Privacy Policy
Understand how we protect and use your personal data on our platform.
Arbol Artificial Intelligence, Inc.
A Delaware C Corporation
Version 2.0
Effective Date: January 3, 2026
Last Updated: January 3, 2026
1. Introduction
Arbol Artificial Intelligence, Inc. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use our AI-powered voice communication platform.
This Privacy Policy applies to our Services, including:
Our websites and applications
Our API services
All related features and tools
By using our Services, you agree to this Privacy Policy. If you don't agree, please don't use our Services.
2. Company Information
Arbol Artificial Intelligence, Inc.
Delaware C Corporation
Registered Office:
131 Continental Dr Suite 305
Newark, Delaware 19713
United States
Contact for Privacy Questions:
Tomás Girlado
Email: tomas@arbolai.co
For privacy complaints, Delaware residents may also contact:
Delaware Department of Justice
Email: privacy@delaware.gov
3. Our Core Privacy Commitments
3.1 No AI Training on Your Data
We DO NOT use your data to train AI models. Your conversations, call recordings, transcripts, contact information, and any other data are never used to train, improve, or develop AI systems (ours or anyone else's). Your data is used only to provide the Services you requested.
3.2 No Unauthorized Data Access
We DO NOT access your data without permission. Our employees won't access, review, listen to, or analyze your data without your explicit consent, except when:
Required by law or court order
Necessary to provide technical support you requested
Necessary to investigate Terms of Service violations
Necessary to protect safety of users or the public
3.3 No Sale of Personal Information
We DO NOT sell your personal information. We have never sold and will never sell your information to third parties.
3.4 No Targeted Advertising
We DO NOT use your information for targeted advertising. We don't use your data for personalized ads, and we don't share it with advertisers.
4. Data Hosting and Location
4.1 United States Hosting
All data is hosted exclusively in the United States. Our infrastructure is provided by U.S.-based companies with data centers in the United States.
4.2 Our Service Providers
We use these types of U.S.-based service providers:
Cloud Infrastructure: AWS, Google Cloud Platform, or similar providers
Voice/Telephony: Twilio and other U.S.-based telecommunications providers
Payment Processing: Stripe or similar PCI-DSS compliant processors
Email Services: U.S.-based transactional email providers
All service providers are contractually required to protect your information and can only use it as we instruct.
4.3 International Users
Our Services are designed for and hosted in the United States. If you access from outside the U.S.:
You do so at your own initiative
You're responsible for complying with your local laws
Your data will be transferred to and processed in the United States
We don't guarantee our Services comply with non-U.S. laws
5. Information We Collect
5.1 Account Information
When you create an account:
What We Collect | Why |
|---|---|
Name | Account identification |
Email address | Login and communications |
Phone number | Account verification and support |
Company name | Account context |
Password | Account security (encrypted) |
Billing address | Payment processing |
Payment method | Subscription billing |
5.2 Organization Information
To set up your AI Employees:
Company name, industry, and description
Business address, city, country, timezone
Business contact information (phone, email, website)
Organization logo (if uploaded)
Team member information (names, emails, roles)
5.3 Contact Data
Information about your contacts that you upload:
Names
Phone numbers
Email addresses
Custom properties you define
Notes and tags
Important: You confirm you have the legal right and necessary consents to provide this contact information to us.
5.4 Voice Communication Data
When using AI Employees:
Call Recordings: Audio recordings of conversations (when you enable recording)
Transcripts: Text versions of conversations
Call Metadata: Date, time, duration, phone numbers, call direction, status
AI-Generated Content: Summaries, extracted information, evaluation results
5.5 Campaign Data
When you create calling campaigns:
Campaign names and configurations
Contact lists and targeting
Scheduling settings
Performance metrics
5.6 Usage and Technical Data
Automatically collected:
IP address and approximate location
Browser type and version
Device type and operating system
Pages visited and features used
Date and time of access
Error reports and logs
5.7 Integration Data
When you connect third-party services:
Calendar availability (Google Calendar, Microsoft Outlook)
Authentication tokens (never your passwords)
Data needed for the integration to work
6. How We Use Your Information
6.1 Providing Services
Operating AI Employees and processing calls
Generating transcripts, summaries, and analytics
Managing contacts and campaigns
Enabling third-party integrations
Providing the dashboard and API
6.2 Account Management
Creating and maintaining your account
Processing payments and subscriptions
Providing customer support
Sending service notifications (billing, updates, etc.)
