Privacy Policy

This Privacy Policy explains how Social Traffic Inc., doing business as Catchdesk, collects, uses, discloses, protects, and retains personal information when people visit our website, use our web dashboard or mobile app, call or text a business using Calvy, or otherwise interact with us.

Calvy is built for businesses that use AI-assisted calling, texting, appointment booking, lead follow-up, and customer conversation tools. That means we may process information about both our business customers and the people who call, text, book, or otherwise communicate with those businesses.

We try to keep this policy direct: we do not sell personal information, and we do use trusted service providers to run communications, hosting, analytics, billing, support, security, artificial intelligence, and integrations.

Our designated privacy contact is the Privacy Officer. Privacy requests, complaints, or questions can be sent using the contact information at the end of this policy.

For account, billing, website, support, security, and product analytics information, Calvy generally acts as the organization responsible for the personal information we collect.

For end-customer conversations handled on behalf of a business, including calls, texts, transcripts, recordings, booking details, and follow-up notes, Calvy generally acts as a service provider or processor for that business. The business using Calvy is responsible for giving any required notices, obtaining any required consent, and making sure its use of Calvy is lawful for its industry and location.

When we process end-customer information on behalf of a business, we use it only to provide, secure, support, maintain, and improve Calvy as described in this policy and our agreements with that business.

Depending on how Calvy is used, we may collect or process the following categories of information:

• Account information: name, email address, phone number, authentication identifiers, user profile information, role, business ownership, and login activity.
• Business profile information: business name, address, service area, phone numbers, website, industry, services, pricing or service descriptions when provided, availability, business hours, blocked dates, transfer settings, AI settings, saved messages, and knowledge base content.
• Customer and caller information: names, phone numbers, email addresses, addresses or job locations, requested services, appointment details, quotes or quote requests, preferences, notes, conversation context, opt-out status, and customer history.
• Communications content: inbound and outbound SMS, call metadata, call recordings when enabled, transcripts, AI summaries, post-call notes, saved-link sends, appointment confirmations, reminders, and owner replies.
• Billing and subscription information: plan, usage, invoices, payment status, limited payment metadata, tax information, subscription changes, and refunds. Full payment card details are handled by payment providers, not stored directly by Calvy.
• Device, usage, and log information: IP address, browser or device type, operating system, app version, pages or screens viewed, timestamps, diagnostics, crash/error reports, security logs, delivery logs, and approximate location derived from device or network information.
• Integration information: calendar connection status, calendar event IDs, OAuth tokens or refresh tokens where needed, places/address lookup results, and related integration metadata.
• Support information: messages sent to us, troubleshooting details, feedback, screenshots, files, or other information provided in a support interaction.

We ask users not to submit unnecessary sensitive information. Calvy is not designed for emergency dispatch or regulated health, legal, financial, or safety-critical use unless we have a separate written agreement that expressly covers that use.

If a business uses Calvy in a field where customers may provide sensitive information, that business is responsible for limiting what it asks customers to share and for configuring Calvy in a way that matches its legal obligations.

We use personal information for the purposes described below:

• Provide, operate, maintain, secure, and improve Calvy.
• Answer calls, process SMS, route conversations, create call records, and maintain inbox threads.
• Check availability, create bookings, send confirmations, send reminders, and manage follow-ups.
• Generate transcripts, summaries, call notes, customer memory, and structured lead or booking fields.
• Authenticate users, manage accounts, provide support, and communicate about the service.
• Process payments, manage subscriptions, enforce plan limits, and calculate usage.
• Detect abuse, spam, security incidents, fraud, and service reliability issues.
• Comply with legal obligations, enforce our Terms, and protect rights, safety, and property.
• Analyze product performance and understand how the website, app, and dashboard are used.

Calvy uses AI systems to help answer calls and texts, classify customer intent, summarize conversations, extract booking details, draft responses, and suggest or execute workflow actions. AI output can be incomplete or incorrect, so Calvy uses backend controls for important actions such as booking, availability checks, confirmations, reminders, follow-ups, opt-outs, and saved link sends.

Conversation content may be sent to AI and communications providers only as needed to deliver the service, improve reliability, troubleshoot issues, or comply with law. We do not sell call recordings, transcripts, SMS content, or customer conversation data.

Unless a business customer separately agrees in writing, Calvy does not use customer call recordings, transcripts, SMS content, or end-customer conversation data to train public foundation models. We configure AI providers to process customer content for Calvy service delivery and reliability, not for provider advertising or resale.

Limited human review may occur for support, abuse investigation, safety, quality assurance, legal compliance, or debugging, and only by personnel or providers with a business need to access the relevant information.

We share information only as needed for the service and the purposes described in this policy:

• With the business account: owners and authorized users can see customer conversations, bookings, calls, transcripts, recordings where enabled, SMS, notes, settings, and usage for their business.
• With service providers: we use providers for cloud hosting, databases, communications, phone numbers, AI processing, SMS, voice, email, push notifications, billing, analytics, crash/error reporting, security, customer support, and integrations.
• With integration partners: if a user connects an integration such as calendar, address lookup, app store billing, or payment processing, we share the information needed to make that integration work.
• For legal and safety reasons: we may disclose information to comply with law, court orders, lawful requests, enforce our agreements, investigate abuse, prevent harm, or protect Calvy, our customers, or others.
• Business transfers: if Calvy or part of our business is involved in a merger, financing, acquisition, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to appropriate protections.

