LEGAL · Privacy

Plain-English privacy.

redialer.io holds an account, an encrypted API key, and a callback queue (phone number, schedule, outcome). That's almost everything. We don't record audio, don't transcribe live calls, don't sell data, don't run ads.

EFFECTIVE2026-05-26 OPERATORTONNIC AI Agency Ltd. JURISDICTIONAlberta, Canada CONTACT/contact
TL;DR

In one paragraph.

If you signed up, we're the controller for your account data (email, billing, sessions, encrypted API key). If you're the person an operator called, we're their processor — the phone number and outcome we hold are theirs, and you talk to them, not us. We hold everything encrypted, share with a small set of obvious sub-processors, keep it only as long as needed, and delete on request.

§1

The two roles.

Privacy law splits responsibility into “controller” (decides what data to collect and why) and “processor” (handles it on someone else's instructions). We play both roles depending on whose data you're asking about.

For operators (people with a redialer.io account): we're the controller. We decide what to collect from you and why; we deal directly with you about your data.

For end users (people whose number an operator queued for a callback): we're a processor for the operator. The operator is your controller. If you want your data accessed or deleted, contact the operator who called you — they hold the relationship; we'll support whatever they ask us to do.

§2

What we collect.

About operators:

  • Email and display name from sign-up.
  • Sessions and IP-for-security (enough to log you in and detect abuse).
  • Billing details (processed by our payment provider; we don't store full card numbers).
  • The voice-platform API key you authorize us to use, encrypted at rest.
  • Server logs (paths, status codes, request IDs) for debugging.

About end users (on operator's instructions, via their voice-platform webhook):

  • Phone number (E.164) and scheduled callback time.
  • The reason text the operator's agent supplied (e.g. “call back tomorrow about quote 42”).
  • Outcome of each attempt and the disposition code the voice platform returned.

We don't collect: call recordings, live transcripts, ad identifiers, cookies for tracking, or special-category data. redialer.io isn't directed at children under 16; if you believe a child's data has been submitted, reach out via our contact form and we'll work with the operator to address it.

§3

What we do with it.

We use the data above only to:

  • Operate the service — authenticate you, store the queue, fire callbacks against your voice platform.
  • Show you your own data in the dashboard.
  • Send operational email (sign-up, receipts, security alerts).
  • Debug, respond to incidents, and detect abuse.
  • Comply with applicable law.

We don't sell, rent, or trade your data; train AI models on it; show ads or use ad-tech trackers; or contact end users directly. Operators' data is processed under contract; end-user data is processed only on the operator's documented instructions, under whatever lawful basis they've established.

§4

Who we share with.

A small set of sub-processors, each doing one obvious job:

  • Hosting + key management for the application and the encryption KEK.
  • The voice platform you connected (Retell, Vapi, Bland, Thoughtly, or similar) — we send callback API calls to whichever one you authorized. Your agreement with them governs what they do on their side.
  • A payment processor for paid plans.
  • A transactional email provider for receipts and operational mail.

Not shared with: advertising networks, cross-site analytics, data brokers. If we're legally compelled (court order, subpoena), we'll comply and notify the affected operator where lawfully permitted.

§5

How long we keep it.

  • Operator account data: as long as your account is open — close it anytime to trigger deletion within 30 days, except records the law requires us to keep (invoices).
  • Callback metadata: for the activity-history window your plan covers (7 / 30 / 90 / 365 days). Operators can request earlier deletion at any time.
  • Server logs: rolling 30 days.
  • Backups: rolling 90 days. Deleted data can persist in a backup until that cycle rolls off.
  • Encrypted credentials: deleted when you disconnect a voice platform or close the account.
§6

Security, your rights, contact.

Security. TLS in transit; voice-platform API keys encrypted at rest using HashiCorp Vault as the KEK with a per-tenant AES-256-GCM DEK; scoped operational access. The full posture lives at /security. If we discover an incident affecting your data, we'll notify affected operators promptly.

If you're an operator, you have the standard privacy rights in your jurisdiction: access, correction, deletion, portability, restriction, withdraw consent. Pick “Privacy” on our contact form. We aim to respond within 30 days and may need to verify your identity before disclosing or deleting data.

If you're an end user, your controller is the operator who called you, not us. Contact them — we'll support whatever they ask us to do.

Changes. If we update this policy, we'll bump the effective date at the top and tell paid operators by email at least 30 days before material changes take effect.

Contact. TONNIC AI Agency Ltd. via /contact (Privacy category).

For service of process or formal data-protection notices, address TONNIC AI Agency Ltd., a corporation registered in Alberta, Canada (https://tonnic.agency), operating the redialer.io product.