Privacy Policy
Last updated July 8, 2026
Contents
1. Introduction2. Information we collect3. Calls, recordings & transcripts4. How we use information5. Legal bases6. Sharing & sub-processors7. Data retention8. Security9. Your rights10. International transfers11. Cookies12. Children13. Changes14. Contact1. Introduction
Swiftcierge ("Swiftcierge", "we", "us") provides an enterprise voice-AI receptionist platform. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our marketing site and product.
When we process personal data on behalf of a business customer (for example, information about their callers), we act as a processor and the customer is the controller. Our processing in that role is governed by the customer's agreement and our Data Processing Addendum (DPA).
2. Information we collect
- Account data: name, work email, organization, and role.
- Authentication data: sign-in method and identifiers (e.g. an OAuth subject, a one-time code or magic-link token, and session records). We do not store passwords when you use OAuth, OTP, or magic-link sign-in.
- Usage data: product interactions, device/browser metadata, and log data such as IP address and timestamps.
- Customer content: knowledge-base documents, calendars, contacts, tickets, and configuration you connect to the product.
- Communications data: call audio, recordings, transcripts, and derived metadata (see §3).
- Bot-protection signals: we use Cloudflare Turnstile on our authentication pages; Turnstile may collect signals to distinguish humans from bots.
3. Calls, recordings & transcripts
Our product answers and places phone calls on behalf of customers. Depending on the customer's configuration and applicable law, calls may be recorded and transcribed. Customers control recording-consent mode, disclosures, and retention. Where required, the AI provides a call-recording disclosure and honors do-not-call and opt-out requests.
- Recordings and transcripts are stored encrypted and scoped to the customer's tenant.
- Sensitive content can be redacted (including PHI in HIPAA mode) before storage or display.
- Every AI action is recorded to an append-only, hash-chained audit log.
4. How we use information
- To provide, operate, secure, and improve the product.
- To authenticate you and maintain sessions.
- To send transactional messages (e.g. sign-in codes and links) via our email provider.
- To prevent abuse, fraud, and security incidents.
- To comply with legal obligations.
We do not sell personal data, and we do not use customer call content to train foundation models.
5. Legal bases (EEA/UK)
Where GDPR/UK GDPR applies, we rely on: performance of a contract, legitimate interests (e.g. securing and improving the service), consent (where required, such as certain cookies or call recording), and compliance with legal obligations.
6. Sharing & sub-processors
We share information only as needed to run the service, including with sub-processors such as:
- Cloudflare — hosting, edge compute, storage, and bot protection (Turnstile).
- Telephony carriers (e.g. Telnyx, Twilio) — to originate and receive calls.
- Brevo — to deliver transactional email (sign-in codes and links).
- OAuth providers (e.g. Google, Microsoft) — when you choose social sign-in.
We may also disclose information to comply with law or to protect rights, safety, and security. A current sub-processor list is available on request.
7. Data retention
We retain personal data for as long as needed to provide the service and meet legal obligations. Customer content is retained per the customer's configured retention settings and deleted or returned on termination, subject to legal holds.
8. Security
We apply encryption in transit and at rest, server-side tenant isolation, role-based access control, least-privilege access, and an append-only audit trail. See our Security overview for more.
9. Your rights
Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent. For customer content where we act as a processor, we support requests through the controlling customer. Contact us to exercise your rights.
10. International transfers
We may process data in countries other than yours. Where required, we use appropriate safeguards such as Standard Contractual Clauses, and we offer data-residency options (including EU residency) for eligible plans.
11. Cookies
We use strictly necessary cookies for authentication and security (for example, a session cookie), and limited analytics where permitted. You can control non-essential cookies through your browser settings.
12. Children
The product is for business use and is not directed to children under 16, and we do not knowingly collect their data.
13. Changes
We may update this policy from time to time. Material changes will be posted here with a new "last updated" date.
14. Contact
Questions or requests? Email privacy@swiftcierge.com.