We do not sell personal information. We also do not knowingly share personal information for cross-context behavioral advertising.

We require service providers and subprocessors to use personal information only for the services they provide to Calvy or as otherwise permitted by law, and to protect it using appropriate confidentiality and security commitments.

Calvy currently uses or may use providers in these categories. The exact provider list may change as we improve the service:

• Cloud infrastructure and edge hosting, including Cloudflare and Vercel.
• Database, authentication, storage, and realtime infrastructure, including Supabase.
• Voice, SMS, phone number, transcription, delivery, and communications infrastructure.
• AI model and inference providers used for conversation handling, summaries, classification, and drafting.
• Payments and subscriptions, including Stripe and Apple StoreKit where applicable.
• Calendar, address, and business lookup integrations, including Google services where connected.
• Analytics and error reporting, including Vercel Analytics and Sentry.
• Push notification infrastructure, including Apple Push Notification service.

These providers process information under their own terms and privacy commitments, and we use them to provide Calvy rather than to sell customer data.

Calvy helps businesses call, text, confirm appointments, send reminders, send saved links, and follow up with customers. Businesses using Calvy are responsible for making sure they have the required consent or other legal basis to contact people, including under anti-spam, telemarketing, call recording, and texting laws that may apply to them.

If a person replies STOP, UNSUBSCRIBE, CANCEL, END, or another supported opt-out command to SMS, Calvy may suppress future automated SMS to that number for the relevant business or as otherwise required by law and carrier rules.

Businesses should keep their own records of opt-ins, appointment relationships, customer requests, and other consent evidence. Calvy may keep delivery, opt-out, and message audit records to help businesses comply with carrier, anti-spam, and communications rules.

Transactional messages, service reminders, marketing messages, and follow-ups may be regulated differently depending on where the sender and recipient are located. Businesses are responsible for deciding which messages they may lawfully send through Calvy.

We keep personal information for as long as needed to provide Calvy, operate accounts, maintain security, resolve disputes, comply with legal obligations, enforce agreements, and support normal business records.

Some data may have product-specific retention controls, such as recording retention settings. If an account is deleted, we delete or de-identify account data where reasonably possible, subject to backups, logs, legal holds, dispute records, fraud prevention, payment records, and other legitimate retention needs.

Our normal retention approach is:

• Account and business profile data: kept while the account is active and for a reasonable period after closure for records, disputes, tax, security, and legal needs.
• Calls, SMS, transcripts, summaries, customer memory, bookings, and follow-up records: kept while needed to provide the business inbox, customer history, automation, compliance records, and support unless deleted or shortened by product controls.
• Recordings: kept according to account settings where available, provider limits, and legal or operational needs.
• Billing, tax, registration, carrier, and fraud-prevention records: kept as needed for accounting, carrier compliance, chargebacks, fraud prevention, and legal obligations.
• Security logs, delivery logs, diagnostics, and backups: kept for limited operational periods where practical, but backup deletion may lag production deletion.

We use technical, administrative, and organizational safeguards designed to protect personal information, including access controls, encryption in transit, provider security controls, logging, monitoring, and limited internal access based on business need.

No online service can guarantee perfect security. Customers should protect their account credentials, limit user access, and contact us immediately if they believe their account or data has been compromised.

If we become aware of a security incident involving personal information, we will assess it and provide notices required by applicable law, our customer agreements, and provider obligations.

Calvy is operated from Canada and uses service providers that may process or store information in Canada, the United States, and other countries. Laws in those countries may differ from the laws where a person lives.

When personal information is processed outside Canada, it may be accessible to courts, law enforcement, or government authorities in those jurisdictions. We use contractual, technical, and organizational safeguards intended to protect information handled by our providers.

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, withdrawal of consent, or information about how your personal information has been used or disclosed.

If you are an end customer of a business using Calvy, we may direct your request to that business because it controls the relationship with you. We will support our business customers in responding to valid privacy requests where required.

To make a privacy request, contact us using the information below. We may need to verify your identity and account relationship before responding.

You may also contact us to ask questions or challenge how we handle personal information. We will review privacy complaints and respond within a reasonable time, subject to legal limits and the role of the business customer that controls the end-customer relationship.

If California privacy law applies to your personal information, this section supplements the rest of the policy. In the previous 12 months, we may have collected the categories described in “Information we collect,” used them for the purposes described in “How we use information,” and disclosed them to the categories of recipients described in “How we share information.”

We do not sell personal information and do not knowingly share personal information for cross-context behavioral advertising. We do not knowingly sell or share personal information of people under 16.

California residents may have rights to know, access, correct, delete, or obtain a copy of personal information, to opt out of sale or sharing, to limit certain uses of sensitive personal information where applicable, and to be free from unlawful discrimination for exercising privacy rights. To exercise these rights, contact us using the information below.

Calvy is not directed to children under 13, and business accounts may not knowingly use Calvy to collect personal information from children except where they have the required legal authority and a separate written arrangement with us if needed.

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the website, dashboard, app, email, or another reasonable method. The “Last updated” date shows when this policy was last revised.

For privacy questions, requests, or complaints, contact our Privacy Officer: