Arbol Artificial Intelligence, Inc. ("Arbol AI," "Company," "we," "us," and "our") provides innovative technology to allow our customers to implement AI-powered voice communication solutions. This Privacy Policy is designed to help you understand how we collect, use, and share personal information and to help you understand and exercise your privacy rights.
1. Scope
This Privacy Policy applies to personal information processed by us, including on our website (getarbol.com), mobile applications, APIs, and other online or offline offerings. To make this Privacy Policy easier to read, our website, products, solutions, and other offerings are collectively called "Services."
Important Note About Customer Data
This Privacy Policy does not apply to any personal information that our customers may process using Arbol AI's products and services ("Customer Data"). Our customers' respective privacy policies govern the collection and use of Customer Data. Our processing of Customer Data is governed by the contracts we have in place with our customers, not this Privacy Policy.
If you are an end user of the Services through our customer (for example, if you receive a call from an AI Employee configured by one of our customers), please direct any questions or requests relating to Customer Data to our customer directly.
For clarity:
Arbol AI is a Controller for the personal information we collect from customers in order to market, service, and provide access to and use of the Services.
Arbol AI is a Processor for Customer Data that is entered into the Services. The customer is the Controller, and we will only process Customer Data as agreed to provide Services under our Terms of Service or other contract with a customer.
2. Personal Information We Collect
The categories of personal information we collect depend on how you interact with us, our Services, and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, and information from other sources such as third-party services and organizations.
2.1 Information You Provide to Us Directly
We may collect the following personal information that you provide to us:
Category | Examples |
|---|---|
Account Information | Name, email address, phone number, company name, job title, password (encrypted), billing address |
Organization Information | Company name, industry, business description, website, timezone, team member information |
AI Employee Configuration | Business instructions, scripts, prompts, voice preferences, scheduling rules |
Payment Information | Payment card type, last 4 digits, billing address (full payment details processed by Stripe) |
Communications | Inquiries, feedback, survey responses, support tickets |
Job Applications | Resume, cover letter, employment history, references |
2.2 Information Collected Automatically
We may collect certain information automatically when you use our Services:
Category | Examples |
|---|---|
Device/Browser Data | IP address, device type, operating system, browser type and version, unique device identifiers |
Usage Data | Pages visited, features used, clicks, session duration, referring URL |
Location Data | Approximate location derived from IP address, timezone |
Log Data | Access times, error logs, API requests |
2.3 Cookies and Similar Technologies
We, as well as third parties that provide content or functionality on our Services, use cookies, pixel tags, local storage, and other technologies ("Technologies") to automatically collect information through your use of our Services.
Technology Type | Purpose |
|---|---|
Essential Cookies | Required for login, security, and core functionality |
Functional Cookies | Remember your preferences and settings |
Analytics Cookies | Understand how you use our Services to improve them |
Technologies We Use:
Google Analytics: We use Google Analytics to analyze how users interact with our Services. For more information and to opt out, visit: https://tools.google.com/dlpage/gaoptout/
Sentry: We use Sentry to track errors and performance issues. This may capture device information and user actions leading to errors.
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent some features from functioning properly.
2.4 Information From Other Sources
We may obtain information about you from other sources, including:
Third-party authentication providers (Clerk) when you sign in
Integration partners when you connect third-party services
Publicly available sources for business development purposes
3. How We Use Your Information
We use your information for a variety of business purposes:
3.1 Providing Our Services
Managing your account and providing access to the Services
Operating AI Employees and processing voice communications
Generating transcripts, summaries, and analytics
Processing payments and managing subscriptions
Providing customer support
Enabling third-party integrations you authorize
3.2 Improving AI Employee Performance (Within Your Organization)
We use your organization's data to improve AI Employee performance within your organization only. This means:
Your AI Employees learn from previous calls and interactions to improve future conversations
Call history and interaction patterns personalize AI Employee responses for your business context
This learning is isolated to your organization and benefits only your AI Employees
We DO NOT use your data to train general AI models or improve services for other customers
Your data is NEVER combined with data from other organizations
3.3 Administrative Purposes
Detecting and preventing fraud, security incidents, and illegal activity
Debugging and improving our Services
Enforcing our Terms of Service and policies
Complying with legal obligations
Auditing and compliance activities
3.4 Marketing (With Your Consent)
Sending information about our Services and features
Providing content we believe may interest you
Note: We do NOT use Customer Data (call recordings, transcripts, contacts) for marketing. Marketing communications are based solely on your account information and preferences.
