Privacy Policy

This Privacy Policy explains how EactiveNet, Inc. ("we," "us," or "our") handles personal information in connection with the Vortex Voice AI platform, websites, and related services (the "Services"). It applies to visitors to our website, customers who maintain an account ("Customers"), and individuals who interact with our Customers through the Services ("End Users", including callers).

For most call and account data, our Customers are the controller and EactiveNet acts as a processor on their behalf. Where we determine the purposes and means of processing (for example, our marketing website), we act as the controller.

1. Information We Collect

Information you provide

• Account information — name, business name, email address, and authentication credentials.
• Billing information — processed by our payment provider; we do not store full card numbers.
• Knowledge-base content — documents, policies, pricing, and FAQs you upload to train your AI receptionist.
• Support communications — messages you send to us.

Information collected automatically

• Usage and device data — log data, IP address, browser type, pages viewed, and timestamps.
• Cookies and similar technologies — as described in our Cookie Policy.

Call and voice data

When End Users place calls, the Services process telephone numbers, call metadata (such as time and duration), live audio, and real-time transcriptions in order to generate responses. As described in our Security documentation, live audio, transcripts, and intermediate AI outputs are processed in volatile memory and are not written to persistent storage; they are discarded when the call ends, except for limited metadata required for billing, fraud prevention, and service operation.

2. How We Use Information

• to provide, operate, secure, and improve the Services;
• to answer calls, generate knowledge-grounded responses, and synthesize voice;
• to process payments and manage subscriptions and credit ledgers;
• to detect, prevent, and investigate fraud, abuse, and security incidents;
• to communicate with you about your account, updates, and support; and
• to comply with legal obligations and enforce our agreements.

3. Legal Bases for Processing

Where the GDPR or similar laws apply, we rely on the following bases: performance of a contract; your consent (which you may withdraw); our legitimate interests in operating and securing the Services; and compliance with legal obligations.

4. How We Share Information

We do not sell personal information. We share information only as follows:

• Service providers / subprocessors — including our carrier partner (Telnyx), payment processor (Stripe), and compute provider (Modal), each engaged to perform functions on our behalf under appropriate confidentiality and data-protection terms;
• With your direction — when you configure integrations or instruct us to share;
• Legal and safety — to comply with law, lawful requests, or to protect rights, safety, and the integrity of the Services; and
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. International Data Transfers

We may process information in the United States and other countries. Where required, we implement appropriate safeguards, such as Standard Contractual Clauses, for cross-border transfers.

6. Data Retention

We retain account and billing records for as long as your account is active and as needed to comply with legal, tax, and accounting obligations. Live call audio and transcripts are not retained after a call ends. Knowledge-base content is retained until you delete it or close your account.

7. Security

We employ administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit, tenant isolation, and least-privilege access controls. See our Security page for details. No method of transmission or storage is perfectly secure.

8. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of California (CCPA/CPRA), the EEA/UK (GDPR), and other jurisdictions may have additional rights, including the right not to receive discriminatory treatment for exercising them. To exercise rights, contact [email protected]. If your data is processed on behalf of a Customer, we will refer your request to that Customer.

9. Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. We will post the revised Policy with an updated effective date and, where appropriate, provide additional notice.

11. Contact

For privacy questions or to exercise your rights, contact [email protected], EactiveNet, Inc.