Privacy Policy
Callspace Technologies Inc.
Effective Date: March 21, 2026 | Last Updated: May 14, 2026
1. Introduction
Callspace Technologies Inc. (“Callspace,” “we,” “us,” or “our”) is a Canadian corporation headquartered in Alberta, Canada. We provide an AI-powered customer support platform that answers voice calls on behalf of businesses. Our AI voice agents handle inbound calls, provide information, resolve inquiries, and route conversations as needed — supported by underlying communications infrastructure for voice and SMS (the “Service”).
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Service — whether you are a business customer (“Customer”), an authorized user of a Customer’s account (“User”), or an individual who communicates with a Customer through the Service (“End User”). We are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta’s Personal Information Protection Act (PIPA).
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Definitions
Personal Information means information about an identifiable individual, as defined under PIPEDA and PIPA. It does not include business contact information used solely for the purpose of communicating with an individual in relation to their employment, business, or profession.
Customer means a business or organization that subscribes to the Service.
User means an individual authorized by a Customer to access and use the Service on the Customer’s behalf.
End User means an individual who communicates with a Customer through the Service (for example, a person who calls a Customer’s phone number and interacts with the Customer’s AI voice agent).
3. Information We Collect
3.1 Account and Contact Information
When a Customer or User registers for the Service, we collect information such as name, email address, phone number, company name, job title, and billing address. We also collect payment information (processed by our payment provider, Stripe) necessary to manage subscriptions and billing.
3.2 Communication Content
The Service processes communication content on behalf of our Customers, which may include call recordings, call transcriptions, and SMS messages. Because calls are handled by AI voice agents, the Service also processes the real-time audio and speech of End Users during calls. This content may contain personal information about End Users. Customers are responsible for determining the purposes for which this content is collected and for obtaining any necessary consents from End Users.
3.3 AI-Derived Insights
Our AI voice agents process call content in real time to understand caller intent, provide relevant responses, and resolve inquiries. The Service also generates post-call insights from communication content, including call summaries, sentiment analysis, and issue categorization. These insights are derived from the communication content described above and are generated on behalf of, and made available to, our Customers.
3.4 Technical and Usage Information
We automatically collect certain technical information when you use the Service, including IP address, browser type and version, device type, operating system, pages visited within the Service, feature usage patterns, and referring URLs. We collect this information through server logs and analytics tools.
4. How We Use Personal Information
We use personal information for the following purposes:
Providing and operating the Service — processing communications, generating AI-derived insights, managing accounts, and delivering the features our Customers have subscribed to.
Billing and payments — processing transactions, managing subscriptions, sending invoices, and handling payment disputes.
Improving the Service — analyzing usage patterns, identifying technical issues, conducting internal research to improve performance and develop new features.
Security and fraud prevention — detecting, investigating, and preventing unauthorized access, abuse, or fraudulent activity.
Customer support — responding to inquiries, troubleshooting issues, and providing technical assistance.
Legal compliance — complying with applicable laws, regulations, court orders, or legal processes.
Communications — sending service-related notices, updates, and (where consent has been obtained) marketing communications.
5. AI Voice Agents, Call Recording, and AI Processing
5.1 AI Voice Agents
The core of the Service is an AI voice agent that answers inbound calls on behalf of our Customers. When an End User calls a Customer’s phone number, the call is answered by an AI agent — not a human representative — unless the call is routed to a human by the Customer’s configuration. The AI agent processes the End User’s speech in real time to understand their inquiry and provide a response.
Customers are responsible for configuring their AI agents and for any disclosures they choose to make to End Users about the use of AI in handling calls.
5.2 Call Recording
The Service allows Customers to record voice calls handled by AI agents. Alberta law permits one-party consent for call recording, meaning a call may be recorded when at least one party to the call consents. However, the applicable consent requirements may vary depending on the jurisdiction of the caller.
Customers are solely responsible for ensuring that their use of call recording features complies with all applicable laws in the jurisdictions where their calls originate and terminate. We recommend that Customers consult legal counsel regarding their recording practices.
5.3 AI Processing
Communication content processed through the Service is analyzed by our AI systems to handle calls in real time and to generate post-call outputs such as transcriptions, summaries, sentiment analysis, and other insights. This processing is performed solely on behalf of our Customers and in accordance with their instructions. We do not use Customer communication content to train general-purpose AI models.
6. How We Share Personal Information
We do not sell personal information. We share personal information only in the following circumstances:
6.1 Service Providers (Sub-Processors)
We engage trusted third-party service providers to help deliver and support the Service. These providers process personal information on our behalf and under our instructions. Our current sub-processors include:
| Provider | Purpose | Location | Processes Google user data? |
|---|---|---|---|
| Telnyx | Voice and SMS infrastructure, call routing | United States | No |
| Stripe | Payment processing and billing | United States | No |
| Cloudflare | Infrastructure, content delivery, and security | United States / Global | Yes (in transit / at rest as part of hosting Callspace) |
| PlanetScale | Database hosting | United States | Yes (encrypted at rest as part of hosting Callspace) |
| PostHog | Product analytics | United States | No |
| Google Analytics | Website analytics | United States | No |
| Google (Calendar, OAuth) | User-authorized calendar scheduling and sign-in | United States | Yes (source of the data, under the User’s OAuth grant) |
Each sub-processor is contractually obligated to protect personal information and to use it only for the purposes for which it was disclosed. Sub-processors that process Google user data are contractually required to use it only to support the Google integration the User has authorized, consistent with the Limited Use requirements of the Google API Services User Data Policy.
6.2 At Customer Direction
When a Customer configures integrations or features that involve sharing data with third-party services, we facilitate that data sharing in accordance with the Customer’s instructions.
