Privacy Policy

1. Introduction

Welcome to TimkaMe.com ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered phone receptionist service.

By using our service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Business name, contact details, email address, phone numbers
• Payment Information: Credit card details (processed securely through Stripe)
• Business Configuration: Operating hours, services offered, AI assistant settings

2.2 Information Collected Automatically

• Call Data: Phone numbers, call duration, timestamps, call recordings. All calls are recorded and callers are informed at the beginning of each call
• Voice Transcripts: Transcriptions of customer conversations with the AI assistant
• AI Analysis: Automated summaries, sentiment analysis, and topic detection from call recordings (powered by Deepgram)
• Customer Data: Names, phone numbers, appointment details collected during calls
• Usage Data: Service usage statistics, feature interactions, system performance metrics
• Technical Data: IP addresses, browser type, device information, cookies

2.3 SMS Communications Data

• Phone Numbers: Customer phone numbers for appointment confirmations and reminders
• Message Content: SMS message delivery status and timestamps
• Consent Records: Records of customer consent to receive SMS notifications
• Opt-out Requests: Records of customers who have opted out of SMS communications

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide and maintain our AI phone receptionist service
• Call Processing: To process incoming calls, transcribe conversations, and extract relevant information
• Appointment Management: To schedule, confirm, and send reminders for appointments
• SMS Notifications: To send appointment confirmations and reminders to your customers (with their consent)
• Customer Support: To respond to your inquiries and provide technical assistance
• Service Delivery and Dispute Resolution: To analyze usage patterns, ensure service quality, and resolve any disputes
• Billing: To process payments and manage subscriptions
• Legal Compliance: To comply with applicable laws and regulations
• Security: To detect, prevent, and address fraud and security issues

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our service:

• Twilio: Phone calls, call recordings, and SMS delivery — receives phone numbers, call audio, and SMS content (Twilio Privacy)
• OpenAI: Real-time AI conversation processing and text-to-speech voice synthesis — receives call audio and transcriptions for AI inference, generates AI voice audio for calls. Data is NOT used to train AI models per OpenAI API data usage policy (OpenAI API Data Policy)
• Deepgram: Speech recognition, audio intelligence (summary, sentiment, topics) — receives call recordings for analysis (Deepgram Privacy)
• Stripe: Payment processing — handles all credit card data directly (PCI-DSS Level 1 compliant). We never store card numbers (Stripe Privacy)
• Supabase: Secure database hosting — stores all business and customer data (Supabase Privacy)
• Hetzner: Cloud hosting infrastructure (EU/US data centers) (Hetzner Privacy)
• Cloudflare: CDN, DNS, DDoS protection, and web analytics (Cloudflare Privacy)
• Resend: Transactional email delivery — sends account notifications, usage alerts, and support communications (Resend Privacy)
• Cloudflare Email Workers: Email routing — processes inbound support emails for routing to our systems (Cloudflare Privacy)

4.2 Data Processor and Controller

Under applicable data protection laws, TimkaMe.com acts as a Data Processor on behalf of our business subscribers (the Data Controllers). We process end-customer data only as instructed by the business subscriber and as necessary to provide the Service. We do not independently determine the purposes of processing end-customer personal data.

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.5 We Do NOT:

• ❌ Sell your personal information to third parties
• ❌ Share your customer data with advertisers
• ❌ Use your data for unrelated marketing purposes

5. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data in transit is encrypted using TLS/SSL
• Secure Storage: Data at rest is encrypted in secure databases
• Access Controls: Strict access controls and authentication mechanisms
• Monitoring: Continuous security monitoring and threat detection
• Compliance: Regular security audits and compliance reviews

IMPORTANT: However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security and are not liable for unauthorized access, hacking, data loss, or other security breaches beyond our reasonable control.

6. Data Retention

• Account Data: Retained while your account is active and for 90 days after closure
• Call Recordings: Automatically deleted after 90 days from both our database and Twilio servers
• Transcripts and AI Analysis: Automatically deleted after 90 days
• Call Metadata: Duration, timestamps, and status retained for billing and service delivery purposes (duration of account + 90 days)
• Customer Appointments: Retained for 2 years for business records
• SMS/Call Consent Records: Retained for minimum 5 years as required by TCPA compliance
• Payment Records: Retained for 7 years as required by tax laws
• Support Tickets: Retained for 2 years after resolution
• Error and Audit Logs: Retained for 30 days for troubleshooting and security

Recordings and transcripts are automatically purged from our systems after 90 days via a daily automated process. This includes deletion from both our database and third-party storage (Twilio). This process cannot be reversed. If you need to retain recordings longer, please export them before the 90-day period expires.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to access, update, or correct your personal information through your account dashboard.

7.2 Data Deletion

You can delete your data directly through your account dashboard (Settings > Delete My Data), or by contacting us at privacy@timkame.com. You may choose to delete:

• Recordings only: Removes all call recording files
• Transcripts only: Removes all transcripts and AI analysis data
• All personal data: Removes recordings, transcripts, and anonymizes customer records

Note: Consent records are retained for 5 years per TCPA requirements and cannot be deleted upon request. Call metadata (duration, timestamps) is retained for billing purposes.

7.3 SMS Opt-out

Your customers can opt out of SMS communications by:

• Replying STOP to any SMS message
• Contacting your business directly
• Emailing us at support@timkame.com

7.4 Outbound Call and SMS Opt-out

We only make outbound calls and send SMS to customers with an existing business relationship and explicit consent. Outbound calls are limited to: appointment follow-ups, missed call callbacks, service completion follow-ups, estimate follow-ups, and seasonal reminders. We never make cold calls or send unsolicited marketing messages. Outbound calls are only placed between 8:00 AM and 9:00 PM in the recipient's local time zone, in compliance with TCPA.

To opt out of all outbound communications, contact us at support@timkame.com or reply STOP to any SMS.

7.5 Cookies and Analytics

We use the following cookies and analytics tools:

• Google Analytics (G-7G04E5DXFD): Tracks website usage and visitor behavior for service improvement — Google Analytics Privacy. Opt out: Google Analytics Opt-out
• Cloudflare Web Analytics: Privacy-first analytics for CDN performance — Cloudflare Privacy
• Session Cookies: Essential cookies to keep you logged in to your account dashboard

You can control cookies through your browser settings. Disabling cookies may affect service functionality.

7.6 Do Not Track

We do not currently respond to "Do Not Track" browser signals.

8. Children's Privacy

Our service is designed for business use and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@timkame.com.

For users between 13 and 18, our service may only be used with parental or guardian consent and supervision, and only in the context of a legitimate business purpose.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Specifically, data may be processed in the following locations:

• United States: Our primary servers are hosted on Hetzner infrastructure in the US. Supabase database hosting is also US-based.
• United States (Third-Party Processors): Twilio (telephony), OpenAI (AI processing), Deepgram (speech recognition), and Stripe (payments) primarily process data in the United States.
• European Union: Hetzner also operates data centers in Germany and Finland. Cloudflare edge nodes may process data across multiple global locations.

We ensure appropriate safeguards are in place to protect your data during international transfers, including reliance on Standard Contractual Clauses (SCCs) where applicable, and contractual commitments from our sub-processors to maintain equivalent data protection standards. We maintain Data Processing Agreements (DPAs) with our AI service providers, including OpenAI and Deepgram, to ensure your data is processed in accordance with applicable data protection laws. For questions about international transfers or to request a copy of our DPAs, contact privacy@timkame.com.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: Request information about data collection and sharing
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell data). Visit our Do Not Sell My Personal Information page for details
• Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, use the self-service data deletion feature in your account dashboard or contact us at privacy@timkame.com. We will respond to verifiable consumer requests within 45 days.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page with an updated "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in your account dashboard

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: privacy@timkame.com
• Support: support@timkame.com
• Address: TimkaMe.com, New York, NY 10001, United States