Privacy Policy

Telora Inc. Effective Date: May 3rd 2026

1. Introduction

Telora Inc. provides an AI-powered voice receptionist platform that answers calls, books appointments, and integrates with your business software. This Privacy Policy explains how we collect, use, and protect information when you use gettelora.com or app.gettelora.com.

It covers two groups: Customers (businesses using Telora) and Callers (people who call a Customer's Telora-powered number). Customers act as the data controller for their Callers' data. Telora acts as the data processor.

2. Information We Collect

Account data: name, email, business name, billing details
Call data: audio recordings, transcripts, call duration, timestamps, and caller phone numbers
Caller data: names, spoken details, and any other information a Caller provides to the AI during a call
Integration data: OAuth tokens (stored encrypted), calendar IDs, CRM records synced at your direction
Usage data: dashboard activity, agent performance metrics, feature usage
Technical data: IP address, browser type, device identifiers, session logs, cookies

3. How We Use Your Information

Operate the AI receptionist: process calls, transcribe speech, generate responses
Booking and scheduling: read calendar availability and create or update events on your behalf
CRM sync: push call summaries and lead data to connected tools at your direction
Improve the Service: monitor performance, fix bugs, and analyze usage patterns
Billing and support: process payments and respond to your inquiries
Legal compliance: meet applicable legal and regulatory obligations

AI model training: we do not currently use your call recordings to train AI models. If this changes, we will notify you at least 14 days in advance and give you the ability to opt out.

4. Google API Services

Telora integrates with Google Calendar and Gmail. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

We request only the permissions needed: read calendar availability, create or update events, and send emails if configured
We do not use Google user data for advertising
We do not sell Google user data to third parties or data brokers
Google data is only used to complete the scheduling or communication action triggered during a call

Google OAuth tokens are stored encrypted in Supabase Vault and are deleted immediately when you disconnect the integration or close your account.

5. Third-Party Integrations and OAuth

You can connect tools like Clio, HubSpot, Salesforce, Outlook, and others via OAuth. When you do:

We request only the minimum scopes needed for the feature
OAuth tokens are stored encrypted in Supabase Vault and deleted when you disconnect the integration or close your account
Data is passed to those tools solely at your direction
You are responsible for the privacy practices of any tool you choose to connect

You can revoke access at any time from your Telora dashboard or directly from the third-party platform's settings.

6. AI and Audio Processing

To power the AI receptionist, call audio is transmitted to third-party AI providers for transcription and conversational processing. Our current providers are Deepgram (speech-to-text), OpenAI (language model), and ElevenLabs (voice synthesis).

We contractually restrict these providers from using your call audio or transcripts to train their foundational models. Telephony infrastructure is provided by Twilio and Telnyx.

7. Your Responsibility for Caller Consent

As a Telora Customer, you are the data controller for your Callers' data. You are responsible for complying with all applicable laws regarding call recording, wiretapping, and AI disclosure. This includes:

Notifying callers that they are speaking with an AI
Notifying callers that the call is being recorded and transcribed
Complying with two-party or all-party consent laws in your jurisdiction (e.g., certain U.S. states, Canadian provinces)

Telora is not liable for a Customer's failure to obtain proper consent from their Callers.

8. Data Retention and Deletion

We retain your data for as long as your account is active. When your account is cancelled or terminated:

Call recordings and transcripts are automatically deleted
OAuth tokens are deleted from Supabase Vault
Account and billing data may be retained as required by law

You can request deletion of specific data at any time by emailing support@gettelora.com. Disconnecting an integration immediately deletes its associated tokens.

9. Your Rights

Depending on where you are located, you may have rights to access, correct, or delete your personal information, or to withdraw consent. This includes rights under U.S. state privacy laws and Canada's PIPEDA.

To exercise any of these rights, email support@gettelora.com. We will respond within 30 days.

10. Healthcare Notice

Telora does not currently offer a Business Associate Agreement (BAA). If you operate in healthcare and intend to process Protected Health Information (PHI) through the Service, contact us at support@gettelora.com before doing so. Do not use Telora to process PHI until a BAA is in place.

11. Changes to This Policy

We may update this policy from time to time. For material changes, we will notify you by email at least 14 days before they take effect. Continued use of the Service after that date constitutes acceptance.

Questions? Contact us at support@gettelora.com or visit gettelora.com.