3.5 De-identified and Aggregated Information
We may create de-identified or aggregated information that cannot identify you. We may use such information for any lawful purpose, including analytics and service improvement.
4. How We Disclose Your Information
We disclose your information to third parties only in the following circumstances. We do not sell your personal information.
4.1 Service Providers (Sub-Processors)
We share information with service providers who help us provide our Services. All service providers are contractually obligated to protect your information and can only use it as we instruct.
For a complete list of our Sub-Processors, including their purposes and certifications, please see our Sub-Processors page.
Key categories include:
Category | Providers | Purpose |
|---|---|---|
Infrastructure | Vercel, AWS | Hosting, storage, computing |
Authentication | Clerk | User identity and access management |
Database | Prisma | Data management |
Telephony | Twilio | Voice calls and SMS |
AI Processing | OpenAI | Language model services (not used for training) |
Payments | Stripe | Payment processing |
Resend | Transactional email delivery | |
Security | Cloudflare | CDN, DDoS protection, WAF |
Analytics | Google Analytics, Sentry | Usage analytics, error tracking |
4.2 Third-Party Integrations
When you connect third-party services (such as Google Calendar or Microsoft Outlook), we share the minimum information necessary for the integration to function. Your use of those services is governed by their respective privacy policies.
4.3 Legal Requirements
We may disclose information when required by law, including:
Valid subpoenas, court orders, or warrants
Government or regulatory requests
Law enforcement investigations
We will attempt to notify you of such requests unless legally prohibited or if notification would be futile or create a risk of harm.
4.4 Protection of Rights and Safety
We may disclose information when necessary to:
Protect our rights, property, or safety
Protect users or third parties
Prevent fraud or illegal activity
Enforce our Terms of Service
4.5 Business Transfers
If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.
4.6 With Your Consent
We may share your information for other purposes with your explicit consent.
5. Your Privacy Choices and Rights
5.1 Your Privacy Choices
Choice | How to Exercise |
|---|---|
Email Communications | Use the unsubscribe link in any marketing email. Note: You cannot opt out of service-related communications. |
Cookies | Adjust your browser settings or use our cookie preferences. |
Analytics Opt-Out | Google Analytics: https://tools.google.com/dlpage/gaoptout/ |
Do Not Track | We do not currently respond to DNT signals. |
5.2 Your Privacy Rights
Depending on your location, you may have the following rights:
Right | Description |
|---|---|
Access | Confirm whether we process your data and obtain a copy |
Correction | Correct inaccurate or incomplete data |
Deletion | Request deletion of your personal information |
Data Portability | Receive your data in a portable format (CSV, JSON) |
Opt-Out of Sale | We do not sell personal information |
Non-Discrimination | We will not discriminate against you for exercising rights |
5.3 State-Specific Rights
Delaware Residents (DPDPA)
If you are a Delaware resident, you have rights under the Delaware Personal Data Privacy Act (DPDPA), effective January 1, 2025:
Right to confirm processing and access your data
Right to correct inaccuracies
Right to delete your data
Right to data portability
Right to opt out of: (i) sale of personal data (we don't sell); (ii) targeted advertising (we don't do this); (iii) profiling with legal effects
California Residents (CCPA/CPRA)
If you are a California resident, please see our Supplemental Notice for California Residents in Section 10.
Other U.S. States
If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or other states with privacy legislation, you may have similar rights. Contact us at privacy@getarbol.com to exercise your rights.
5.4 How to Exercise Your Rights
To exercise your privacy rights:
Self-Service: Use options in your account dashboard
Email: privacy@getarbol.com
Mail: Arbol Artificial Intelligence, Inc., Attn: Privacy, 131 Continental Dr, Suite 305, Newark, DE 19713
We will respond within 45 days. If we need additional time, we will notify you (up to 90 days total).
5.5 Verification
To protect your privacy, we may need to verify your identity before processing your request.
