Skip to main content
DialItBack to home

Last updated: March 22, 2026

Privacy Policy

Effective date: March 22, 2026

This Privacy Policy explains how Lautaro Figueroa LLC ("DialIt," "we," "us," or "our") collects, uses, stores, and protects your information when you use the DialIt service at dialit.io (the "Service").

DialIt is an AI-powered service that makes real phone calls on your behalf. Because we handle phone conversations, call recordings, and potentially sensitive personal information, we want to be completely transparent about what data we collect and why.

If you have questions about this policy, contact us at hello@dialit.io.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address — used for authentication, notifications, and communication
  • Name — used to identify you within the Service and, when relevant, to identify you during phone calls made on your behalf
  • Authentication credentials — if you sign up with email/password, your password is hashed and stored securely by our authentication provider (Supabase). If you sign up with Google OAuth, we receive your name and email from Google but never your Google password.

1.2 Phone Call Data

When DialIt makes a phone call on your behalf, we collect:

  • Phone numbers you provide (the businesses or individuals you ask us to call)
  • Call recordings — audio recordings of the full phone call, stored as audio files
  • Call transcripts — text transcripts of what was said during the call
  • Call metadata — duration, timestamps, call status (completed, failed, voicemail), SIP connection data
  • Call reports — AI-generated structured summaries of each call, including outcomes, action items, appointments, and key information extracted from the conversation

1.3 Chat and Conversation Data

Your interactions with the DialIt AI assistant are stored, including:

  • Messages you send — your task requests, instructions, follow-up questions, and approval decisions
  • AI responses — the assistant's replies, recommendations, and status updates
  • Conversation history — maintained so you can review past interactions and so the AI can reference prior context

1.4 Payment Information

If you subscribe to a paid plan, we collect:

  • Billing information — processed and stored entirely by Stripe, our payment processor. We do not store your credit card number, expiration date, or CVC on our servers. We retain your Stripe Customer ID and Subscription ID to manage your account.
  • Subscription details — your plan tier, billing period, and usage counts

1.5 Usage Data

We collect information about how you use the Service:

  • Call usage — number of calls made per billing period, call duration, call outcomes
  • Feature usage — which features you use (scheduling, multi-call tasks, etc.)
  • Analytics data — page views, interaction patterns, and performance metrics collected via PostHog and Vercel Analytics. This data is used to improve the product experience.

1.6 Device and Browser Information

When you access the Service, we automatically collect:

  • Browser type and version
  • Operating system
  • IP address
  • Referring URL
  • Pages visited and time spent

This information is collected through standard web analytics tools and is used for product improvement and security purposes.

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service — make phone calls on your behalf, generate transcripts and reports, manage your conversations
  • Process payments — manage subscriptions, enforce usage limits, handle billing
  • Send notifications — email you when a call completes, alert you when approval is needed during a live call
  • Improve the Service — analyze usage patterns to fix bugs, improve AI performance, and develop new features
  • Provide customer support — respond to your questions and troubleshoot issues
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations — respond to lawful requests from government authorities

We do not use your data to:

  • Sell your personal information to third parties
  • Show you targeted advertising
  • Train AI models on your personal data without your consent
  • Contact people on your behalf without your explicit request

3. How AI Processes Your Data

DialIt uses artificial intelligence at several points in the Service. Here is exactly what happens:

3.1 Chat Assistant (Planning and Coordination)

When you describe a task, your message is sent to Anthropic's Claude AI model (via API) to understand your request, plan the call, and coordinate with you. Your conversation history within a session is included for context.

3.2 Voice Agent (Making the Call)

During a live phone call, the conversation is processed in real time:

  • Speech-to-text: Your call audio is processed by Deepgram to convert speech to text
  • AI reasoning: The transcribed text is sent to OpenAI's GPT model (via LiveKit) to generate intelligent responses during the call
  • Text-to-speech: The AI's responses are converted to speech by Cartesia for the phone call

3.3 Post-Call Analysis

After each call, the full transcript is sent to Anthropic's Claude AI model to generate a structured call report (outcome, action items, appointments, key information). This happens automatically and is available in your dashboard.

