are stored on Amazon Web Services (AWS) S3 cloud storage
• Files are uploaded using time-limited, presigned URLs for security
• Audio files are associated with your user account and organization
• Audio files are deleted from our servers when you delete a recording through the Service

5.4 Important Notice About Audio Content

You are solely responsible for the content of recordings made through the Service. We do not monitor, review, or moderate the content of audio recordings except as necessary to provide the Service (i.e., automated transcription and insight generation).

6. Artificial Intelligence and Automated Processing

6.1 AI Services Used

The Service employs the following AI technologies:

• OpenAI Whisper — for audio-to-text transcription
• OpenAI GPT-4 — for generating conversation insights, summaries, and analysis
• Anthropic Claude — as an alternative AI provider for insight generation
• Google Gemini — as a fallback for both transcription and insight generation
• OpenAI Embeddings — for powering semantic search across your recordings

6.2 How AI Processes Your Data

• Audio recordings are sent to transcription services, which return text-based transcripts
• Transcripts, along with recording metadata (title, type, client name, property address), are sent to LLM services to generate structured insights
• Insights are generated automatically without human review
• Embeddings (mathematical representations) of insights are created for semantic search functionality

6.3 AI Limitations and Disclaimers

• AI-generated transcripts may contain errors, especially with technical terminology, proper nouns, accents, or overlapping speech
• AI-generated insights, sentiment analysis, and deal interest assessments are algorithmic predictions and should not be relied upon as the sole basis for business decisions
• AI outputs may occasionally produce inaccurate, incomplete, or biased results
• We do not guarantee the accuracy of any AI-generated content

6.4 Third-Party AI Provider Data Handling

When your data is sent to third-party AI providers:

• Data is transmitted via encrypted connections (TLS/HTTPS)
• Processing is governed by the respective provider’s data processing agreements
• We use API-based access, meaning your data is sent for processing and results are returned; however, provider retention policies may vary
• We recommend reviewing the privacy policies of our AI providers:
  • OpenAI: https://openai.com/privacy
  • Anthropic: https://www.anthropic.com/privacy
  • Google: https://policies.google.com/privacy

7. Two-Party Consent and Recording Laws

7.1 Your Legal Obligation

California (Cal. Penal Code Section 632) and several other U.S. states require the consent of ALL parties to a conversation before it may be recorded. Failure to obtain proper consent may result in criminal penalties (fines and/or imprisonment) and civil liability.

The Service is designed for use in two-party (all-party) consent jurisdictions, including but not limited to California. The Service includes a mandatory consent acknowledgment dialog that appears before each recording session.

7.2 Your Responsibilities

As a User of the Service, YOU are solely responsible for:

• Informing all participants that the conversation will be recorded BEFORE beginning any recording
• Obtaining explicit consent from every person whose voice will be captured
• Complying with all applicable federal, state, and local laws regarding audio recording and wiretapping in your jurisdiction and the jurisdiction of all recorded parties
• Not using the Service to record conversations where you do not have legal authorization to do so
• Understanding that the consent acknowledgment within the app is your attestation, not a substitute for actually obtaining consent from participants

7.3 Consent Tracking

The Service captures and stores:

• A timestamped record of your consent acknowledgment for each recording session
• Your affirmative confirmation that all parties have been informed and consent to the recording

7.4 Disclaimer

We do not verify whether you have actually obtained consent from all parties. The in-app consent dialog is a compliance tool designed to remind you of your legal obligations and to record your attestation. We bear no responsibility or liability for recordings made without proper consent.

8. Information Sharing and Disclosure

We may share your information in the following circumstances:

8.1 Within Your Organization

• Administrators within your organization may access recordings, transcripts, insights, and user activity data
• Organization-wide analytics and reporting may include aggregated data from all users

8.2 Third-Party Service Providers

We share information with service providers who assist in operating the Service (see Section 9 for details). These providers are contractually obligated to use your data only for the purposes of providing services to us.

8.3 CRM Integrations (At Your Direction)

If you configure CRM integrations (Quickbase, Kintone), recording data, transcripts, and insights will be transmitted to those platforms according to your configuration. Data shared with CRM platforms is thereafter subject to those platforms’ privacy policies.

8.4 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Subpoenas, court orders, or other legal process
• Requests from law enforcement or government agencies
• Protection of our legal rights, safety, or property
• Prevention of fraud or other illegal activities
• Protection of the rights, safety, or property of our users or the public

8.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your Personal Information.

8.6 With Your Consent

We may share your information for other purposes with your explicit consent.

8.7 Information We Do NOT Sell

We do not sell your Personal Information. We do not sell, rent, or trade your audio recordings, transcripts, insights, or any other Personal Information to third parties for monetary or other valuable consideration.

9. Third-Party Service Providers

We use the following categories of third-party service providers:

Each third-party provider is selected based on their security practices and is subject to contractual obligations regarding data protection.

10. Data Storage and Security

10.1 Storage Locations

• Audio files: Amazon S3 cloud storage (US region)
• Structured data: PostgreSQL database hosted on cloud infrastructure
• Temporary processing data: Redis (ephemeral, in-memory)
• Local device storage: Encrypted secure storage for authentication tokens; temporary audio files during recording (deleted after upload)

10.2 Security Measures

We implement the following security measures:

• Encryption in transit: All data transmitted between the app, our servers, and third-party services uses TLS/HTTPS encryption
• Secure authentication: JWT-based authentication with secure token storage
• Password security: Passwords are hashed using Argon2 (industry-standard algorithm) and are never stored in plaintext
• Access controls: Role-based access control (RBAC) limits data access based on user roles
• Presigned URLs: Audio file uploads and downloads use time-limited, cryptographically signed URLs
• Token management: Authentication tokens are stored in encrypted device storage (iOS Keychain, Android Encrypted SharedPreferences)
• Audit logging: All significant user actions are logged for security monitoring
• Rate limiting: API endpoints are rate-limited to prevent abuse

10.3 Security Limitations

Despite our efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not responsible for the actions of third parties, hackers, or the circumvention of any privacy settings or security measures.

