Privacy
at DialPhone.

The honest privacy question for any business communications platform is not whether the vendor signs a generic Data Processing Agreement — every paid SaaS does. The real question is what the vendor's economic incentive looks like behind that DPA. Vendors that monetize ad surfaces, sell aggregated usage data to brokers, or use customer conversations to train shared AI models have economic pressure to find clever ways around the DPA at the margin. DialPhone monetizes through subscription fees only. There is no ad surface, no data-broker relationship, and no shared-model training on customer data.

The six commitments below describe how that economic model translates into product-level behavior. Customer data is customer's data means call recordings, transcripts, SMS, and AI summaries belong to the customer's account — we process them only to deliver the service, retention follows the customer's policy, and the customer can export or delete on demand. No sale of data is explicit in the DPA and the CCPA / CPRA page. No model training without opt-in means shared foundation models (Anthropic, OpenAI, Google) never see customer conversations as training inputs — only inference, and customer opt-in fine-tunes are isolated per workspace.

Procurement validation lives across three sibling pages. The subprocessor registry publishes every third party that touches customer data with 30-day advance notice on changes. The Trust Center covers the certification matrix (SOC 2, HIPAA, GDPR, PCI, FINRA, ISO 27001). The Responsible AI page details PII redaction at the inference boundary and per-decision audit logs. For specific data-residency questions, email [email protected].