6.3 Service Improvement
Fixing bugs and errors
Analyzing aggregated, anonymized usage patterns
Improving performance and reliability
Developing new features
Note: We do NOT use your individual data for AI training.
6.4 Security and Compliance
Protecting against fraud and unauthorized access
Detecting security incidents
Complying with legal obligations
Enforcing our Terms of Service
6.5 Communications
Responding to your questions
Sending important service announcements
Providing requested information
We do NOT use your data for AI training or targeted advertising.
7. How We Share Your Information
We share your information only in these limited situations:
7.1 Service Providers
We share information with trusted third-party providers who help us run our Services:
U.S.-based companies
Contractually required to protect your information
Can't use your information for their own purposes
Must process data only as we instruct
7.2 Integrations You Enable
When you connect third-party services (like Google Calendar), we share the minimum information necessary. Your use of those services is subject to their privacy policies.
7.3 Legal Requirements
We may disclose information when required by:
Valid legal process (subpoenas, court orders, warrants)
Government or regulatory requests
Law enforcement investigations
We'll try to notify you of such requests unless legally prohibited.
7.4 Protection of Rights
We may disclose information to:
Protect our rights, property, or safety
Protect users' rights or safety
Prevent fraud or illegal activity
Enforce our Terms of Service
7.5 Business Transfers
If we're involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you via email and/or website notice of any ownership change.
7.6 With Your Consent
We may share information for other purposes with your explicit consent.
8. Your Privacy Rights
8.1 Delaware Privacy Law Compliance
We comply with the Delaware Personal Data Privacy Act (DPDPA). If you're a Delaware resident, you have these rights:
Access: Confirm whether we're processing your data and access that data
Correction: Correct inaccuracies in your data
Deletion: Delete data you've provided or we've collected
Data Portability: Get a copy of your data in a portable format
Opt-Out: Opt out of data sale (we don't sell data), targeted advertising (we don't do this), or certain profiling
8.2 Your Rights Regardless of Location
Access and Download: Access and download your data anytime through the dashboard
Correct: Update and correct your information through the dashboard
Delete: Delete call recordings, transcripts, contacts, campaigns, or your entire account
Export: Export your data in CSV or JSON format
Opt-Out of Marketing: Unsubscribe from marketing emails (you can't opt out of service-related communications)
Manage Integrations: Disconnect third-party services anytime
8.3 How to Exercise Your Rights
Contact us at:
Email: tomas@arbolai.co
We'll respond within 45 days. If we need more time, we'll notify you (up to 90 days total).
8.4 Appeals
If we decline your request, you can appeal by contacting us. We'll respond to appeals within 60 days. If denied, Delaware residents can file a complaint with the Delaware Department of Justice at privacy@delaware.gov.
8.5 No Discrimination
We won't discriminate against you for exercising privacy rights. We won't:
Deny you services
Charge different prices
Provide different quality
Suggest different treatment
9. Legal Compliance Information
9.1 Telephone Consumer Protection Act (TCPA)
The FCC confirmed that AI-generated voices are "artificial voices" under the TCPA. This means:
AI calls require prior express consent
Telemarketing AI calls require prior express written consent
All TCPA requirements apply to AI calls
Your Responsibilities as a User:
Get Consent: Obtain proper consent before making AI calls
Keep Records: Maintain records proving you got consent
Honor Opt-Outs: Immediately honor requests to stop calling
Time Limits: Don't call before 8 AM or after 9 PM recipient's time
Caller ID: Ensure proper caller ID
DNC Compliance: Check Do Not Call registries
We recommend having AI Employees disclose they're AI at the start of calls.
TCPA violations can result in $500-$1,500 per violation with no cap. You, as the user, are responsible for TCPA compliance.
9.2 Call Recording Laws
Recording laws vary by location:
One-Party Consent (38 states + D.C.): Only one party must consent
All-Party Consent (12 states): Everyone must consent. These states are:
California
Connecticut
Delaware
Florida
Illinois
Maryland
Massachusetts
Michigan
Montana
New Hampshire
Pennsylvania
Washington
Your Responsibilities:
Know the Law: Understand which laws apply based on locations
Disclose Recording: Have AI Employees announce recording
Get Consent: Obtain consent as required by law
Respect Objections: Don't record if someone objects
Recommended disclosure: "This call may be recorded for quality purposes. By continuing, you consent to being recorded."
Delaware is a two-party consent state. Recording without all parties' consent can result in criminal penalties.
