Privacy Policy for Hello AI

Data Controller

Annoying Labs, Botne Ltd. / Sorwi (Business ID 2769229-7)
Phone: +358454904443
Email: support@sorwi.fi

1. Introduction

This Privacy Policy explains how Hello AI (developed by Sorwi) ("we," "our," or "us") collects, uses, and protects your personal information when you use our Android dialer application ("App"). The App serves as a full Android dialer replacement with AI-powered features. By using the App, you agree to the terms outlined in this policy.

2. Information We Collect

When you use the App, we may collect the following information:

• Phone Number: Required for user registration and authentication. An SMS is sent to verify your phone number.
• Call Metadata: Information such as caller ID, call duration, timestamps, and call history to facilitate the AI conversation and real-time transcription.
• Real-Time Transcripts: The App opens connection to backend server during calls to provide live transcription. Transcripts are not stored permanently but may be processed temporarily for summarization.
• Email Address (Optional): If provided, the summary of the call contents will be sent to your email.
• Device Information: We may collect device-specific information such as model, operating system version, device identifiers for debugging and service improvements.
• Audio Data: The App uses audio during phone calls to enable AI conversation features and transcription services.
• SIM and Phone State Information: Information about your SIM card(s) and phone state to manage multi-SIM functionality and call routing.
• Installation Data: Information about other apps installed on your device may be accessed for system integration purposes only.
• Company account basics: Company name, business ID, contact person name, address, and phone number to enable company login and contract management.
• Billing details: Billing/finance contact email, e-invoice address and operator, OVT ID, and purchase order/reference to deliver invoices and meet accounting obligations.
• Per-number settings: Company-linked phone numbers, their labels/descriptions, and summary delivery email (summary_email) to send call summaries.
• AI profiles and prompts: Per-number prompts, welcome messages, and instruction texts that define Hello AI behavior for both consumer and business use.

3. How We Use Your Information

We use the collected information to:

• Verify your identity during registration.
• Enable real-time call transcription and AI interactions.
• Generate and send a summary of the call to your email (if provided).
• Provide full dialer functionality including making, receiving, and managing phone calls.
• Administer company accounts, user roles, number listings, and related settings.
• Prepare and deliver invoices (incl. e-invoice/OVT) and retain contract and purchase references.
• Provide support, communicate incidents, and meet accounting and reporting obligations.
• Support multi-SIM functionality and proper call routing.
• Improve App functionality and performance.
• Comply with legal and regulatory requirements.

4. Android App Permissions

To function as a complete dialer replacement, our application relies on Android's calling framework, which requires certain permissions. This allows the app to manage calls, contacts and function as a replacement as a primary phone application. Note that many of the features described are for dialer functionality, not specifically for Annoying Labs's features. Android mandates permissions to ensure user privacy and control of applications. A significant number of permissions requested are not for the advanced features of Annoying Labs itself but are required for any application that aims to function as a dialer in the Android environment. Permissions are categorized as follows.

Install-Time Permissions

Granted automatically upon installation:

• POST_NOTIFICATIONS: Display call notifications, Dialer uses this to tell a call is coming.
• USE_FULL_SCREEN_INTENT: Show calls on lock screen
• FOREGROUND_SERVICE & FOREGROUND_SERVICE_SPECIAL_USE: Manage calls in background
• WAKE_LOCK: Keep screen active during calls
• VIBRATE: Vibrate for incoming calls
• READ_SYNC_SETTINGS: Sync contact information, standard part of dialer app
• CONFIGURE_PHONE_ACCOUNT: Support VoIP and multi-SIM

Runtime Permissions

You will be prompted to grant these:

Essential Permissions

Required for core functionality:

• CALL_PHONE: Make phone calls
• READ_PHONE_STATE: Monitor SIM selection and call state
• ANSWER_PHONE_CALLS: Answer incoming calls
• MANAGE_OWN_CALLS: Manage active calls (hold, resume, conference)

Communication Permissions

• SEND_SMS & RECEIVE_SMS: Send and receive SMS for registration verification

Audio Permissions

• RECORD_AUDIO: Use microphone during calls
• MODIFY_AUDIO_SETTINGS: Control audio routing and volume

Contact and Call Log Permissions

Optional but recommended:

• READ_CONTACTS & WRITE_CONTACTS: Access and manage contact information
• READ_CALL_LOG & WRITE_CALL_LOG: Access and update call history

Storage Permissions

• READ_EXTERNAL_STORAGE & WRITE_EXTERNAL_STORAGE: Access contact photos and ringtones
• READ_MEDIA_IMAGES: Access contact photos

Camera and Flashlight Permissions

Optional:

• CAMERA & FLASHLIGHT: Flash notifications for incoming calls, future video calling

Special Permission

• SYSTEM_ALERT_WINDOW: Display incoming calls over other apps (requires manual enablement in settings)

5. Data Storage and Security

What We Store

• Account Information: Phone number, email address (if provided), and account settings are stored securely on our servers.
• Call Metadata: Call history, timestamps, and call-related information are stored to provide dialer functionality.
• Device Information: Device technical information is stored for app functionality and debugging.
• Company and billing information: Company profile details and billing contact data (email, e-invoice address and operator, OVT ID, purchase reference) are stored for contract and invoicing purposes.
• Number-specific settings: Linked numbers, labels/descriptions, summary email addresses, and number-specific AI prompts are stored for call routing, summary delivery, and AI behavior configuration.

