CIRA — PRIVACY POLICY

1. Introduction

Cira provides AI-powered call answering and receptionist services. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Cira Service ("Service").

By using Cira, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

• Business name, address, hours, service descriptions
• User account information (name, email, phone number)
• Payment information (processed via our PCI-compliant payment partner)
• Customer configuration settings, scripts, and preferences
• Contacts imported or added by you
• Customer relationship management (CRM) and scheduling settings
• Any data you upload or integrate with the Service

2.2 Information We Collect Automatically

Call Data

When callers interact with Cira, we may collect:

• Caller phone number and metadata
• Call duration, call logs, and call timestamps
• Call recordings (if enabled)
• Call transcripts generated by AI
• Call routing and forwarding logs

Usage Data

We collect analytics about how you use Cira, including:

• Log data
• Device/browser information
• IP address
• Actions taken in the dashboard
• Error logs and telemetry

Customer-Submitted Images

When customers send images via text message, we collect:

• Images sent by customers for service requests (e.g., photos of damaged property, project sites, equipment issues)
• Image metadata (timestamp, file size, format)
• Automated content analysis results (for safety and compliance)

Customer-submitted images are processed through automated content moderation systems to detect prohibited or illegal content before being displayed to business owners.

2.3 Data From Integrations

If you connect third-party services, we may access limited data as necessary to perform the integration. Examples:

• Google Calendar events
• Webhooks containing customer data

You control what services are integrated and what permissions are granted.

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide and Operate the Service

• Handle calls, messages, and tasks
• Generate AI responses
• Configure your business assistant
• Perform call routing or forwarding
• Integrate with third-party tools
• Provide customer support

3.2 To Improve the Service

• Troubleshoot issues
• Train internal systems
• Analyze performance
• Build features, workflows, and quality improvements
• Improve accuracy of AI responses

(We do NOT use your data to train OpenAI's public models.)

3.3 To Process Payments

• Manage subscriptions
• Process overages
• Prevent fraud

3.4 For Legal & Security Purposes

• Prevent misuse or abuse
• Enforce our Terms
• Comply with legal obligations
• Detect and investigate security incidents

4. Data Retention

Cira retains customer call data—including recordings, transcripts, logs, and call metadata—for 30 days, after which it is permanently deleted.

You may export data at any time before deletion.

We may retain limited records (e.g., billing, audit logs) for legal or operational reasons.

5. How We Share Information

We do NOT sell customer data.

SMS and Mobile Phone Number Data

Cira collects mobile phone numbers and SMS data to provide text messaging services, including sending appointment links, booking confirmations, service information, and business notifications.

Mobile phone numbers and SMS communication data collected through Cira are not shared with third parties for marketing or promotional purposes.

You may opt out of SMS messages at any time by replying STOP to any message. For help, reply HELP or contact support@hicira.com.

We share data only with:

5.1 Essential Service Providers

We use third-party vendors to operate the Service, including:

• Twilio — telephony, calling, SMS
• OpenAI — AI message/transcript processing
• Microsoft Azure — hosting, compute, cloud infrastructure
• Payment processor (Stripe or similar) — subscription billing
• Email providers — transactional notifications

These providers may process data solely to operate Cira.

5.2 Your Connected Integrations

If you enable integrations:

• Google Calendar
• Webhook services
• Scheduling tools

We send and receive data only as necessary to operate those integrations.

5.3 Legal Compliance

We may disclose information when required to:

• Comply with subpoenas, court orders, or legal processes
• Respond to lawful government requests
• Protect our rights, safety, or property

6. Call Recording & Consent

Call recording is enabled by default.

Cira includes an automated greeting informing callers that the call may be recorded.

However:

You are responsible for complying with federal, state, and local call recording laws, including all-party consent requirements.

You can modify the greeting or disable recording within your settings.

Cira is not liable for your failure to comply with applicable laws.

7. Your Rights & Choices

You may:

• Update your business information
• Modify call recording settings
• Export data before it is deleted
• Disconnect integrations at any time
• Request deletion of your account
• Opt out of non-essential communications

To exercise any rights, contact: support@hicira.com

8. Security

Cira uses modern, industry-standard security practices, including:

• Encrypted data storage
• Encrypted data in transit (TLS)
• Access controls and authentication
• Logging and monitoring
• Segregation of customer data
• Least-privilege internal access

We are not yet SOC 2 certified, but we implement strong security measures consistent with SOC 2 principles.

No system can guarantee absolute security.

9. Children's Privacy

Cira is not intended for children under 18 and does not knowingly collect their data.

10. International Users

Cira is designed for U.S.-based businesses and callers.

If you use the Service from outside the U.S., you consent to transferring your data to the United States.

11. Data Ownership

You own:

• Your business data
• Call logs and recording content
• Contacts collected through Cira

We own:

• The Cira platform
• AI workflows, scripts, prompts
• Infrastructure, code, and features

You grant us a license to process your data solely to operate and improve the Service.

12. Third-Party Links

If you follow links to third-party websites or services, their policies apply.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time.

If changes are material, we will notify you by email or dashboard notification.

Your continued use of the Service after changes means you accept the updated policy.

14. Governing Law

This Privacy Policy is governed by the laws of the State of Washington.

15. Contact Us

Crafted Labs Holdings Inc.

Attn: Cira Privacy

Email: support@hicira.com

Website: https://hicira.com