DialEcho LLC ("DialEcho," "we," "us," or "our") operates the DialEcho platform - an AI-powered sales-outreach and CRM service that places and receives phone calls, sends and receives SMS/MMS text messages, sends email, and enriches, organizes, and manages contact and CRM data (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use and share it, and the rights and choices you have.
This Policy applies to www.dialecho.ai, the DialEcho web and mobile applications, and our APIs. By using the Service you agree to this Policy and to our Terms of Service.
1. Our two roles - please read this first
DialEcho handles personal information in two different capacities, and your rights differ depending on which applies:
As a "business" / "controller" (our own data). For people who visit our website, create a DialEcho account, or contact us, DialEcho decides how and why their information is processed. This Policy governs that processing.
As a "service provider" / "processor" (our customers' data). When a DialEcho customer ("Customer") uses the Service to call, text, email, enrich, organize, or store information about their prospects and contacts ("Contact Data"), the Customer is the controller of that Contact Data and DialEcho processes it only on the Customer's documented instructions under our Terms of Service and Data Processing Addendum.
- If you are a consumer who was contacted through the DialEcho platform by one of our Customers, that Customer - not DialEcho - is responsible for its own privacy practices and for obtaining your consent. Please direct privacy requests to the business that contacted you. We will assist that business in honoring your request.
Organizations and sub-organizations (multi-tenant). The Service is multi-tenant. A Customer operates as an organization, and may create sub-organizations - for example, an agency or reseller creating a separate, isolated workspace for each of its own clients. Each organization and sub-organization is a separate tenant that controls its own Contact Data and consent records, completes its own A2P 10DLC sender registration (its own brand, campaign, and phone numbers) through the platform, and is solely responsible for the lawfulness of its own calls, texts, and emails and for obtaining the required consents. DialEcho keeps tenants logically isolated and processes each tenant's data only for that tenant and on its instructions. Where a Customer creates sub-organizations, the Customer is responsible for its sub-organizations' use of the Service and their compliance.
2. Information we collect
a) Information you give us (account holders). Name, business name, email, phone, username/password, billing and payment information (processed by our payment processor - we do not store full card numbers), and support communications.
b) Contact Data processed on behalf of Customers. Names, phone numbers, email addresses, company and role information, contact scores, pipeline stage, notes, tags, custom fields, and consent/opt-out status of the Customer's prospects and contacts - including data the Customer uploads, that the Customer's users enter, or that is collected through our contact-enrichment features.
c) Communications content and metadata. The content of calls, texts, and emails sent or received through the Service; call recordings and transcripts; AI-generated call summaries, message drafts, and qualification results; delivery receipts, timestamps, call duration, and disposition; and the phone numbers and email addresses involved.
d) AI-derived data. Speech-to-text transcriptions, AI-generated voice audio, intent and qualification (e.g., BANT) classifications, and other outputs our AI systems generate from the above.
e) Usage, device, and log data. IP address, browser/device identifiers, pages viewed, features used, and cookies and similar technologies (see Section 10).
We do not intentionally collect special-category/sensitive data (e.g., health, biometric, precise geolocation) beyond what Customers may include in Contact Data; we ask Customers not to upload sensitive data except as permitted by law.
3. How we use information
We use information to: provide, operate, secure, and improve the Service; place/receive calls and send/receive messages and email at our Customers' direction; transcribe and summarize communications; generate AI voice and message content; authenticate users and prevent fraud and abuse; provide support; process payments; send service and (with consent where required) marketing communications about DialEcho; comply with law; and enforce our agreements. We use aggregated or de-identified data to improve our models and Service; we do not use an individual Customer's Contact Data to train models for other Customers except in de-identified/aggregated form, and only as permitted by our Terms and DPA.
4. Artificial-intelligence features and disclosure
The Service uses AI to generate synthetic/cloned human voices for phone calls and AI-generated text messages, and to transcribe and analyze communications.
- Calls placed using AI-generated or prerecorded voices are treated as "artificial or prerecorded voice" communications under the federal Telephone Consumer Protection Act (TCPA) and require the called party's prior express consent (and prior express written consent for marketing), caller identification, and an opt-out mechanism.
- Several states (e.g., California's "B.O.T." disclosure law, Bus. & Prof. Code 17941, and newer state AI-disclosure laws) require clear and conspicuous disclosure that a person is interacting with a bot / artificial intelligence when AI is used to sell goods or services. DialEcho provides features that disclose AI use and honor opt-outs; Customers are responsible for enabling and configuring these disclosures and for their own consent. See our Terms of Service.
