CIRA — PRIVACY POLICY

1. Introduction

Cira provides AI-powered call answering and receptionist services. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Cira Service ("Service").

By using Cira, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

• Business name, address, hours, service descriptions
• User account information (name, email, phone number)
• Payment information (processed via our PCI-compliant payment partner)
• Customer configuration settings, scripts, and preferences
• Contacts imported or added by you
• CRM and scheduling settings
• Any data you upload or integrate with the Service

2.2 Information We Collect Automatically

Call Data

When callers interact with Cira, we may collect:

• Caller phone number and metadata
• Call duration, call logs, and call timestamps
• Call recordings (if enabled)
• Call transcripts generated by AI
• Call routing and forwarding logs

Usage Data

We collect analytics about how you use Cira, including:

• Log data
• Device/browser information
• IP address
• Actions taken in the dashboard
• Error logs and telemetry

2.3 Data From Integrations

If you connect third-party services, we may access limited data as necessary to perform the integration. Examples:

• Google Calendar events
• CRM contact fields
• Webhooks containing customer data

You control what services are integrated and what permissions are granted.

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide and Operate the Service

• Handle calls, messages, and tasks
• Generate AI responses
• Configure your business assistant
• Perform call routing or forwarding
• Integrate with third-party tools
• Provide customer support

3.2 To Improve the Service

• Troubleshoot issues
• Train internal systems
• Analyze performance
• Build features, workflows, and quality improvements
• Improve accuracy of AI responses

(We do NOT use your data to train OpenAI's public models.)

3.3 To Process Payments

• Manage subscriptions
• Process overages
• Prevent fraud

3.4 For Legal & Security Purposes

• Prevent misuse or abuse
• Enforce our Terms
• Comply with legal obligations
• Detect and investigate security incidents

4. Data Retention

Cira retains customer call data—including recordings, transcripts, logs, and call metadata—for 30 days, after which it is permanently deleted.

You may export data at any time before deletion.

We may retain limited records (e.g., billing, audit logs) for legal or operational reasons.

5. How We Share Information

We do NOT sell customer data.

We share data only with:

5.1 Essential Service Providers

We use third-party vendors to operate the Service, including:

• Twilio — telephony, calling, SMS
• OpenAI — AI message/transcript processing
• Microsoft Azure — hosting, compute, cloud infrastructure
• Payment processor (Stripe or similar) — subscription billing
• Email providers — transactional notifications

These providers may process data solely to operate Cira.

5.2 Your Connected Integrations

If you enable integrations:

• Google Calendar
• CRM systems
• Webhook services
• Scheduling tools

We send and receive data only as necessary to operate those integrations.

5.3 Legal Compliance

We may disclose information when required to:

• Comply with subpoenas, court orders, or legal processes
• Respond to lawful government requests
• Protect our rights, safety, or property

6. Call Recording & Consent

Call recording is enabled by default.

Cira includes an automated greeting informing callers that the call may be recorded.

However:

You are responsible for complying with federal, state, and local call recording laws, including all-party consent requirements.

You can modify the greeting or disable recording within your settings.

Cira is not liable for your failure to comply with applicable laws.

7. Your Rights & Choices

You may:

• Update your business information
• Modify call recording settings
• Export data before it is deleted
• Disconnect integrations at any time
• Request deletion of your account
• Opt out of non-essential communications

To exercise any rights, contact: support@hicira.com

8. Security

Cira uses modern, industry-standard security practices, including:

• Encrypted data storage
• Encrypted data in transit (TLS)
• Access controls and authentication
• Logging and monitoring
• Segregation of customer data
• Least-privilege internal access

We are not yet SOC 2 certified, but we implement strong security measures consistent with SOC 2 principles.

No system can guarantee absolute security.

9. Children's Privacy

Cira is not intended for children under 18 and does not knowingly collect their data.

10. International Users

Cira is designed for U.S.-based businesses and callers.

If you use the Service from outside the U.S., you consent to transferring your data to the United States.

11. Data Ownership

You own:

• Your business data
• Call logs and recording content
• Contacts collected through Cira

We own:

• The Cira platform
• AI workflows, scripts, prompts
• Infrastructure, code, and features

You grant us a license to process your data solely to operate and improve the Service.

12. Third-Party Links

If you follow links to third-party websites or services, their policies apply.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time.

If changes are material, we will notify you by email or dashboard notification.

Your continued use of the Service after changes means you accept the updated policy.

14. Governing Law

This Privacy Policy is governed by the laws of the State of Washington.

15. Contact Us

Crafted Labs Holdings Inc.

Attn: Cira Privacy

Email: support@hicira.com

Website: https://hicira.com