1. Who We Are
Rohe Technik OÜ ("Rohe Technik", "we", "us") operates the voice‑AI communication platform callagent available at https://callagent.app. We are the data controller responsible for processing your Personal Data under the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable privacy laws.
Controller address: Rohe Technik OÜ Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5 10145 Tallinn, Estonia
Email: support@rohe.ai
If you have questions regarding this Privacy Policy, please contact us at the address or email above. You may also reach our Data Protection Officer ("DPO") at support@rohe.ai.
2. Scope
This Privacy Policy explains how we collect, use, disclose, and secure information that identifies or can reasonably be linked to an individual ("Personal Data") when you:
- visit or interact with our website https://callagent.app,
- create an account or otherwise use the callagent Platform,
- receive an AI‑generated call placed via callagent,
- contact our support team or engage with us on social media,
- are recorded during a call made through callagent (if the user has enabled recording).
3. Personal Data We Process
Category – Examples – Source
Account Data: Name, email, password hash, company, role, subscription tier – You
Contact Data: Phone numbers you upload, call targets – You
Call Metadata: Calling number, called number, timestamps, call duration, call status codes – Automatically collected from our telephony provider
Audio Content: Audio recordings and AI‑generated transcripts (only if recording enabled) – During a call
Payment Data: Billing address, last four digits of card, transaction ID – Our payment processor
Usage Data: Log files, API usage, IP address, device information, cookies, analytics events – Automatically collected from your device
Support Data: Chat or email correspondence, bug reports – You
We do not intentionally collect special categories of data (Art 9 GDPR) unless you voluntarily provide them during a call. Users are prohibited from processing such data without a lawful basis (see Terms §6).
4. Purposes and Legal Bases
Purpose – Legal Basis
Provide, operate, and maintain the Platform, authenticate users, route calls, generate AI responses – Contract performance (Art 6 (1)(b) GDPR)
Billing, fraud prevention, enforcing our Terms, export‑control checks – Legitimate interests (Art 6 (1)(f)) and legal obligation (Art 6 (1)(c))
Store call recordings and transcripts when the user enables recording – User consent (Art 6 (1)(a)) or contract performance
Improve and develop new features, train non‑personal AI models, usage analytics – Legitimate interests (Art 6 (1)(f)); we pseudonymise or aggregate where possible
Marketing communications (newsletters) – Consent (Art 6 (1)(a))
Compliance with subpoenas and lawful requests – Legal obligation (Art 6 (1)(c))
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
5. How We Share Personal Data
We disclose Personal Data only where necessary:
- Telecommunications carriers & VoIP providers (to route calls).
- Cloud hosting & AI infrastructure (e.g., EU‑based data centers for audio processing).
- Payment processors (Stripe, PayPal, etc.).
- Analytics & monitoring services (limited usage data, IP addresses).
- Anti‑fraud / sanction‑screening providers.
- Professional advisers (lawyers, auditors) under confidentiality.
- Public authorities where required by law or to protect rights and safety.
6. International Transfers
Some recipients are located outside the European Economic Area ("EEA"). Where transfers occur, we rely on:
- Adequacy decisions by the European Commission (Art 45 GDPR), or
- Standard Contractual Clauses (Art 46 GDPR) supplemented by technical and organizational measures.
7. Data Retention
Data Category – Retention Period
Account Data – Until account deletion, plus 90 days for backup logs
Call Metadata – 24 months for billing & fraud analysis
Audio Content – Up to 30 days by default; configurable by account owner; deleted earlier upon request
Payment Records – 10 years (statutory retention)
Usage Logs – 12 months
Support Tickets – 3 years after closure
After expiry, data are either deleted or irreversibly anonymised.
8. Security Measures
We implement appropriate technical and organisational measures under Art 32 GDPR, including:
- End‑to‑end TLS encryption in transit
- AES‑256 encryption at rest for call recordings
- Strict access controls and least‑privilege principle
- Continuous monitoring, logging, and intrusion detection
- Regular penetration tests and security audits
- Data loss prevention and redundant backups
9. Your Rights
Subject to conditions and legal limitations, you have the following rights:
- Access (Art 15)
- Rectification (Art 16)
- Erasure (Art 17)
- Restriction (Art 18)
- Data portability (Art 20)
- Object to processing based on legitimate interests or direct marketing (Art 21)
- Withdraw consent at any time
10. Automated Decision‑Making
We do not use Personal Data to make decisions producing legal or similarly significant effects solely by automated means (Art 22 GDPR). Fraud‑detection scores are reviewed by humans before action.
11. Children
The Platform is not intended for individuals under 18. We do not knowingly process children’s data. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
12. Updates to This Policy
We may amend this Privacy Policy to reflect changes in law, technology, or our operations. We will notify you of material changes at least 14 days in advance via email or in‑app notice and indicate the new effective date. Continued use after the effective date constitutes acceptance of the revised Policy.
13. Contact & DPO
For any privacy‑related questions or requests, please contact:
Rohe Technik OÜ – DPO
Tornimäe tn 5, 10145 Tallinn, Estonia
support@rohe.ai
(no Telephone customer support at this number)