3.4 Support Bot

If you interact with our customer support chatbot, your messages are processed by Anthropic's Claude AI model to provide helpful answers.

Important: We use these AI providers' APIs, which means your data is sent to their servers for processing. These providers have their own privacy policies and data handling practices. Under their API terms of service, they do not use API inputs/outputs to train their models. See Section 5 for details on each provider.

4. Call Recording and Consent

4.1 How Recording Works

All phone calls made by DialIt are recorded. Recordings are used to:

  • Provide you with a record of what was said during the call
  • Generate accurate transcripts
  • Produce detailed call reports
  • Verify that outcomes reported by the AI are truthful

4.2 Recording Consent Disclosure

At the beginning of every call, the DialIt AI agent identifies itself as an AI assistant calling on behalf of a named individual and discloses that the call is being recorded. This is done verbally at the start of the conversation.

4.3 Recording Consent Laws

Phone call recording laws vary by state in the United States:

  • One-party consent states (most states): Only one party to the call needs to consent. Since the user (you) authorized the call and the recording, consent is satisfied.
  • Two-party (all-party) consent states (California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, Pennsylvania, Washington): All parties to the call must be informed. DialIt's AI agent announces the recording at the start of every call to address this requirement.

We are committed to complying with recording consent laws in all US jurisdictions. If the other party on the call objects to being recorded, the AI agent will respect that request.

4.4 HIPAA Awareness

If you use DialIt to schedule medical appointments or interact with healthcare providers, your call may involve protected health information (PHI). We are aware of the potential HIPAA implications and are taking the following approach:

  • We treat all call data with the same level of security regardless of content
  • We encrypt all data at rest and in transit
  • We restrict access to call data to the user who initiated the call
  • We are evaluating whether DialIt qualifies as a HIPAA Business Associate and will pursue formal compliance (including Business Associate Agreements with our infrastructure providers) as needed

If you are a healthcare provider or covered entity, please contact us at hello@dialit.io before using the Service to discuss compliance requirements.

5. Third-Party Services

We use the following third-party services to operate DialIt. Each processes some of your data as described:

ServiceWhat They ProcessPurposePrivacy Policy
SupabaseAccount data, conversation history, call metadata, transcriptsDatabase, authentication, real-time updatessupabase.com/privacy
StripePayment and billing informationPayment processing, subscription managementstripe.com/privacy
Anthropic (Claude)Chat messages, call transcriptsAI chat assistant, post-call analysis, support botanthropic.com/privacy
OpenAI (GPT)Real-time call conversation textAI voice agent reasoning during callsopenai.com/privacy
LiveKitCall audio streams, SIP signalingVoice call infrastructure, real-time audiolivekit.io/privacy
TelnyxPhone numbers, SIP call dataTelephony (connecting calls to real phone numbers)telnyx.com/privacy-policy
DeepgramCall audioSpeech-to-text transcriptiondeepgram.com/privacy
CartesiaAI-generated text responsesText-to-speech (AI voice synthesis)cartesia.ai/privacy
Amazon Web Services (S3)Call recording audio filesCloud storage for recordingsaws.amazon.com/privacy
ResendYour email address, call summariesEmail notificationsresend.com/legal/privacy-policy
VercelWeb traffic data, server logsWeb application hostingvercel.com/legal/privacy-policy
PostHogUsage analytics, page viewsProduct analyticsposthog.com/privacy
Google (OAuth)Email, name (if you use Google sign-in)Authenticationpolicies.google.com/privacy

We require that all third-party service providers handle your data in accordance with their published privacy policies and applicable data protection laws.

6. Data Storage and Security

6.1 Where Your Data Is Stored

  • Database (account info, conversations, call metadata, transcripts, reports): Supabase-hosted PostgreSQL in the United States
  • Call recordings (audio files): Amazon S3 in the US East (Virginia) region
  • Payment data: Stripe's secure infrastructure (PCI DSS Level 1 compliant)

6.2 Security Measures

We implement the following security measures:

