Privacy Policy
English courtesy translation. In case of any discrepancy, the Czech version of this document prevails.
1. Who we are (controller)
The provider of the AI Recepce service (the “Service”) and the controller of personal data is:
Roman Lexa
Company ID (IČO): 67605516
Registered address: Osadní 32, 170 00 Prague 7, Czech Republic
E‑mail: info@viamo.ai
The Service operates under the Viamo brand; technical and e‑mail infrastructure runs on the viamo.ai domain. We are not VAT payers. For all data protection matters, contact us at info@viamo.ai.
2. Two roles: controller and processor
The Service lets businesses (our customers) receive phone calls and messages handled on their behalf by an AI voice agent and a shared inbox. We act in two capacities:
- We are the controller — for data of our direct customers (businesses and sole traders using the Service): registration, billing, login, account operation.
- We are a processor — for the content of communications from end users (callers and message senders), processed on behalf of the customer. The controller of that data is the customer. If you called or messaged a business that uses the Service, please exercise your rights primarily with that business.
3. What data we process
3.1 Data of Service customers (we are the controller)
- Identification and contact: name, e‑mail, phone, Company ID, billing address.
- Login: e‑mail and a securely hashed password.
- Payment: payment and credit history. We do not process or see payment card details — these are handled solely by Stripe.
- Operational: usage records, settings, security logs.
3.2 Content of end‑user communications (processor on the customer’s behalf)
- Callers’ phone numbers.
- Call recordings and transcripts.
- AI call summaries and sentiment / required‑action assessment.
- Message content from channels: WhatsApp, Messenger, Instagram, Telegram, Viber, SMS, e‑mail and web chat.
- Reservation data created during a call/chat.
3.3 Technical data of web chat visitors
IP address, approximate location from the IP, browser type, operating system and device, language, screen resolution, time zone, referrer and entry URL — to provide context to the operator and protect against abuse.
3.4 Push notifications
If you use the mobile app, we process the device token to deliver notifications (via Expo / APNs / FCM).
4. Why we process data and on what legal basis
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing and administering the Service | performance of a contract — Art. 6(1)(b) |
| Processing calls, messages and recordings on behalf of a customer | under a processing agreement; basis toward the end user is set by the customer |
| Invoicing, accounting, taxes | legal obligation — Art. 6(1)(c) |
| Securing the Service, abuse prevention | legitimate interest — Art. 6(1)(f) |
Call recording: the caller is informed at the start of the call. Ensuring an adequate legal basis toward their callers is the customer’s responsibility as controller.
AI processing: we pass call/chat content to a language model provider solely to process the specific request. We choose providers and modes that do not use this data to train their models.
5. Who we share data with (processors)
Some providers are located outside the EU (mainly the USA); transfers rely on the European Commission’s Standard Contractual Clauses (SCC) or EU‑US Data Privacy Framework certification.
| Provider | Purpose | Region |
|---|---|---|
| Twilio Inc. | telephony, phone numbers, SMS | USA |
| Retell AI | AI voice agent | USA |
| OpenRouter | language models | USA |
| Cloudflare (R2) | call recording storage | EU / USA |
| Stripe | payment processing | USA / EU |
| Postmark | sending and receiving e‑mail | USA |
| Google (Calendar, Firebase, Play) | reservations, push, Android distribution | USA / EU |
| Apple | iOS distribution, push | USA / EU |
| Expo | push notifications, app builds | USA |
| Railway | application and database hosting | EU / USA |
| Meta Platforms | WhatsApp, Messenger, Instagram channels | USA / EU |
We do not sell data and do not share it for third‑party marketing.
6. How long we keep data
- Account and settings: for the term of the contract and a necessary period thereafter.
- Invoicing records: for the period required by law (accounting generally 10 years).
- Recordings, transcripts and messages: while the Service is provided; deleted upon termination or request.
- Web chat technical data and block records: for a limited period necessary for security.
7. How we protect data
We encrypt sensitive data and access keys (AES‑256‑GCM), isolate data per customer (Row‑Level Security), and use encrypted connections only (HTTPS/TLS).
8. Your rights
Under the GDPR you have the right to access, rectification, erasure, restriction, portability, objection and withdrawal of consent. Contact info@viamo.ai. If your data is processed on behalf of a business you contacted, please reach out to that business first.
You may also lodge a complaint with the supervisory authority: Office for Personal Data Protection, Pplk. Sochora 727/27, 170 00 Prague 7, Czech Republic, www.uoou.gov.cz.