11. Data Retention

11.1 Active Account Data

We retain your Personal Information for as long as your account is active or as needed to provide you with the Service. Specifically:

• Account information: Retained while your account is active
• Audio recordings: Retained until deleted by you or an administrator in your organization
• Transcripts and insights: Retained as long as the associated recording exists
• Audit logs: Retained for a minimum of one (1) year for compliance purposes
• Authentication tokens: Access tokens expire after 24 hours; refresh tokens expire after 30 days

11.2 Deleted Data

When you delete a recording through the Service:

• The audio file is deleted from cloud storage
• The associated transcript and insights are deleted from our database
• Sync history records are deleted
• Note: Data that has already been synced to third-party CRM platforms is not deleted from those platforms and is subject to those platforms’ retention policies

11.3 Account Deletion

Upon account deletion:

• All recordings, transcripts, insights, and associated data will be permanently deleted
• Account information will be removed from our active systems
• Some information may persist in encrypted backups for a limited period (up to 90 days) before being permanently purged
• Audit logs referencing your actions may be retained in anonymized form for compliance

11.4 Legal Holds

We may retain information beyond our standard retention periods if required by law, legal proceedings, or government investigation.

12. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights:

• Right to Access: Request a copy of the Personal Information we hold about you
• Right to Correction: Request correction of inaccurate Personal Information
• Right to Deletion: Request deletion of your Personal Information, subject to legal exceptions
• Right to Data Portability: Request your data in a structured, commonly used format
• Right to Restrict Processing: Request that we limit how we process your data
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, please contact us using the information in Section 19.

We will respond to verified requests within thirty (30) days. We may request additional information to verify your identity before fulfilling your request.

13. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

13.1 Right to Know

You have the right to request that we disclose:

• The categories of Personal Information we have collected about you
• The categories of sources from which Personal Information is collected
• The business or commercial purpose for collecting Personal Information
• The categories of third parties with whom we share Personal Information
• The specific pieces of Personal Information we have collected about you

13.2 Right to Delete

You have the right to request deletion of Personal Information we have collected from you, subject to certain exceptions (e.g., legal obligations, security purposes, completing a transaction you requested).

13.3 Right to Correct

You have the right to request that we correct inaccurate Personal Information that we maintain about you.

13.4 Right to Opt-Out of Sale or Sharing

We do not sell or share (as those terms are defined under the CCPA/CPRA) your Personal Information. Therefore, there is no need to opt out. If our practices change in the future, we will update this policy and provide an opt-out mechanism.

13.5 Right to Limit Use of Sensitive Personal Information

Certain information processed by the Service may qualify as “sensitive personal information” under the CPRA, including:

• Account login credentials (email and password)
• Contents of communications (audio recordings and transcripts)

We use sensitive personal information only as necessary to provide the Service and for the purposes disclosed in this Privacy Policy. You may request that we limit the use of your sensitive personal information to what is necessary.

13.6 Categories of Personal Information Collected (CCPA Disclosure)

13.7 How to Submit a Request

California residents may submit requests by:

• Emailing us at the address in Section 19
• Using the in-app data request feature (when available)

We will verify your identity using your account email address and may request additional information. An authorized agent may submit a request on your behalf with proper written authorization.

13.8 Non-Discrimination

We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you the Service, charge you different prices or rates, provide a different level or quality of service, or threaten any of the above.

13.9 Financial Incentives

We do not offer any financial incentives related to the collection, sale, or deletion of your Personal Information.

13.10 Metrics (Annual Disclosure)

We will maintain records of consumer requests received, complied with, and denied, and will publish metrics annually as required by the CCPA/CPRA.

14. Other State Privacy Rights

14.1 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and Other States

Residents of states with comprehensive privacy laws may have similar rights to those described in Sections 12 and 13, including the right to access, delete, correct, and opt out of certain processing. Please contact us to exercise these rights.

14.2 Nevada

Nevada residents may opt out of the sale of their personal information. As stated above, we do not sell personal information.

15. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a minor, please contact us immediately.

16. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using the Service, you consent to the transfer of your information to the United States and its processing as described in this Privacy Policy.

17. Do Not Track Signals

The Service does not currently respond to “Do Not Track” (DNT) browser signals. California law requires us to disclose how we respond to DNT signals. Because there is no industry-accepted standard for how to respond to DNT signals, we do not alter our data collection and use practices based on such signals.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be indicated by updating the “Last Updated” date at the top of this document. For material changes, we will:

• Provide prominent notice within the Service (e.g., in-app notification)
• Send an email notification to the address associated with your account
• Require re-acknowledgment of the updated policy where appropriate

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

19. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Calance
Email: Connect@Calance.com
Legal Entity Name: Partners Information Technology, Inc. (dba Calance)
Company HQ Address: 888 Disneyland Drive Suite 500, Anaheim, CA 92802

Other Email: vmehra@calance.com

We will acknowledge receipt of your request within ten (10) business days and will respond substantively within thirty (30) days, or forty-five (45) days if an extension is necessary (with notification).