5.6 Appeals
If we decline your request, you may appeal by contacting privacy@getarbol.com. We will respond to appeals within 60 days. If denied, you may contact your state's Attorney General.
6. Security of Your Information
We implement appropriate technical, administrative, and physical safeguards to protect your information:
Type | Measures |
|---|---|
Technical | Encryption (TLS 1.2+, AES-256), secure password hashing, MFA, intrusion detection |
Administrative | Access controls, employee training, background checks, security policies |
Physical | SOC 2 certified data centers, access controls, environmental protections |
No system is 100% secure. While we implement strong protections, we cannot guarantee absolute security. You are responsible for keeping your account credentials secure.
For more information, see our Security Overview at getarbol.com/security.
7. Data Retention
We retain personal information for as long as necessary to fulfill the purposes for which it was collected:
Data Type | Retention Period |
|---|---|
Account Information | Duration of account + 3 years |
Call Recordings | As configured by you; deletable anytime |
Transcripts | As configured by you; deletable anytime |
Call Metadata | Duration of account + 1 year |
Billing Records | 7 years (legal/tax requirement) |
Usage Logs | 2 years (then anonymized) |
Contact Data | Until you delete it |
Your Control: You can delete call recordings, transcripts, and contacts anytime through your dashboard. Deleted data is removed from active systems within 30 days and backups within 90 days.
Account Closure: When you close your account, we delete or anonymize your data within 90 days, except data we must retain for legal compliance.
8. Children's Information
Our Services are not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18.
If we learn we have collected information from a child under 18, we will delete it promptly. If you believe a child has provided us information, contact us immediately at privacy@getarbol.com.
9. Third-Party Websites and Applications
Our Services may contain links to third-party websites or applications. This Privacy Policy does not apply to them. We encourage you to review their privacy policies.
We are not responsible for the privacy practices or content of third-party websites or applications.
10. Supplemental Notices
10.1 Supplemental Notice for California Residents
This section applies to California residents and supplements our Privacy Policy pursuant to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
Category | Collected | Disclosed for Business Purpose | Sold/Shared |
|---|---|---|---|
Identifiers (name, email, phone) | Yes | Yes (Service Providers) | No |
Customer Records (billing info) | Yes | Yes (Payment Processors) | No |
Commercial Information (transactions) | Yes | Yes (Service Providers) | No |
Internet Activity (usage data) | Yes | Yes (Analytics Providers) | No |
Geolocation (approximate) | Yes | Yes (Service Providers) | No |
Professional Information | Yes | No | No |
Inferences | Yes | No | No |
Sources of Personal Information
We collect personal information from:
You directly
Automatically through your use of our Services
Third-party services you authorize
Business Purposes for Collection
We collect personal information for the purposes described in Section 3 of this Privacy Policy.
Sale and Sharing
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
Your California Rights
Right to Know: Request disclosure of personal information collected, used, and disclosed
Right to Delete: Request deletion of personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: We do not sell or share personal information
Right to Limit: Limit use of sensitive personal information (we do not use sensitive PI for purposes requiring opt-out)
Right to Non-Discrimination: We will not discriminate for exercising your rights
Shine the Light
Under California Civil Code Sections 1798.83-1798.84, California residents may request disclosure of personal information shared with third parties for direct marketing. We do not share personal information for third-party direct marketing.
How to Exercise Your California Rights
Contact us at:
Email: privacy@getarbol.com
Subject Line: "California Privacy Request"
10.2 Notice for Nevada Residents
If you are a Nevada resident, you have the right to opt out of the sale of certain personal information. We do not sell personal information. To exercise this right or ask questions, contact us at privacy@getarbol.com with the subject line "Nevada Do Not Sell Request."
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
We will update the "Last Updated" date
We will notify you via email or through our Services at least 30 days before changes take effect
Your continued use of our Services after changes take effect means you accept the updated Privacy Policy
If you do not agree with changes, you should stop using our Services and close your account.
12. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices:
Arbol Artificial Intelligence, Inc.
Attn: Privacy Inquiries
131 Continental Dr, Suite 305
Newark, DE 19713
United States
Email: privacy@getarbol.com
We will respond within 30 days.
Delaware residents with unresolved complaints may contact the Delaware Department of Justice at privacy@delaware.gov.