Privacy Policy

AEGONTECH LLC ("we," "us," or "our") operates Mimicall (the "Service"), accessible at mimicall.app and through our mobile application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you consent to the practices described in this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

Personal Information

When you create an account or use the Service, we may collect:

• Name and email address
• Phone number(s) you provide for receiving calls
• Payment and billing information (processed by Stripe; we do not store full card details on our servers)
• Account credentials (passwords are stored in hashed form only)
• IP address and approximate geolocation derived from it

Usage Data

• Call history, duration, scheduling details, and call status
• Persona configurations you create (names, personality prompts, voice selections, backstories)
• Credit balance and transaction history
• Device information, browser type, operating system, and access times
• Pages visited, features used, and interaction patterns within the Service
• Referral source and how you arrived at the Service

Voice & Biometric Data

If you use the voice cloning feature, audio samples you upload are transmitted to our third-party voice synthesis provider for the purpose of creating a synthetic voice model. Voice samples and the resulting voice models constitute biometric data (voiceprints) in certain jurisdictions. See Section 5 for detailed disclosures about how we handle biometric data.

Call & Conversation Data

AI persona calls placed through the Service may be recorded, transcribed, or logged. Call recordings and transcripts may include personal or sensitive information that you share during the conversation. See Section 6 for detailed disclosures about call data collection, retention, and use.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To create and manage your account, schedule and place AI-powered phone calls, and process payments
• Personalization: To customize AI persona behavior based on your configurations and preferences
• Service improvement: To analyze usage patterns, diagnose technical issues, and improve the Service
• Safety & compliance: To detect, prevent, and address fraud, abuse, security threats, and technical issues
• Communication: To send you account-related notices, support responses, and, with your consent, promotional communications
• Legal obligations: To comply with applicable laws, regulations, legal processes, or government requests

3. Legal Basis for Processing

Where applicable (including under the EU General Data Protection Regulation), we process your personal data on the following legal bases:

• Contractual necessity: Processing required to provide the Service you requested (account management, call delivery, payment processing)
• Consent: Processing based on your explicit consent (voice cloning, marketing communications, optional analytics). You may withdraw consent at any time.
• Legitimate interest: Processing for our legitimate business interests (fraud prevention, service improvement, security), balanced against your privacy rights
• Legal obligation: Processing required to comply with applicable laws and regulations

4. Cookies & Tracking Technologies

We use cookies, local storage, and similar tracking technologies to operate and improve the Service. These include:

• Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
• Analytics cookies: Used to understand how users interact with the Service, including page views, feature usage, and performance metrics. We may use third-party analytics providers for this purpose.
• Preference cookies: Used to remember your settings and preferences across sessions.

We do not use advertising or behavioral tracking cookies. We do not sell data collected through cookies to third parties. You can manage cookie preferences through your browser settings, though disabling essential cookies may prevent the Service from functioning correctly.

7. Sharing & Third-Party Services

We share your information with the following categories of third-party service providers, each of which is contractually obligated to use your data only for the purposes of providing their services to us:

• Payment processing: Stripe processes your payment information. We transmit your email and transaction details to Stripe but do not store full payment card numbers on our servers.
• Database & authentication: Supabase provides our database infrastructure and authentication services. Your account data, persona configurations, and call records are stored in Supabase-managed databases.
• Voice synthesis: Third-party AI voice providers process your voice cloning samples and generate synthetic speech for AI persona calls.
• Telephony: Third-party telephony providers deliver AI persona calls to your phone number. They receive your phone number and call metadata.
• Hosting: Vercel hosts our web application and may process server logs containing IP addresses and usage data.

We may also disclose your information: (a) to comply with legal obligations, court orders, or government requests; (b) to protect the rights, property, or safety of AEGONTECH LLC, our users, or the public; (c) in connection with a merger, acquisition, or sale of assets (in which case your data would be transferred to the successor entity under the same privacy protections); or (d) with your explicit consent.

