Privacy Policy

Privacy Policy

Effective Date: June 11, 2025

This Privacy Policy is provided by RevRing Inc., a Delaware corporation doing business as “RevRing AI” (“RevRing AI”, “RevRing”, “we”, “us”, or “our”). It applies to:

  • Our website at revring.ai

  • Our voice AI platform, APIs, dashboards, and related services

  • Any other online services that link to this Policy

Together, we call these the “Services”.

This Policy describes how we collect, use, disclose, and protect information from:

  • Customers – businesses that use our platform

  • End Users – individuals who interact with voice AI agents built by our Customers

  • Visitors – people who visit our website or contact us for demos or support

By using our Services, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Services.

RevRing AI is a business-to-business platform. We do not offer Services to consumers for personal, family, or household use.


1. Key Definitions

  • Customer – a business entity that uses the Services under a subscription, Order Form, or online plan.

  • Customer Data – data, prompts, scripts, call content, call recordings (if enabled), and other information submitted to or generated in the Services by or for a Customer, including by its Downstream Clients or end users.

  • End User – an individual who interacts with a Customer’s voice AI agent (for example, a prospect, patient, shopper, or client).

  • End User Data – information about End Users processed via the Services, including Voice Data and interaction data.

  • Voice Data – audio recordings, real-time streams, transcripts, and related metadata generated by calls or voice interactions handled through our platform.

  • Usage Data – technical logs and telemetry about how the Services are accessed and used (for example, API calls, call durations, error logs).

These definitions are intended to align with our Terms & Conditions and any Master Service Agreement we sign with you.

2. Information We Collect

2.1 Information from Customers

Account Information

  • Business name, contact person, role, and contact details

  • Business email address and phone number

  • Billing address and tax information

  • Login credentials and authentication data

Billing and Payment Information

  • Limited card or bank data, handled via third-party payment processors (such as Stripe)

  • Billing history, invoices, and payment confirmations

Usage and Configuration

  • API calls and platform usage metrics

  • Call volumes, durations, and concurrency levels

  • Integration configurations and workflow settings

  • Support tickets, messages, and feedback

2.2 Information from End Users

When a Customer uses the platform to engage End Users, we process information on the Customer’s behalf. This may include:

Voice Data

  • Audio recordings of phone conversations (if recording is enabled by the Customer)

  • Real-time speech recognition output and transcripts

  • Call metadata such as timestamps, call duration, phone numbers, call direction (inbound or outbound), and call status

Interaction Data

  • Information End Users provide during calls (for example, answers to questions asked by an agent)

  • Call routing and transfer information (for example, which agent or number a call was forwarded to)

  • Language preferences and detected language

  • Interaction quality indicators (for example, whether a call ended due to hang-up, voicemail, or transfer)

The exact data collected depends on how the Customer configures their agents and what information they choose to request from End Users.

2.3 Information from Website Visitors

When you visit revring.ai or interact with forms on our site, we may collect:

  • IP address, browser type, device type, and operating system

  • Pages visited, referral URLs, and session duration

  • Form submissions (for example, demo requests, contact forms, newsletter signups)

  • Cookies and similar technologies (see Section 9)


3. How We Use Information

We use the information we collect for the following purposes:

3.1 To Provide and Operate the Services

  • Process voice interactions in real time

  • Deliver speech recognition, language model, and text-to-speech functionality

  • Route and manage calls, including voicemail detection and transfers

  • Provide analytics and reporting to Customers

  • Maintain Customer accounts and authenticate users

3.2 To Maintain and Secure the Platform

  • Monitor system health and performance

  • Detect and prevent fraud, abuse, and security incidents

  • Enforce our Terms & Conditions and acceptable use rules

  • Debug and resolve operational issues

Our infrastructure is designed to achieve low-latency performance and high availability. Any specific performance figures (such as latency targets or uptime goals) are design objectives and not guarantees unless expressly stated in a separate written service level agreement.

3.3 To Improve and Develop the Services

  • Analyze usage trends to improve reliability and scalability

  • Optimize model performance, routing logic, and integrations

  • Develop new features, products, and capabilities

When possible, we use aggregated or anonymized data that does not reasonably identify individual End Users or specific Customers for these purposes.

3.4 Legal, Compliance, and Protection

  • Comply with applicable laws, regulations, and legal processes

  • Respond to lawful requests from courts, regulators, or law enforcement

  • Protect our rights, property, and safety, and that of our Customers and users

  • Maintain records needed for accounting, tax, and dispute resolution

4. Legal Roles and Responsibilities

For most processing of End User Data, Customer is the data controller (or equivalent term under applicable law), and RevRing AI operates as a data processor or service provider.

  • Customers decide what data to collect, how long to keep it, and what legal basis they rely on.

  • Customers are responsible for informing End Users, obtaining any required consents, and honoring data subject rights (for example, access, deletion, and correction requests).

We process End User Data solely on documented instructions from the Customer, except where required by law.

For some activities (for example, billing, platform security, or marketing our own services), RevRing AI may act as an independent controller.