  • Encryption in transit: All data transmitted between your browser and our servers uses TLS (HTTPS)
  • Encryption at rest: Database and file storage use encryption at rest
  • Row-Level Security (RLS): Database access controls ensure you can only access your own data
  • Authentication: Secure session management via Supabase Auth with support for OAuth and email/password
  • Access controls: API endpoints verify authentication before serving any user data
  • Webhook verification: All inbound webhooks (from Stripe, LiveKit) are cryptographically verified
  • Environment isolation: Secrets and API keys are stored as environment variables, never in source code

6.3 Data Breach Response

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Provide details about what data was affected
  • Describe the steps we are taking to address the breach
  • Comply with all applicable breach notification laws

7. Data Retention

7.1 Active Accounts

For active accounts (including free tier), we retain:

  • Call recordings: Stored indefinitely
  • Call transcripts: Stored indefinitely
  • Call reports: Stored indefinitely
  • Chat history: Stored indefinitely
  • Account information: Retained as long as your account exists

We retain this data indefinitely so you can always go back and review past interactions, regardless of your plan tier.

7.2 Canceled Subscriptions

If you cancel a paid subscription, your account reverts to the free tier. All your historical data (recordings, transcripts, reports, chat history) remains accessible.

7.3 Deleted Accounts

If you request account deletion (see Section 8), we will:

  • Delete your account information, chat history, call metadata, and reports within 30 days
  • Delete your call recordings from cloud storage within 30 days
  • Retain anonymized usage data for analytics purposes
  • Retain any data we are legally required to keep (e.g., billing records for tax compliance)

7.4 Automated Cleanup

  • Temporary processing data (e.g., real-time audio streams during a call) is not stored after the call ends
  • Cron job execution logs are automatically purged after 7 days

8. Your Rights

8.1 Access and Portability

You have the right to:

  • Access your data — all your call recordings, transcripts, reports, and chat history are available in your DialItdashboard at any time
  • Export your data — contact us at hello@dialit.io to request a full export of your data in a machine-readable format

8.2 Correction

You can update your account information (name, email) through the Service or by contacting us.

8.3 Deletion

You can request deletion of your account and all associated data by contacting us at hello@dialit.io. We will process deletion requests within 30 days.

8.4 Opt-Out

  • Email notifications: You can opt out of call completion emails by contacting us
  • Analytics: You can use browser-level tools (Do Not Track, ad blockers) to limit analytics tracking

8.5 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know: What personal information we collect, use, and disclose
  • Right to delete: Request deletion of your personal information
  • Right to correct: Request correction of inaccurate personal information
  • Right to opt out of sale: We do not sell your personal information
  • Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

To exercise any of these rights, contact us at hello@dialit.io.

8.6 Other US State Privacy Laws

We aim to comply with all applicable US state privacy laws, including those in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states that have enacted consumer privacy legislation. If you are a resident of any of these states, you may have similar rights to those described above. Contact us to exercise them.

9. Children's Privacy

DialIt is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information promptly.

Users between the ages of 13 and 17 may use the Service only with the consent of a parent or legal guardian. By allowing a minor to use the Service, the parent or guardian agrees to our Terms of Service and this Privacy Policy on the minor's behalf, and assumes responsibility for the minor's use of the Service.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, or that your child between 13 and 17 is using the Service without your consent, please contact us at hello@dialit.io.

10. Cookies and Tracking

10.1 Essential Cookies

We use cookies that are necessary for the Service to function:

  • Authentication cookies — to keep you logged in
  • Session cookies — to maintain your session state

10.2 Analytics

We use PostHog and Vercel Analytics to understand how the Service is used. These tools may use cookies or similar technologies to collect usage data. This data is used solely for product improvement and is not shared with advertisers.

10.3 No Advertising Cookies

We do not use advertising cookies or tracking pixels. We do not serve ads. We do not share your data with ad networks.

11. International Users

DialIt is available worldwide. However, all data is processed and stored in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

Phone calls are currently limited to US phone numbers. International calling may be offered in the future, subject to additional terms.

By using the Service from outside the United States, you consent to the transfer of your data to the United States and acknowledge that your data will be subject to US data protection laws, which may differ from those in your country of residence.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you by email or through the Service for significant changes
  • Your continued use of the Service after changes take effect constitutes acceptance of the updated policy

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, contact us:

Lautaro Figueroa LLC
Email: hello@dialit.io
Website: https://dialit.io