Privacy Policy

Introduction

Katora provides AI-powered call answering and appointment booking services for field service businesses. We are committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your personal information.

By using Katora, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.

Information We Collect

Account Information

When you create a Katora account, we collect:

• Company name and business type
• Owner name and contact information
• Phone number
• Email address
• Service area and business hours

Service Configuration Data

To provide our AI receptionist service, we collect:

• Trade type and service offerings
• Pricing ranges
• Business hours and availability
• Custom prompts and instructions for your AI agent
• Emergency handling preferences
• Service area information

Google Calendar Data

When you connect your Google Calendar, we access and store:

• OAuth access and refresh tokens
• Calendar events and availability
• Calendar event metadata (titles, times, descriptions)
• Primary calendar ID

We only access calendars you explicitly authorize and only for the purpose of booking appointments on your behalf.

Call Data

For every call handled by your AI receptionist, we collect:

• Call recordings and transcripts
• Caller information provided during the call (name, phone number, address)
• Service requested and preferred appointment times
• Call duration and timestamp
• Call outcome (booking completed, callback requested, etc.)
• Language detected during the call
• Additional notes or context from the conversation

Usage Data

We automatically collect information about how you use our platform:

• Login history and session information
• Features used and settings configured
• Dashboard interactions and page views
• Time spent on the platform

Technical Data

We collect technical information to provide and improve our services:

• IP addresses
• Browser type and version
• Device information (type, operating system)
• Cookies and similar tracking technologies
• Error logs and diagnostic data

How We Use Your Information

We use the information we collect to:

• Provide our core service: Answer incoming calls with your AI receptionist, understand caller needs, and book appointments
• Manage calendar appointments: Create, update, and manage events in your connected Google Calendar based on customer requests
• Process and analyze calls: Transcribe, analyze, and extract information from call recordings to improve service quality and provide insights
• Billing and payments: Process subscription payments and maintain billing records
• Customer support: Respond to your questions, troubleshoot issues, and provide technical assistance
• Service improvements: Analyze usage patterns to improve features, fix bugs, and develop new functionality
• Security and fraud prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity
• Communications: Send you service updates, security alerts, and administrative messages
• Legal compliance: Comply with applicable laws, regulations, and legal processes

Third-Party Services

Katora integrates with the following third-party services to provide our platform. Each service has its own privacy policy and data handling practices:

Cloud Authentication and Database Provider

We use a third-party cloud platform for user authentication and database hosting. Your account data and service information are stored on this provider's secure infrastructure, which employs industry-standard security measures including encryption at rest and in transit and maintains SOC 2 Type II compliance.

Google Calendar API

When you connect your Google Calendar, we access your calendar data through the Google Calendar API. We only request the minimum necessary scopes (calendar.events and calendar.events.freebusy) to book appointments. Google's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Voice AI Platform Provider

We use a third-party voice AI platform to power the conversation capabilities of your AI receptionist. Call recordings, transcripts, and analysis data are processed through this provider's platform. Our voice AI provider does not use your data to train models for other customers.

Phone Infrastructure Provider

Phone numbers are provisioned and calls are routed through a third-party telecommunications provider. This provider processes call metadata and routing information necessary to deliver phone service.

Google Analytics

We use Google Analytics to understand how users interact with our platform and to improve the service. Google Analytics collects information such as page views, session duration, device and browser information, and approximate geographic region. This data is collected through cookies and is processed by Google. We use this information solely for analytics purposes, not for advertising. For more information, see Google's Privacy Policy.

Data Sharing, Transfer, and Disclosure

We do not sell your personal data or Google user data to any third party. We only share, transfer, or disclose data as described below:

Google User Data

When you connect your Google Calendar, we access calendar event data and availability information through the Google Calendar API. This Google user data is shared with the following third parties solely to provide the appointment booking functionality of our service:

• Voice AI Platform (Retell AI): Calendar availability data is shared with our voice AI provider so the AI receptionist can check open time slots and book appointments on your behalf during phone calls. Retell AI only receives availability information necessary to schedule appointments.
• Cloud Database Provider (Supabase): Google OAuth tokens and calendar metadata are stored in our database hosted on Supabase's secure infrastructure to maintain your calendar connection.

We do not share, transfer, or disclose Google user data to any other third parties, advertising networks, data brokers, or information services. Google user data is not used for serving advertisements or any purpose other than providing and improving the appointment booking features of our service.

Other Data Sharing

Beyond what is described above, we may share your information in the following limited circumstances:

• Legal requirements: When required by law, subpoena, court order, or other legal process
• Safety and rights: To protect the rights, property, or safety of Katora, our users, or the public
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
• With your consent: When you explicitly authorize us to share your data with a specific third party

Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it:

• Encryption: All data is encrypted in transit using TLS/HTTPS and at rest using industry-standard encryption
• Access controls: Strict authentication and authorization mechanisms limit access to your data
• Regular security audits: We conduct periodic security reviews and vulnerability assessments
• Employee access: Access to customer data is restricted to authorized personnel on a need-to-know basis
• Secure infrastructure: We use reputable cloud providers with SOC 2 Type II compliance

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained while your account is active, plus 90 days after account deletion to allow for reactivation
• Call recordings and transcripts: Retained for 1 year or as long as your account is active, whichever is longer
• Google OAuth tokens: Retained until you disconnect your calendar or delete your account
• Billing records: Retained for 7 years to comply with tax and accounting requirements
• Aggregated analytics: May be retained indefinitely in anonymized form

After the retention period, we securely delete or anonymize your data.

Your Rights and Choices

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

• Right to Know: You have the right to request disclosure of the personal information we collect, use, and disclose about you
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. Note: We do not sell your personal information
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights

To exercise these rights, please contact us at hello@getkatora.com. We will verify your identity before processing your request and respond within 45 days.

All Users

Regardless of your location, you have the following rights:

• Access your data: Request a copy of the personal information we hold about you
• Correct inaccuracies: Update or correct your account information through your dashboard or by contacting us
• Delete your account: Request deletion of your account and associated data
• Disconnect integrations: Revoke Google Calendar access at any time through your account settings
• Opt-out of marketing: Unsubscribe from promotional emails using the link in any marketing message
• Data portability: Request an export of your data in a commonly used format

Data deletion requests

You can request deletion of your personal data at any time by emailing hello@getkatora.com with the subject line "Data Deletion Request." Include the email address associated with your account. We will confirm receipt and complete the deletion within 30 days.

Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session and improve your experience:

• Essential cookies: Required for authentication and core platform functionality (authentication session cookies)
• Preference cookies: Remember your settings and preferences
• Analytics cookies: Used by Google Analytics to help us understand how you use the platform, including page views, session duration, and navigation patterns

Google Analytics cookies are used for analytics purposes only, not for advertising or ad targeting. We do not use third-party advertising cookies or tracking pixels. You can disable cookies through your browser settings, but this may affect the functionality of certain features.

Children's Privacy

Katora is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@getkatora.com and we will delete such information from our systems.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform or dashboard

Your continued use of Katora after any changes indicates your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within 45 days.