Quallaa
Quallaa

Privacy Policy

Last updated: April 6, 2026

Quallaa ("we," "our," or "us") provides public facing AI for businesses — AI agents that communicate with customers over SMS, email, voice, booking pages, and web on behalf of the business. This Privacy Policy explains how we collect, use, and protect information when you use our services.

1. Information We Collect

From Business Owners

When businesses sign up for our service, we collect:

  • Business name, type, and contact information
  • Owner name, phone number, and email address
  • AI configuration (custom instructions, tool settings, escalation rules, disclosure preferences)
  • Training and certification records
  • Billing and payment information

From End Customers

When customers interact with a business through our service, we collect:

  • Phone number, name, and email address (as provided or available from the interaction)
  • Message and conversation content across all channels
  • Appointment and booking details
  • Contact profile information (preferences, history, notes maintained by the AI)
  • Opt-out preferences

Connected Services

When businesses connect their accounts, we access:

  • Google Calendar: Availability, appointment details, and scheduling (via per-business OAuth)
  • Google Gmail: Email reading, searching, and sending on behalf of the business (via per-business OAuth)
  • Bridge Apps: SMS/iMessage content forwarded for AI processing, device registration, contact lists (used to filter personal contacts), and delivery status

Technical Information

We automatically collect:

  • IP address and browser information (website and portal visitors)
  • Message delivery status and timestamps
  • Device and carrier information (for SMS delivery)
  • AI disclosure compliance records

2. How We Use Your Information

We use the information we collect to:

  • Operate AI agents that communicate with customers on behalf of businesses
  • Schedule appointments, send follow-ups, and manage calendars
  • Read and send email on behalf of businesses
  • Maintain contact profiles and conversation history
  • Process payments and manage subscriptions
  • Improve our AI and service quality
  • Comply with legal obligations, including AI disclosure requirements

3. SMS Messaging Terms

Our SMS service operates as follows:

  • Message Types: Customer service conversations, appointment confirmations, follow-ups, and business communications
  • Message Frequency: Varies based on business usage; typically 1-5 messages per interaction
  • Opt-Out: Reply STOP to any message to unsubscribe from future messages
  • Help: Reply HELP for assistance
  • Carrier Charges: Message and data rates may apply
  • No Sharing: We will not share, sell, or rent your mobile phone number or SMS opt-in data with third parties for marketing or promotional purposes. Text messaging opt-in data and consent will not be shared with any third parties except aggregators and providers of text messaging services (such as Twilio) as necessary to deliver messages

4. Information Sharing

We do not sell your personal information. We share information only:

  • With Business Owners: Conversation history, contact profiles, and opt-out status for their customers
  • With Service Providers: Third parties who help deliver our services (see Section 7)
  • Via API Access: Business owners may access their data through our API and MCP server using authenticated credentials
  • For Legal Reasons: When required by law or to protect rights and safety

5. Data Security

We protect your information with:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • Per-business authentication for connected services (Google OAuth)
  • Trust boundary controls that restrict AI capabilities based on caller context
  • Regular security monitoring
  • Limited employee access on a need-to-know basis

6. Data Retention

We retain data as follows:

  • Conversations and Messages: 2 years for service quality and dispute resolution
  • Contact Profiles: Duration of the business account
  • Business Accounts: Duration of service plus 3 years
  • Opt-Out Records: Indefinitely to honor unsubscribe requests
  • Training and Certification Records: Duration of service plus regulatory compliance period
  • Connected Service Tokens: Revoked when disconnected or account is closed

7. Third-Party Services

We use the following trusted services:

  • Anthropic (Claude): AI agent reasoning and response generation
  • Twilio: SMS delivery, phone number provisioning, and voice
  • Google: Calendar and Gmail integration (per-business OAuth)
  • Supabase: Secure database hosting
  • Vercel: Website and API hosting
  • Stripe: Payment processing
  • Resend: Transactional email (confirmations, notifications)
  • Apple Messages / Android SmsManager: Message delivery via Bridge apps

8. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Opt-out of SMS messages at any time by texting STOP
  • Opt-out of marketing emails
  • Disconnect connected services (Google Calendar, Gmail) at any time

9. Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes via email. Continued use of our services constitutes acceptance of updated terms.

Contact Us

For privacy questions or to exercise your rights:

Email: privacy@quallaa.com

Address: Quallaa LLC, Denver, Colorado