What We Do NOT Store

• Calls: Calls are not recorded or stored.
• Real-Time Transcripts: Transcripts are processed temporarily during calls and discarded immediately after generating the call summary. They are not permanently stored.
• Audio Data: Audio is processed in real-time and not stored.

Data Retention

• Active Accounts: Data is retained while your account is active.
• Inactive Accounts: After your subscription ends or account becomes inactive, personal data is automatically deleted after 90 days of inactivity.
• Account Deletion: Upon account deletion request, all personal data is permanently deleted within 30 days (see Section 7 for details).

Security Measures

• We implement industry-standard security measures to protect your data from unauthorized access, misuse, or disclosure.
• All data transmission is encrypted using secure protocols.
• Access to personal data is restricted to authorized personnel only.

6. Third-Party Services

We may use third-party service providers for:

• SMS verification services: To verify your phone number during registration.
• Email delivery services: For email delivery to send call summaries and notifications.
• Speech-to-Text (STT) services: For real-time transcription during calls.
• Text-to-Speech (TTS) services: For voice synthesis during calls.
• AI models: For conversational AI features and processing.
• Cloud infrastructure: For temporary data processing and storage.

Data Processing and Storage Location: All data processing and storage operations are conducted within the EU/EEA (European Union/European Economic Area) region. We ensure that all third-party services we use process and store your data exclusively within EU/EEA data centers to comply with GDPR requirements.

GDPR Compliance: All third-party services we use are GDPR compliant. Data deletion happens automatically per service after processing is complete. We ensure all third-party services comply with applicable data protection regulations, including GDPR.

Data Usage Restrictions: AI data or any other data is not used for training purposes. Your data is processed solely for the purpose of providing the service and is not used to train or improve AI models or any other systems.

These providers are obligated to protect your information in accordance with their respective privacy policies and are prohibited from selling or misusing your data.

7. Your Choices and Rights - Account Deletion and Data Retention

Requesting Account Deletion

You have the right to request deletion of your Hello AI account at any time. To request account deletion:

1. Visit our account deletion page and submit your phone number, or
2. Contact our support team at support@sorwi.fi with your phone number

Data Deletion Upon Account Deletion Request

When you request account deletion, the following data will be permanently deleted within 30 days:

• Phone Number: Your registered phone number and associated account information
• Email Address: Your email address (if provided) and associated email preferences
• Call Metadata: All stored call history, timestamps, and call-related metadata
• Device Information: Device identifiers, model information, and OS version data
• Account Settings: All app preferences and configuration settings
• Registration Data: All authentication and registration information
• Company and billing information: Company profile details, contact information, and billing data are deleted unless applicable law (e.g., accounting rules) requires longer retention.

Data That Is Not Stored (No Deletion Needed)

The following data is never permanently stored and therefore does not require deletion:

• Call Recordings: Calls are not recorded or stored
• Real-Time Transcripts: Transcripts are processed temporarily during calls and discarded immediately after call summary generation
• Audio Data: Audio is processed in real-time and not stored

Data Retention Period

• Active Accounts: Your data is retained while your account is active and you are using Hello AI
• Inactive Accounts: If your subscription ends or your account becomes inactive, we automatically delete your personal data after 90 days of inactivity
• After Deletion Request: Upon receiving your deletion request, your data will be permanently deleted within 30 days. You can submit your deletion request on our account deletion page.
• Legal Requirements: We may retain certain data for longer periods if required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance). Such data will be retained only as long as legally required and will be deleted thereafter.

Other User Rights

• You may choose not to provide an email address, in which case you will not receive call summaries.
• You can disable the AI interaction feature at any time by changing your phone's default dialer app.
• You can revoke any granted permissions through your device's Settings > Apps > Hello AI > Permissions.
• You have the right to access, correct, or delete your personal information at any time.
• You have the right to data portability - you can request a copy of your data in a machine-readable format.

Note: Contact information stored locally on your device (such as contacts) is not affected by account deletion, as this data is stored on your device and managed by your device's operating system.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of significant changes through the App or other communication channels.

9. Contact Us

If you have any questions about this Privacy Policy, or to request account deletion, please contact us:

• Email: support@sorwi.fi
• Account Deletion: Visit our account deletion page or email support@sorwi.fi
• Developer: Sorwi
• App Name: Hello AI

By using Hello AI (developed by Sorwi), you acknowledge that you have read and understood this Privacy Policy.