10. Data Retention
10.1 How Long We Keep Data
Data Type | How Long |
|---|---|
Account Information | Account duration + 3 years |
Call Recordings | As you configure; delete anytime |
Transcripts | As you configure; delete anytime |
Call Metadata | Account duration + 1 year |
Billing Records | 7 years (legal requirement) |
Usage/Log Data | 2 years (then anonymized) |
Contact Data | Until you delete it |
10.2 Your Control
Delete recordings, transcripts, and contacts anytime through the dashboard. Deleted data is removed from active systems within 30 days and backups within 90 days.
10.3 Account Closure
When you close your account:
We delete or anonymize your data within 90 days
We may keep some data as legally required or for legitimate business needs
Billing records kept as required for taxes and legal compliance
11. Data Security
11.1 Security Measures
We protect your information with:
Technical Safeguards:
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Secure password hashing
Multi-factor authentication available
Regular security scanning
Intrusion detection
Administrative Safeguards:
Limited employee access (need-to-know basis)
Background checks for data access
Security training
Incident response procedures
Physical Safeguards:
SOC 2 Type II certified data centers
Physical access controls
Redundant systems and backups
11.2 Security Limitations
No security is 100% perfect. While we implement strong protections, we can't guarantee absolute security. You're responsible for keeping your account credentials secure.
11.3 Report Security Issues
If you find a security vulnerability:
Email: tomas@arbolai.co
Subject: Security Vulnerability Report
We'll investigate and respond promptly.
12. Data Breach Notification
12.1 Delaware Law Requirements
Delaware law requires notification after data breaches involving personal information.
12.2 Our Commitment
If there's a breach affecting your data, we will:
Investigate promptly to understand scope and impact
Notify you without unreasonable delay (within 60 days)
Notify Delaware Attorney General if 500+ Delaware residents affected
Provide credit monitoring (at least 1 year if Social Security numbers compromised)
Provide guidance on protecting yourself
12.3 What We'll Tell You
Breach notifications will include:
What happened
What information was involved
What we're doing about it
What you can do to protect yourself
Contact information for questions
Credit monitoring info (if applicable)
13. Cookies and Tracking
13.1 What We Use
Type | Purpose |
|---|---|
Essential Cookies | Enable login, security, preferences |
Analytics Cookies | Understand how you use our Services |
Performance Cookies | Monitor and improve platform performance |
13.2 Your Choices
Control cookies through:
Browser settings (block or delete cookies)
Browser privacy/incognito mode
Note: Disabling essential cookies may prevent some features from working.
13.3 Do Not Track
Some browsers offer "Do Not Track" signals. We don't currently respond to DNT signals, as there's no industry standard.
14. Third-Party Links and Services
Our Services may link to third-party websites or services. This Privacy Policy doesn't apply to them. We encourage you to review their privacy policies.
We're not responsible for third-party privacy practices or content.
15. Children's Privacy
Our Services are not for anyone under 18. We don't knowingly collect information from children under 18.
If we learn we've collected information from a child under 18, we'll delete it promptly. If you believe a child has provided us information, contact us immediately at tomas@arbolai.co.
16. Changes to This Privacy Policy
We may update this Privacy Policy. When we do:
We'll update the "Last Updated" date
We'll post the revised policy on our website
For material changes, we'll email you or notify you through the Services at least 30 days before changes take effect
Your continued use after changes take effect means you accept the updated Privacy Policy.
If you don't agree with changes, stop using our Services and close your account.
17. Governing Law
This Privacy Policy is governed by Delaware law and United States federal law.
Disputes relating to this Privacy Policy are subject to the exclusive jurisdiction of Delaware state and federal courts.
18. Contact Us
Questions, concerns, or complaints about this Privacy Policy or our privacy practices:
Arbol Artificial Intelligence, Inc.
Attn: Privacy Inquiries
131 Continental Dr Suite 305
Newark, DE 19713
United States
Email: tomas@arbolai.co
We'll respond within 30 days.
Delaware residents with unresolved complaints may contact the Delaware Department of Justice at privacy@delaware.gov.
19. Additional Information
19.1 Data Roles
For data protection purposes:
We are a Processor for contact data, call recordings, and transcripts you create
We are a Controller for your account information and our business operations
As a user, you are the Controller of contact data and recordings you create.
19.2 Security Standards
We implement and maintain reasonable security practices to prevent unauthorized acquisition, use, modification, disclosure, or destruction of personal information, in accordance with Delaware law.
Effective Date: January 3, 2026
This Privacy Policy describes how we handle your information. We're committed to transparency and protecting your privacy.
Reading Time
16 min
On this page