6.3 Legal Requirements
We may disclose personal information where required or permitted by law, regulation, court order, subpoena, or other legal process, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
6.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected parties of any such transfer and any choices they may have regarding their personal information.
7. Cross-Border Transfers
Callspace is headquartered in Alberta, Canada, and our primary data storage is in Canada. However, some of our sub-processors operate in the United States, which means personal information may be transferred to, stored in, or processed in the United States. When personal information is transferred outside of Canada, it may be subject to the laws of the jurisdiction in which it is held, and it may be accessible to law enforcement and national security authorities of that jurisdiction.
We take reasonable steps to ensure that our sub-processors provide a comparable level of protection for personal information, including through contractual obligations that require them to safeguard personal information in a manner consistent with this Privacy Policy and applicable Canadian privacy legislation.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
Account information is retained for the duration of the Customer’s subscription and for a reasonable period thereafter to allow for account reactivation or to comply with legal obligations.
Communication content (call recordings, transcriptions, SMS messages) is retained in accordance with the retention settings configured by the Customer. Customers may delete communication content at any time through the Service.
AI-derived insights are retained for the same period as the underlying communication content from which they were generated, unless deleted earlier by the Customer.
Technical and usage data is retained in aggregated or anonymized form for analytical purposes and may be retained indefinitely in that form.
9. Security
We implement reasonable technical and organizational safeguards to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls and authentication mechanisms, regular security assessments, and monitoring for unauthorized activity.
No method of transmission or storage is completely secure. While we strive to protect personal information, we cannot guarantee absolute security.
10. Your Rights
Under PIPEDA and PIPA, individuals have certain rights with respect to their personal information. Subject to applicable exceptions, you have the right to:
Access — request access to the personal information we hold about you.
Correction — request correction of personal information that is inaccurate or incomplete.
Withdrawal of consent — withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. Withdrawal of consent may affect our ability to provide the Service.
To exercise any of these rights, please contact us using the information provided in Section 15 below. We will respond to your request within 30 days, as required by law.
For End Users: If you are an End User whose personal information has been collected through a Customer’s use of the Service, please direct your privacy inquiries to the Customer in question. Callspace processes End User data on behalf of Customers and may refer your request to the relevant Customer.
11. Cookies and Analytics
We use cookies and similar technologies to operate the Service, remember your preferences, and understand how the Service is used. We use analytics services, including Google Analytics and PostHog, to collect and analyze website and product usage information.
We do not send Google user data (data obtained through Google APIs, including Google Sign-In profile data and Google Calendar data) to any analytics service.
You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of the Service.
12. Children’s Privacy
The Service is designed for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete that information promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify Customers through the Service or by email and update the “Last Updated” date at the top of this policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect personal information.
14. Google Services Integration
This Section 14 governs our access, use, storage, sharing, and transfer of “Google user data” — information obtained through Google APIs. Notwithstanding any other provision of this Privacy Policy, Google user data is used, retained, shared, and transferred only as described in this Section 14. The general purposes described in Section 4 (including service improvement, internal research, product development, analytics, and marketing communications) do not apply to Google user data.
Callspace offers optional integrations with Google services, including Google Calendar (for scheduling) and Google Sign-In (for authentication). When a User connects a Google account, we access Google user data only with that User’s explicit consent, granted through Google’s OAuth authorization flow.
14.1 Google User Data We Access
Depending on the integration enabled, we access the following Google user data:
- Google Sign-In — name, email address, and Google account profile picture, used to authenticate Users and create or link a Callspace account.
- Google Calendar — calendar list, event details (title, time, attendees, description), and the ability to create, update, or delete events on the User’s behalf, used so that AI voice agents can check availability and book appointments during calls.
14.2 How We Use Google User Data
We use Google user data only to provide the user-facing features of the Service that the User has explicitly enabled — signing in to Callspace, displaying calendar availability, and creating, updating, or deleting calendar events on the User’s behalf in response to caller requests. We do not use Google user data to develop or improve features other than those the User has enabled, and we do not use it for any purpose unrelated to the integration the User authorized.
14.3 Limited Use Compliance
Callspace’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
In particular, we do not:
- Use Google user data for serving advertisements, including targeted, retargeted, or personalized advertising;
- Sell, license, or transfer Google user data to data brokers, information resellers, or any other party for advertising or marketing purposes;
- Use Google user data to develop, improve, or train generalized or non-personalized AI or machine learning models;
- Use Google user data to determine credit-worthiness or for any lending purpose;
- Sell Google user data.
We do not allow humans to read Google user data unless (a) we have the affected User’s affirmative agreement to view specific messages or data; (b) it is necessary for security purposes (such as investigating abuse); (c) it is necessary to comply with applicable law; or (d) the data has been aggregated and anonymized and is used for internal operations.
14.4 How We Store and Protect Google User Data
Google user data is stored on infrastructure operated by our sub-processors (see Section 6.1) and is protected by the security measures described in Section 9, including encryption of data in transit and at rest, access controls, and authentication. OAuth tokens are encrypted at rest and used only to maintain the integration the User has authorized.
14.5 Retention and Deletion
We retain Google user data only as long as needed to provide the integration the User has enabled. Users may disconnect a Google account at any time from within Callspace, which revokes our access and triggers deletion of the associated Google user data from our systems within a reasonable period. Users may also revoke our access directly at myaccount.google.com/permissions.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Callspace Technologies Inc. Alberta, Canada
Email: legal@usecallspace.com Website: usecallspace.com
If you are not satisfied with our response to your privacy inquiry, you may contact the Office of the Information and Privacy Commissioner of Alberta (OIPC) at oipc.ab.ca or the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.