5. SMS / text-messaging program - consent and your mobile data
No mobile data is sold or shared. DialEcho does not sell, rent, or share mobile phone numbers, SMS/text-message opt-in, or consent information with any third parties for their own marketing, promotional, or commercial purposes. Phone numbers and consent records are used only to deliver the messaging the relevant party has consented to and to operate and support the Service. (This commitment is required by the CTIA Messaging Principles and the U.S. wireless carriers' A2P 10DLC program.)
- Consent. Customers must obtain the required opt-in consent before messaging any recipient and must honor opt-outs. DialEcho scrubs against do-not-contact and opt-out lists before sending.
- Opt-out / help. Recipients may opt out at any time by replying STOP (or QUIT, END, CANCEL, UNSUBSCRIBE, or REVOKE) and may get help by replying HELP. Opt-outs are honored promptly across the program.
- Frequency and rates. Message frequency varies. Message and data rates may apply.
- DialEcho's own SMS to its account holders (e.g., security codes, service notices) is governed by this Policy.
6. Call recording and monitoring
The Service can record and transcribe calls at the Customer's direction. Recording laws vary: some U.S. states (including California, DialEcho's home state) require all parties to consent to recording. Customers are responsible for providing any required recording notices and obtaining any required consent before recording. DialEcho stores recordings and transcripts on the Customer's behalf and makes them available to the Customer; we use them to provide and support the Service.
7. How we share information
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We disclose information only:
- To service providers / subprocessors that help us run the Service under contract and confidentiality - e.g., cloud hosting and database (Supabase), telephony/SMS carriers (Telnyx, Twilio), real-time voice infrastructure (LiveKit), AI/LLM and speech providers, email-delivery providers, and payment processors. The subprocessors we currently rely on are named above; we maintain this list and update it as our vendors change. To request the current list, email privacy@dialecho.ai.
- At the Customer's direction, including syncing data to the Customer's connected systems (e.g., the Customer's calendar/email).
- For legal reasons - to comply with law, lawful requests, or to protect rights, safety, and the integrity of the Service.
- In a business transfer - in connection with a merger, acquisition, or sale of assets, subject to this Policy.
8. Data retention
We retain account information for as long as your account is active and as needed to provide the Service, then for a commercially reasonable period to comply with legal, tax, audit, and dispute-resolution obligations. Contact Data, recordings, transcripts, and message/call logs are retained per the Customer's configuration and instructions; consent and opt-out records are retained as long as needed to honor opt-outs and demonstrate compliance. We delete or de-identify information when no longer needed, subject to legal holds.
9. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, tenant isolation, and audit logging. No method of transmission or storage is perfectly secure.
10. Cookies and analytics
We use cookies and similar technologies for authentication, preferences, security, and analytics. You can control cookies through your browser. Where required, we honor Global Privacy Control (GPC) opt-out preference signals.
11. Your privacy rights and choices
Depending on where you live, you may have rights to access/know, correct, delete, and obtain a portable copy of your personal information, to opt out of "sale"/"sharing" and certain profiling, to limit use of sensitive information, and to be free from discrimination for exercising these rights.
- California (CCPA/CPRA): California residents have the rights described above. DialEcho does not sell or share personal information as those terms are defined. To exercise rights, see "How to exercise" below. You may use an authorized agent.
- Other U.S. states (e.g., Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others): residents have comparable rights, including appeal rights where applicable.
- EU/UK/EEA (GDPR/UK GDPR): where applicable, you have rights of access, rectification, erasure, restriction, portability, and objection, and the right to lodge a complaint with a supervisory authority. Our lawful bases include contract, legitimate interests, consent, and legal obligation. International transfers are protected by appropriate safeguards (e.g., Standard Contractual Clauses).
If you were contacted through the platform by a DialEcho Customer, that Customer is the controller - contact them directly; we will support their handling of your request.
How to exercise. Account holders and consumers may submit requests to privacy@dialecho.ai. We will verify your identity and respond within the timeframes required by applicable law.
12. Children's privacy
The Service is for business use and is not directed to children. We do not knowingly collect personal information from anyone under 18 (or under 16 where applicable). Customers must not use the Service to contact, or upload data about, children in violation of law.
13. Changes to this Policy
We may update this Policy. Material changes will be posted here with a new "Last updated" date and, where required, additional notice. Your continued use after changes take effect constitutes acceptance.
14. Contact us
DialEcho LLC Privacy: privacy@dialecho.ai - Support: support@dialecho.ai