5. Data Processing, Storage, and Retention

5.1 Processing and Storage

  • Voice data is processed in real time on infrastructure we control or manage.

  • Audio and transcripts may be stored where recording is enabled or where needed to provide analytics and reporting.

  • Data is encrypted in transit and at rest using industry-standard techniques.

5.2 Retention

Default retention settings, which Customers can often configure, include:

  • Call recordings: 30 days (configurable per account or per campaign)

  • Transcripts: 90 days (configurable per account or per campaign)

  • Usage metadata and analytics: up to 24 months while the Customer’s account is active

We may retain Customer account data (such as billing records and account identifiers) for the duration of the account and, after closure, for limited periods needed for legitimate business purposes (for example, accounting, tax, security, and dispute resolution).

After account closure:

  • We may retain Customer Data for up to 90 days to support backup, dispute defense, and legal compliance, after which we may delete or anonymize it in the ordinary course of business.

  • We may retain anonymized or aggregated data, and limited billing records required by law (for example, accounting records), for longer periods.

Customers are responsible for exporting or backing up Customer Data they want to keep before they close their account or request deletion.

5.3 Regional Processing

  • Our primary infrastructure is located in the United States, with multi-region capacity.

  • For certain plans, Customers may opt for regional processing (for example, EU-only processing) where available.

  • For healthcare and other regulated industries, we may offer specialized environments and data handling commitments (for example, HIPAA-aligned configurations) as specified in separate agreements or addenda.


6. Information Sharing and Disclosure

We do not:

  • Sell Voice Data, transcripts, or End User Data.

  • Use End User Data for third-party advertising.

  • Share data with third parties for their independent marketing purposes.

We may share information as follows:

6.1 At the Customer’s Direction

  • With integrations the Customer configures (for example, CRM, calendar, analytics, ticketing systems).

  • Through webhooks or APIs to endpoints specified by the Customer.

  • When the Customer uses export or reporting features.

In these cases, the third party’s own privacy policies apply.

6.2 Service Providers

We use third-party vendors to help us operate the Services, such as:

  • Cloud and hosting providers

  • Telephony and connectivity providers

  • Payment processors

  • Analytics and monitoring tools

  • Support and ticketing platforms

These providers are bound by contractual obligations to use the data only on our behalf and to protect it appropriately.

6.3 Legal and Safety

We may disclose information if we believe in good faith that doing so is reasonably necessary to:

  • Comply with any applicable law, regulation, legal process, or governmental request

  • Protect the rights, property, or safety of RevRing Inc., our Customers, End Users, or the public

  • Detect, prevent, or address fraud, security, or technical issues

Where legally permissible, we will attempt to provide notice to the affected Customer before disclosing Customer Data in response to a legal request.


7. Healthcare, PHI, and HIPAA

Some Customers use the Services in connection with healthcare workflows that may involve Protected Health Information (“PHI”) under the U.S. Health Insurance Portability and Accountability Act and its implementing regulations (collectively, “HIPAA”).

7.1 HIPAA Support Only on Enterprise / HIPAA-Enabled Accounts

RevRing AI is not automatically configured to handle PHI. HIPAA-aligned use of the Services is available only for:

  • RevRing Enterprise plans that RevRing has expressly designated as HIPAA-enabled; or

  • Other accounts that RevRing has explicitly designated in writing (for example, in an Order Form or addendum) as “HIPAA-Enabled”,

and only when a valid Business Associate Agreement (“BAA”) between RevRing Inc. and the Customer is in effect.

Customers must not use standard, non-HIPAA plans, free or trial accounts, or any other accounts that are not explicitly HIPAA-enabled to store, process, or transmit PHI.

This approach is consistent with how major communications providers offer HIPAA-eligible services only under specific healthcare plans with a signed BAA.

7.2 Business Associate Agreement (BAA)

For Customers that are HIPAA “covered entities” or “business associates” and wish to use the Services with PHI:

  • RevRing will enter into its standard BAA (or a mutually agreed BAA) for eligible Services and accounts; and

  • The BAA governs RevRing’s use and protection of PHI as a business associate, in addition to this Privacy Policy and our Terms & Conditions.

If there is any conflict between this Privacy Policy and a signed BAA with respect to PHI, the BAA will control to the extent of the conflict.

Without an executed BAA and confirmation that an account is HIPAA-enabled, RevRing does not treat Customer as a HIPAA-covered entity for purposes of the Services and does not accept obligations as a HIPAA business associate with respect to data processed through that account.

7.3 How We Handle PHI on HIPAA-Enabled Accounts

Where a BAA is in place and an account is HIPAA-enabled, we:

  • Use PHI only to provide, maintain, secure, and support the Services as permitted in the BAA and Customer’s documented instructions.

  • Implement administrative, physical, and technical safeguards designed to protect PHI, consistent with the Security Rule and our contractual commitments.

  • Restrict disclosures of PHI to subcontractors and service providers that need it to help operate the HIPAA-enabled Services and that are bound by appropriate contractual protections.

