Privacy Policy

Effective Date: January 6, 2025
Last Updated: February 12, 2026

Practical Mind Labs LLC ("we," "us," or "our") operates CallClara.ai (the "Service"), an AI-powered phone receptionist and appointment scheduling system. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, business name, phone number, and billing information
Business Configuration: Business hours, services offered, pricing, policies, staff information, and scheduling preferences
Calendar Data: When you connect Google Calendar or Microsoft Outlook, we access your calendar events (titles, times, attendees, locations) and free/busy status EXCLUSIVELY for appointment scheduling functionality. See Section 4 "Google Calendar Integration" for complete details on calendar data handling.

1.2 Information We Collect Automatically

Call Data: Phone numbers, call duration, timestamps, and call metadata
Voice Recordings: Audio recordings of phone calls handled by Clara (with appropriate consent)
Transcripts: Text transcriptions of voice calls
Usage Data: Information about how you interact with the Service, including features used and actions taken
Device Information: IP addresses, browser type, operating system, and device identifiers

2. How We Use Your Information

We use the collected information to:

Provide, maintain, and improve the Service
Answer incoming calls and interact with your customers via AI voice
Schedule, update, and cancel appointments in connected calendars
Generate call transcripts and summaries
Process payments and manage subscriptions
Send service notifications and updates
Provide customer support
Detect and prevent fraud or security issues
Comply with legal obligations
Train and improve our AI voice models using ONLY call transcripts and voice recordings (with aggregated, anonymized data). We NEVER use calendar data for AI training.

2a. SMS / Text Message Notifications

CallClara.ai offers optional SMS text message notifications to alert you when your AI receptionist receives incoming calls. What We Collect

If you opt in to SMS notifications, we collect the mobile phone number you provide during account setup or through your account notification preferences. This number is used solely to deliver the SMS notifications you have requested.

How We Use Your Mobile Information

Your mobile phone number is used exclusively to send automated text message notifications about calls received by your AI receptionist, including caller information and call summaries. Message frequency varies based on your inbound call volume.

No Third-Party Sharing of Mobile Information No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging opt-in data and consent will not be shared with any third parties.

Your Choices:

You may opt out of SMS notifications at any time by replying STOP to any text message from CallClara.ai

You may also disable SMS notifications through your account notification preferences in the CallClara portal

Reply HELP to any message for assistance

Message and data rates may apply depending on your mobile carrier plan

Consent to receive SMS notifications is not a condition of purchasing or using CallClara.ai

3. How We Share Your Information

We do not sell your personal information. We may share your information with:

3.1 Service Providers

Cloud Infrastructure: Microsoft Azure (hosting, storage, compute)
AI Services: OpenAI (voice and language processing)
Telephony: Twilio (phone call handling)
Calendar Integration: Google Calendar API and Microsoft Graph API (for calendar access with your explicit authorization). Calendar data is ONLY used for scheduling and is NEVER shared with AI training services or marketing platforms. See Section 4 for details.
Payment Processing: Stripe (billing and payment processing)
Authentication: Auth0 (user identity and access management)

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4. Google Calendar Integration

CallClara integrates with Google Calendar to provide intelligent scheduling functionality. This section details exactly how we handle your Google Calendar data.

4.1 What Calendar Data We Access

When you connect your Google Calendar to CallClara, we access:

Event titles and descriptions - To understand the nature of your appointments
Event start and end times - To determine your availability
Event attendees - To avoid scheduling conflicts
Event locations - To provide context for scheduling
Free/busy status - To check availability without accessing event details

4.2 How We Use Calendar Data

Your Google Calendar data is used exclusively for the following purposes:

Availability Checking: Determining free time slots when Clara receives calls
Appointment Scheduling: Creating calendar events for scheduled callbacks and appointments
Conflict Prevention: Ensuring new appointments don't overlap with existing events
Calendar Synchronization: Keeping your schedule up-to-date across Clara and Google Calendar
Notification Delivery: Ensuring you receive Google Calendar notifications for Clara-scheduled events

4.3 What We DO NOT Do With Calendar Data

CallClara NEVER uses your Google Calendar data for:

❌ Training AI models (even in anonymized or aggregated form)
❌ Marketing or advertising purposes
❌ Sharing with third parties (except Google for API access)
❌ Analysis beyond scheduling functionality
❌ Profiling or behavioral tracking
❌ Any purpose not directly related to appointment scheduling

Your calendar data is strictly segregated from other data we collect and is used ONLY for scheduling functionality.

