TelPal

Privacy Policy

Last updated: 2026-06-17

1. Scope

This policy explains how TelPal handles personal data under the EU General Data Protection Regulation (GDPR). It covers our website (telpal.ai), the TelPal app, and the phone service itself. TelPal is a business phone service: inbound calls to your TelPal number ring in the app over the internet, and missed calls can go to voicemail. Live calls are never recorded — only voicemail messages are.

2. What we collect

  • Account data: name, email, business name, business address.
  • Number-eligibility (KYC) data required by national numbering rules: business registration number (e.g. KvK or CRO), identity document, and proof of address. Documents are uploaded to a private, access-controlled store in the EU and shared with our licensed carrier partner, which is legally required to verify them before a number can be activated.
  • Call records: caller and called numbers, timestamps, duration, and call outcome.
  • Voicemail: the audio message a caller chooses to leave, its automatic transcription, and an AI-generated summary delivered to your inbox and dashboard.
  • Voice-greeting scripts you write and the generated greeting audio.
  • Usage data: feature usage and login activity.
  • Billing data via our payment processor (we never store card numbers).

3. Callers to your number

When someone calls your TelPal number, we process their phone number and call metadata to route the call, and — if they choose to leave a voicemail — the recording and its transcription. For this caller data, you (the account holder) are the data controller and we act as your processor under our data processing agreement. Your voicemail greeting should tell callers that messages are recorded and transcribed — our default greetings include this notice.

4. Why and on what basis

  • Performance of contract — delivering the service you signed up for.
  • Legal obligation — verifying number-eligibility documents required by national numbering plans, bookkeeping, and lawful-disclosure obligations that apply to communications providers.
  • Legitimate interest — voicemail transcription and summarisation (so you can read messages instead of dialling in), abuse and fraud prevention, and service improvement.
  • Consent — non-essential cookies and product analytics (see section 9).

5. Where your data lives

Account data, call records, voicemail audio, transcripts, and eligibility documents are stored in the European Union. Voicemail audio is kept in a private bucket, accessible only through short-lived signed links from your dashboard. Email notifications carry only basic call details (caller number and time) and a dashboard link — never the transcript or the audio itself, which stay in your dashboard. Speech-to-text runs on EU infrastructure, and our telephony carrier processes calls and stores its records in the EU (your voicemail audio is removed from the carrier once it reaches our EU store). Where a sub-processor operates outside the EU/EEA (e.g. payments), transfers are covered by the European Commission's Standard Contractual Clauses or an adequacy decision — see our sub-processor list.

6. Retention

  • Voicemail audio: deleted automatically after 90 days (Solo) or 180 days (Team).
  • Voicemail transcripts and summaries: 12 months.
  • Call records: 12 months.
  • Number-eligibility documents: for as long as you hold the number, plus 24 months (numbering regulations require us to be able to evidence eligibility).
  • Account data: deleted within 30 days of account closure. Invoices and billing records are kept 7 years as required by bookkeeping law.

7. Sub-processors

We use a small number of vetted service providers — carrier infrastructure, EU database and storage, payments, transactional email, voice synthesis — each under a data processing agreement. The current list, including purpose, data involved, and region, is published at telpal.ai/subprocessors.

8. Lawful disclosure

As a communications service we can be legally required to disclose limited data (e.g. subscriber or call records) to competent national authorities. We disclose the minimum required, only against a valid legal order, and log every request.

9. Cookies and analytics

Essential cookies keep you signed in and remember your market, language, and currency choices. Non-essential tools — product analytics (EU-hosted) and the support chat widget — are only loaded with your consent, which you can change at any time via the cookie settings link in the footer.

10. Your rights

You can request access, rectification, erasure, restriction, portability, or object to processing by emailing privacy@telpal.ai. You can also delete your account, voicemails, and recordings directly from the dashboard. If you are a caller whose voicemail was recorded, contact the business you called or us. You may lodge a complaint with your local supervisory authority — in the Netherlands the Autoriteit Persoonsgegevens, in Ireland the Data Protection Commission — or with our lead supervisory authority, the Swedish Authority for Privacy Protection (IMY).

11. Who we are

The data controller for account data is the company behind TelPal: Dario Dario AB (org.nr. 559576-4415), Stockholm, Sweden, an EU-established company. Privacy questions: privacy@telpal.ai.