This policy explains how Calistia, operated by Generative Studio (the “Company”, “we”), handles personal data. For your account data we act as a controller. For the call content we process on your behalf — recordings, transcripts, and caller details — we act as a processor, and you are the controller responsible for those callers’ data.
01Information we collect
- Account data — name, email, organisation, and authentication details when you sign up.
- Billing data — plan, usage, and the payment details handled by our payment processor (we do not store full card numbers).
- Call data — audio, recordings, transcripts, summaries, caller phone numbers, and metadata (time, duration, outcome) for calls your agents handle.
- Usage & device data — log data, IP address, and basic analytics about how the service is used.
02How we use it
- To provide, operate, and secure the service and handle calls as you configure.
- To process billing, meter credits, and prevent fraud and abuse.
- To provide support, send service notices, and improve reliability and quality.
- To comply with legal obligations.
We do not sell your data, and we do not use your call recordings or transcripts to train shared or third-party models.
03Legal bases
Where the GDPR applies, we rely on: performance of our contract with you; our legitimate interests in operating and securing the service; your consent where required; and compliance with legal obligations.
04Call recordings & transcripts
Recording and transcription happen because you enabled them. You are responsible for any notice or consent your callers require, and for any disclosure that an AI agent is handling the call. We provide controls to configure disclosure and retention.
05Sharing & subprocessors
We share data only with service providers who help us run Calistia, under contracts that require appropriate safeguards. Current categories include:
- Telephony — to originate, receive, and route calls and provision numbers.
- Speech & language — speech-to-text, text-to-speech, and language-model providers that power the voice agents.
- Infrastructure — cloud hosting, database, and content-delivery providers.
- Payments — our payment processor for subscriptions and top-ups.
We may also disclose data where required by law, or in connection with a merger or acquisition. A current list of subprocessors is available on request at hello@calistia.ai.
06Retention
We keep account and billing data for as long as your account is active and as required for legal and accounting purposes. Call recordings and transcripts are retained according to your settings and deleted on request or when no longer needed.
07Security
Data is encrypted in transit and at rest, access is scoped to your account, and we apply technical and organisational measures appropriate to the risk. No system is perfectly secure, but we work to protect your data and to notify you of incidents where required.
08International transfers
Your data may be processed in countries other than your own. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses.
09Your rights
Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object or withdraw consent. To exercise these rights, contact us at hello@calistia.ai. You may also lodge a complaint with your local data-protection authority.
10Cookies
Our website and dashboard use a small number of cookies needed for authentication, preferences, and basic analytics. You can control cookies through your browser settings.
11Children
Calistia is a business product and is not directed to children under 16.
12Changes & contact
We may update this policy and will note the date above; material changes will be notified through the service or by email. Questions or requests? Contact hello@calistia.ai.