We do not sell your personal information to any third party. We do not share your personal information with third parties for their own marketing purposes.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy. Specific retention periods are as follows:

• Account data (name, email, credentials): Retained for the lifetime of your account, deleted within 30 days of account deletion request.
• Phone numbers: Retained while active on your account, deleted within 30 days of removal or account deletion.
• Call metadata (timestamps, duration, status): Retained for the lifetime of your account for your call history.
• Call recordings & transcripts: Retained for up to 90 days after the call date.
• Voice models (biometric data): Retained while the associated persona exists, deleted within 30 days of persona or account deletion.
• Payment records: Retained for 7 years after the transaction date for accounting and tax compliance.
• Persona configurations: Retained for the lifetime of your account, deleted within 30 days of persona or account deletion.
• Server logs (IP, access): Retained for up to 90 days for security and debugging purposes.

We may retain certain data beyond the periods stated above where required by law, regulation, or legal proceeding, or to protect our legal rights in connection with an active dispute.

9. International Data Transfers

The Service is operated from the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your country of residence. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other applicable safeguards. You may request a copy of the applicable transfer mechanisms by contacting us.

10. Data Security

We implement industry-standard security measures to protect your information, including:

• Encrypted connections (TLS/SSL) for all data in transit
• Encryption at rest for sensitive data stored in our databases
• Secure, hashed password storage (passwords are never stored in plain text)
• Access controls limiting employee and contractor access to personal data
• Regular security reviews of our infrastructure and third-party providers

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

11. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal information:

• Right to access: Request a copy of the personal information we hold about you.
• Right to correction: Request correction of inaccurate or incomplete data.
• Right to deletion: Request deletion of your personal data, subject to legal retention requirements.
• Right to portability: Request your data in a structured, commonly used, machine-readable format.
• Right to restrict processing: Request that we limit our processing of your data in certain circumstances.
• Right to object: Object to processing of your data based on our legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@mimicall.app. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may request additional information to verify your identity before fulfilling a request. We will not discriminate against you for exercising your privacy rights.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt-out of sale/sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. Therefore, there is no need to opt out.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Authorized agents: You may designate an authorized agent to submit requests on your behalf, subject to identity verification.

Categories of personal information collected in the past 12 months: Identifiers (name, email, phone number, IP address); commercial information (purchase history, credits); internet/electronic activity (usage data, device info); audio information (voice samples for cloning); biometric information (voiceprints); and inferences drawn from the above.

To submit a CCPA/CPRA request, contact us at privacy@mimicall.app with the subject line "California Privacy Request."

13. Children's Privacy

Mimicall is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we become aware that we have collected personal information from a child under the applicable age threshold, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@mimicall.app.

14. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for interpreting DNT signals, the Service does not currently respond to DNT signals. However, as described in Section 4, we do not use advertising or behavioral tracking cookies, and we do not track users across third-party websites.

15. Data Breach Notification

In the event of a data breach that results in unauthorized access to, or disclosure of, your personal information and that poses a risk of harm to you, we will: (a) notify affected users by email and/or prominent notice on the Service without unreasonable delay and no later than as required by applicable law (typically within 72 hours of becoming aware of the breach for GDPR-covered users); (b) notify relevant supervisory authorities as required by law; and (c) provide information about the nature of the breach, the data affected, and steps we are taking to address and mitigate the breach.

16. Marketing Communications

We may send you promotional emails about new features, special offers, or other information we think you may find interesting, but only with your consent or where otherwise permitted by law. You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us. Please note that even after opting out of marketing communications, you will continue to receive essential account-related messages (such as security alerts, payment confirmations, and service notices).

17. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you by posting the updated policy on this page, updating the "Last updated" date, and when feasible, sending an email notification to the address associated with your account. Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised policy. If you do not agree to the revised policy, you must stop using the Service.

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: