CIRA — PRIVACY POLICY

Last Updated: June 26, 2026

Website: https://hicira.com

Service Provider: Crafted Labs Holdings Inc. ("Cira," "we," "us," "our")


1. Introduction

Cira provides AI-powered call answering and receptionist services. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Cira Service ("Service").

By using Cira, you agree to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

  • Business name, address, hours, service descriptions
  • User account information (name, email, phone number)
  • Payment information (processed via our PCI-compliant payment partner)
  • Customer configuration settings, scripts, and preferences
  • Contacts imported or added by you
  • Customer relationship management (CRM) and scheduling settings
  • Any data you upload or integrate with the Service

2.2 Information We Collect Automatically

Call Data

When callers interact with Cira, we may collect:

  • Caller phone number and metadata
  • Call duration, call logs, and call timestamps
  • Call recordings (if enabled)
  • Call transcripts generated by AI
  • Call routing and forwarding logs

Usage Data

We collect analytics about how you use Cira, including:

  • Log data
  • Device/browser information
  • IP address
  • Actions taken in the dashboard
  • Error logs and telemetry

Customer-Submitted Images

When customers send images via text message, we collect:

  • Images sent by customers for service requests (e.g., photos of damaged property, project sites, equipment issues)
  • Image metadata (timestamp, file size, format)
  • Automated content analysis results (for safety and compliance)

Customer-submitted images are processed through automated content moderation systems to detect prohibited or illegal content before being displayed to business owners.

2.3 Data From Integrations and Google APIs

If you connect third-party services, we may access limited data as necessary to perform the integration you enabled. You control what services are integrated and what permissions are granted.

If you connect a Google account or Google Workspace service, Cira may collect and process the following Google user data, depending on the permissions you approve:

  • Google account information provided through the connection, such as your name, email address, account identifier, and profile image
  • Google Calendar data, such as calendar lists, calendar names, events, event metadata, attendee information, locations, descriptions, start and end times, recurrence details, and availability/free-busy information
  • Google authorization data, such as OAuth access tokens, refresh tokens, granted scopes, account connection status, and token expiration metadata
  • Webhooks containing customer data

We access Google user data only after you choose to connect a Google integration and authorize the requested permissions. Cira's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide and Operate the Service

  • Handle calls, messages, and tasks
  • Generate AI responses
  • Configure your business assistant
  • Perform call routing or forwarding
  • Integrate with third-party tools
  • Read availability, create or update bookings, send appointment confirmations, and synchronize scheduling changes for connected Google Calendar accounts
  • Provide customer support

3.2 To Improve the Service

  • Troubleshoot issues
  • Analyze performance
  • Build features, workflows, and quality improvements
  • Monitor and improve response quality and reliability without training AI or machine learning models on your data

(We do NOT use your data to train any AI or machine learning models.)

Google user data is used only to provide and improve user-facing features you have enabled, such as calendar availability checks, appointment booking, rescheduling, notifications, synchronization, troubleshooting, and security. We do not use Google user data for targeted advertising, personalized advertising, retargeting, selling to data brokers, credit-worthiness decisions, lending purposes, creating unrelated databases, or training AI or machine learning models.

3.3 To Process Payments

  • Manage subscriptions
  • Process overages
  • Prevent fraud

3.4 For Legal & Security Purposes

  • Prevent misuse or abuse
  • Enforce our Terms
  • Comply with legal obligations
  • Detect and investigate security incidents

4. Data Retention

Cira retains customer call data—including recordings, transcripts, logs, and call metadata—for 30 days, after which it is permanently deleted.

You may export data at any time before deletion.

We may retain limited records (e.g., billing, audit logs) for legal or operational reasons.

When you disconnect a third-party integration or remove access permissions, including access permissions for Google Workspace APIs, Cira immediately deletes the integration data and access tokens stored by Cira for that integration.

Google user data and Google OAuth tokens are retained only for as long as needed to provide the connected integration or as required for legal, security, or operational purposes. Cached Google Calendar data is deleted from active systems when the integration is disconnected, permissions are revoked, or the account is deleted, subject to limited backup, audit-log, and legal-retention obligations.

5. How We Share Information

We do NOT sell customer data.

We do NOT sell Google user data, and we do NOT share Google user data with third parties for advertising, marketing, retargeting, or data broker purposes.

SMS and Mobile Phone Number Data

Cira collects mobile phone numbers and SMS data to provide text messaging services, including sending appointment links, booking confirmations, service information, and business notifications.

Mobile phone numbers and SMS communication data collected through Cira are not shared with third parties for marketing or promotional purposes.

You may opt out of SMS messages at any time by replying STOP to any message. For help, reply HELP or contact support@hicira.com.

We share data only with:

5.1 Essential Service Providers

We use third-party vendors to operate the Service, including:

  • Twilio — telephony, calling, SMS
  • OpenAI — AI message/transcript processing
  • Microsoft Azure — hosting, compute, cloud infrastructure
  • Payment processor (Stripe or similar) — subscription billing
  • Email providers — transactional notifications

These providers may process data solely to operate Cira. Service providers are permitted to process Google user data only as necessary to provide infrastructure, security, communications, AI message processing, scheduling, support, or other enabled Service functionality on our behalf.

5.2 Your Connected Integrations

If you enable integrations:

  • Google Workspace APIs, including Google Calendar
  • Webhook services
  • Scheduling tools

We send and receive data only as necessary to operate those integrations.

For Google integrations, Cira shares or transfers Google user data only when necessary to provide the user-facing feature you enabled, to comply with law, to protect rights and security, or with your direction or consent.

5.3 Legal Compliance

We may disclose information when required to:

  • Comply with subpoenas, court orders, or legal processes
  • Respond to lawful government requests
  • Protect our rights, safety, or property

6. Call Recording & Consent

Call recording is enabled by default.

Cira includes an automated greeting informing callers that the call may be recorded.

However:

You are responsible for complying with federal, state, and local call recording laws, including all-party consent requirements.

You can modify the greeting or disable recording within your settings.

Cira is not liable for your failure to comply with applicable laws.

7. Your Rights & Choices

You may:

  • Update your business information
  • Modify call recording settings
  • Export data before it is deleted
  • Disconnect integrations at any time
  • Revoke Google access at any time from your Cira settings or from your Google Account permissions page
  • Request deletion of your account
  • Opt out of non-essential communications

To exercise any rights, contact: support@hicira.com

8. Security

Cira uses modern, industry-standard security practices, including protections for Google user data:

  • Encrypted data storage
  • Encrypted data in transit (TLS)
  • Access controls and authentication
  • Logging and monitoring
  • Segregation of customer data
  • Least-privilege internal access

We are not yet SOC 2 certified, but we implement strong security measures consistent with SOC 2 principles.

No system can guarantee absolute security.

9. Children's Privacy

Cira is not intended for children under 18 and does not knowingly collect their data.

10. International Users

Cira is designed for U.S.-based businesses and callers.

If you use the Service from outside the U.S., you consent to transferring your data to the United States.

11. Data Ownership

You own:

  • Your business data
  • Call logs and recording content
  • Contacts collected through Cira

We own:

  • The Cira platform
  • AI workflows, scripts, prompts
  • Infrastructure, code, and features

You grant us a license to process your data solely to operate and improve the Service, subject to this Privacy Policy, including our commitments regarding integration data and AI model training.

12. Third-Party Links

If you follow links to third-party websites or services, their policies apply.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time.

If changes are material, we will notify you by email or dashboard notification.

Your continued use of the Service after changes means you accept the updated policy.

14. Governing Law

This Privacy Policy is governed by the laws of the State of Washington.

15. Contact Us

Crafted Labs Holdings Inc.

Attn: Cira Privacy

Email: support@hicira.com

Website: https://hicira.com