  • Retain PHI only for the periods described in the BAA or otherwise agreed in writing, subject to legal retention requirements.

For HIPAA-enabled accounts, we do not use PHI to train generalized models or for unrelated analytics or marketing. We may continue to use de-identified or aggregated data, in accordance with the BAA and applicable law, to improve security, capacity planning, and reliability.

7.4 Customer Responsibilities for HIPAA Compliance

Even when a BAA is signed, HIPAA compliance remains a shared responsibility. Customers are responsible for:

  • Determining if and how HIPAA applies to their organization and use cases.

  • Configuring agents, call flows, prompts, integrations, and retention settings in a way that is appropriate for PHI.

  • Managing user access, credentials, and device security for their workforce.

  • Ensuring that third-party tools and integrations they connect to the Services (for example, CRMs, EHRs, ticketing systems) are appropriate for PHI and, where required, covered by the Customer’s own BAAs.

  • Providing required notices and obtaining required consents from patients and other individuals about how their information will be used.

We cannot monitor every configuration and workflow. We do not guarantee that a Customer’s use of the Services will be HIPAA-compliant; Customers must evaluate and manage their own obligations under HIPAA and similar laws.

7.5 PHI and Payments

We use third-party payment processors to handle payments for our Services. Those processors typically are not intended to receive PHI beyond what is strictly necessary to complete the financial transaction. Independent analyses confirm that Stripe and similar providers do not offer HIPAA-compliant handling of PHI outside of exempt payment processing, and they generally do not sign BAAs.

Customers must not include PHI in payment descriptions, invoice memos, or other free-text payment metadata, and should not use payment tools as a substitute for healthcare documentation or clinical records.


8. Security

We use a combination of technical and organizational measures designed to protect information we process:

  • Encryption in transit (TLS) and at rest

  • Access controls and authentication

  • Network segmentation and traffic filtering

  • Logging, monitoring, and anomaly detection

  • Employee confidentiality obligations and security training

  • Incident response processes

No system is perfectly secure. We cannot guarantee absolute security of your information. If we become aware of a security incident that affects your data, we will notify you as required by applicable law and our contractual commitments.

9. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and, in some cases, within the application interface to:

  • Remember your preferences and settings

  • Analyze site traffic and usage patterns

  • Improve the performance and usability of the site

You can control cookies through your browser settings, which may allow you to block or delete cookies. If you block certain cookies, some features of the site may not function properly.

We do not use cookies to serve third-party targeted advertising based on your use of the RevRing AI platform.

10. International Data Transfers

If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.

Where required by law (for example, under the EU GDPR), we rely on appropriate safeguards for data transfers, such as:

  • Standard Contractual Clauses approved by the European Commission

  • Other lawful transfer mechanisms recognized by applicable regulations

Customers with specific data localization or transfer requirements should raise these with us before deploying production workloads.

11. Data Subject and Consumer Rights

Your rights depend on your relationship to RevRing AI and your location.

11.1 Rights of Customers

If you are a Customer:

  • You may access and update your account information.

  • You may request export of your data in supported formats.

  • You may configure certain retention periods in your account settings.

  • You may contact us to delete your account, subject to our need to retain some information as described in this Policy.

11.2 Rights of End Users

If you are an End User of a Customer who uses RevRing AI:

  • Your primary relationship is with the Customer (for example, the business that called you or answered your call).

  • Customers are responsible for handling your privacy rights requests (for example, access, deletion, correction) and for providing required notices and consents.

We will assist Customers, where feasible and subject to our contractual obligations, in responding to valid data subject requests they receive.

11.3 Region-Specific Rights

Depending on your jurisdiction, you may have additional rights under laws such as:

  • The EU / UK General Data Protection Regulation (GDPR)

  • The California Consumer Privacy Act (CCPA) and related U.S. state laws

  • The Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Other local privacy laws

These may include rights to access, correct, delete, restrict, or object to the processing of your personal information, and rights to data portability.

To exercise your rights:

  • End Users should contact the relevant Customer directly.

  • Customers may contact us at contact@revring.ai.

We may need to verify your identity and the scope of your request before responding.

12. Children’s Privacy

Our Services are intended for use by businesses. We do not knowingly collect personal information from children under 13, and Customers are not permitted to target or knowingly engage children under 13 through the Services without appropriate consents and legal basis.

If you believe we have collected personal information from a child under 13, please contact us and we will take appropriate steps to delete it.


13. Third-Party Links

Our website and Services may contain links to third-party websites or services that we do not control. We are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.


14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the “Effective Date” at the top

  • Post the updated Policy at this URL

  • For material changes, notify Customers by email or in-product notice where feasible

Your continued use of the Services after an updated Policy becomes effective means you accept the revised Policy.


15. Contact Us

If you have questions or concerns about this Privacy Policy, or about how we handle your information, you can contact us at:

RevRing Inc.
131 Continental Dr Suite 305
Newark, DE 19713
United States

Email: contact@revring.ai