Privacy Policy
As of: February 2026
1. Data Controller
Senorit Ebrahim Seyfi Seeschwalbentwiete 23, 22119 Hamburg Email: datenschutz@senorit.de
2. Overview of Processing
We process personal data only to the extent necessary to provide our AI phone assistant service.
3. Legal Basis
Processing is based on Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f) GDPR (legitimate interests), and Art. 6(1)(a) GDPR (consent).
4. Data Collected
- Account data: Email address, business name, industry, contact details upon registration
- Call data: Caller phone number, call transcript, summary, duration, timestamp
- Usage data: Access logs, dashboard usage
- Payment data: processed directly by Stripe
5. Sub-processors
| Service | Provider | Location | Purpose |
|---|---|---|---|
| Supabase | Supabase Inc. | EU (Frankfurt) | Database, Authentication |
| Telnyx | Telnyx LLC | USA (EU SCC) | Telephony, SMS, Voice AI, Transcription |
| Stripe | Stripe Inc. | EU (Dublin) | Payment processing |
| Vercel | Vercel Inc. | EU (Frankfurt) | Hosting |
| Resend | Resend Inc. | USA (EU SCC) | Email delivery |
| Axiom | Axiom Inc. | EU (Frankfurt) | Error monitoring & logging |
| Google LLC | Google LLC | USA (EU-U.S. DPF) | Google Calendar integration (appointment management) |
6. Your Rights (Art. 15-22 GDPR)
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
Contact: datenschutz@senorit.de
7. Data Retention
Call data is stored for the duration of the contractual relationship. After termination, data is deleted within 30 days unless statutory retention obligations apply.
8. Security
All data is transmitted encrypted (TLS 1.3) and stored in the EU. Access is protected by authentication and role-based access controls (RLS).
9. Cookies
We use only technically necessary cookies for authentication. No tracking cookies are used.
10. Call Processing and AI Consent
Incoming calls are processed by an AI phone assistant using a certified voice AI platform. Transcription is performed in real time to understand the caller's request and respond appropriately.
Data collected: Phone number, call duration, transcript, summary, intent classification, urgency assessment, sentiment analysis, and extracted structured data (e.g. name, appointment requests).
Legal basis: Art. 6(1)(b) GDPR (contract performance towards the business customer) and Art. 6(1)(f) GDPR (legitimate interest of the business customer to provide their callers with a reliable phone service).
Audio data is not permanently stored — only the transcript and summary are retained.
Callers may request deletion of their data at any time by emailing datenschutz@senorit.de.
11. Error Monitoring (Sentry)
We use the service Sentry (Functional Software, Inc.) for technical error monitoring of our application. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in technical stability and error resolution). Processing takes place in the EU (Frankfurt location). A data processing agreement has been concluded. Error reports are automatically deleted after 90 days. Sentry does not set cookies in this implementation.
12. Data Protection Inquiries
Data protection inquiries are confirmed within 48 hours and answered within the statutory period of one month.
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority.
14. Google Calendar Integration
Our application offers an optional integration with Google Calendar (Google Calendar API). This integration is activated exclusively at the explicit request of the user and requires explicit consent via Google's OAuth 2.0 consent dialog.
Access permissions (scopes): The application requests access to your Google Calendar (scope: https://www.googleapis.com/auth/calendar or https://www.googleapis.com/auth/calendar.events) in order to read, create, edit, and delete appointments.
Data usage: The application uses your Google Calendar data exclusively to (1) create appointments from incoming calls directly in your Google Calendar, (2) display and manage existing appointments, and (3) check availability to prevent double bookings. Google Calendar data is not used for advertising, profiling, or any other purposes.
Data storage: Raw Google Calendar data (event titles, descriptions, times) is not permanently stored on our servers. Only appointment IDs and metadata (date, time, status) are stored in our database to enable synchronization with the AI phone assistant. OAuth access tokens are stored securely and in encrypted form and are used solely to communicate with the Google Calendar API.
Data sharing: Your Google Calendar data is not shared with third parties, advertising partners, data brokers, or any other external entities. It is used exclusively to provide the appointment management functionality within our application.
Transfer to third countries: The Google Calendar API is operated by Google LLC, USA. Google LLC is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF). The transfer of your data to Google LLC is based on this adequacy decision (Art. 45 GDPR) and, subsidiarily, on Standard Contractual Clauses (Art. 46(2)(c) GDPR). Information about Google's data protection practices can be found at https://policies.google.com/privacy.
Legal basis: The processing of your Google Calendar data is based on your explicit consent pursuant to Art. 6(1)(a) GDPR, which you grant via Google's OAuth consent dialog. This consent is voluntary and can be withdrawn at any time.
Withdrawing consent / revoking access: You can revoke the application's access to your Google Calendar at any time by (1) disconnecting the Google Calendar connection in our application's settings, or (2) revoking access in your Google Account settings at myaccount.google.com/permissions. We will delete all stored OAuth tokens within 24 hours of revocation.