4.4 Calendar Data Storage and Security

Encryption: Calendar data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Storage Location: Microsoft Azure US regions with Google's security standards
Access Controls: Only authorized Clara scheduling functions can access calendar data
Retention: Cached calendar data is retained for 48 hours, then refreshed from Google
Token Security: OAuth tokens are encrypted and stored in Azure Key Vault

4.5 Disconnecting Your Calendar

You can disconnect your Google Calendar at any time:

Option 1: Through CallClara Settings

Log in to your CallClara portal
Navigate to Settings → Integrations
Click "Disconnect Google Calendar"
Confirm disconnection

Option 2: Through Google

Visit Google Account Permissions
Find "CallClara.ai" in your connected apps
Click "Remove Access"

What Happens When You Disconnect:

All calendar access is immediately revoked
Clara will no longer check your availability
Cached calendar data is deleted within 24 hours
Previously created calendar events remain in your Google Calendar
OAuth tokens are immediately invalidated

4.6 Limited Data Sharing

Google Calendar data is shared ONLY with:

Google Calendar API: To read and write calendar events (required for functionality)
Microsoft Azure Services: For secure storage and processing (Azure Functions, Key Vault)

We DO NOT share your calendar data with:

❌ OpenAI or other AI training services
❌ Marketing platforms
❌ Analytics services
❌ Any third-party services beyond those listed above
❌ Other CallClara users

4.7 Your Rights Regarding Calendar Data

You have the right to:

Access: Request a copy of cached calendar data we store
Deletion: Request immediate deletion of all calendar data
Revocation: Disconnect calendar access at any time
Transparency: Request details about how your calendar data has been used
Portability: Export your CallClara-created events (already in your Google Calendar)

To exercise these rights, contact us at privacy@callclara.ai

4.8 Compliance and Auditing

Our Google Calendar integration complies with:

Google API Services User Data Policy
Google OAuth 2.0 Policies
Limited Use Requirements for Sensitive Scopes
California Consumer Privacy Act (CCPA)
General Data Protection Regulation (GDPR)

We undergo regular security audits and maintain detailed access logs for calendar data access.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
Access Controls: Least-privilege access with role-based permissions
Authentication: Multi-factor authentication for account access
Monitoring: Continuous security monitoring and audit logging
Compliance: Regular security assessments and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained while your account is active, plus 90 days after account closure
Call Recordings and Transcripts: Retained according to your subscription plan (typically 90 days to 2 years)
Calendar Data: Cached calendar data retained for 48 hours for performance, then refreshed from Google. OAuth access tokens retained until you disconnect your calendar. All calendar data deleted within 24 hours of disconnection.
Billing Records: Retained for 7 years for tax and accounting purposes
Aggregated Analytics: Retained indefinitely in anonymized form

7. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of your personal information
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Export: Receive your data in a portable format
Opt-Out: Unsubscribe from marketing communications (service notifications will continue)
Calendar Disconnection: Revoke calendar access at any time through your account settings

To exercise these rights, contact us at privacy@callclara.ai or through your account settings.

8. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising CCPA rights

11. HIPAA Compliance

For Enterprise/HIPAA customers, we enter into a Business Associate Agreement (BAA) and implement additional safeguards to comply with HIPAA requirements for protected health information (PHI).

12. Cookies and Tracking

We use cookies and similar technologies to:

Keep you logged in to your account
Remember your preferences
Analyze Service usage
Improve user experience

You can control cookies through your browser settings, but some features may not function properly without them.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For questions about this Privacy Policy or our privacy practices, contact us:

Email: legal@practicalmindlabs.com
Phone: (949) 386-2300
Mail: Practical Mind Labs LLC
30 N Gould St Ste R
Sheridan, WY 82801
USA