Skip to main content
UltisAISign in
Legal

Privacy Policy

Last updated: April 23, 2026

1. Who we are

UltisAI is operated by UltisAI Ltd, a company registered in New Zealand. This policy explains what data we collect when you use our AI phone receptionist service and how we handle it.

2. What we collect

  • Account data: business name, owner name, email, phone number, address, plan.
  • Call data: audio recordings, transcripts, caller phone numbers, timestamps, and metadata for calls handled by your AI agent.
  • Usage data: login times, IP address, browser, and actions in your dashboard.
  • Billing data: handled by Stripe; we store only the last four digits and expiry of payment methods.

3. How we use it

To provide the service (answer patient calls, capture intake, book appointments), improve our models, send product emails, and meet legal obligations. We do not sell your data. We do not train foundation models on your call recordings without explicit opt-in.

4. Subprocessors

We share limited data with vetted providers that run our infrastructure:
  • Retell AI — voice model orchestration
  • Twilio — telephony (calls, SMS)
  • Supabase — application database and auth
  • Vercel — application hosting
  • Stripe — payment processing
  • Resend — transactional email
  • Anthropic — AI models (Claude) for call summaries and quote generation
Each is bound by their own DPA. A current list is always available at this URL.

5. Where your data lives

Application data is hosted in the United States (Supabase / Vercel). Call recordings are stored in the region closest to your business phone number. We can provide EU or AU-hosted options on request for enterprise plans.

6. How long we keep it

Call recordings and transcripts: 12 months by default, configurable in your dashboard. Account data: for the life of your account plus 30 days after cancellation. Billing records: 7 years (tax law).

7. Your rights

You can access, export, correct, or delete your data at any time via the dashboard, or by emailing ericlu@ultisai.com. We respond within 30 days.

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Secrets are managed via Vercel and Supabase Vault. Access to production is restricted to authorized engineering staff and logged. See our security page for details.

9. Children

UltisAI is a B2B product. We do not knowingly collect data from anyone under 18.

10. Changes

We'll notify customers by email of material changes at least 30 days before they take effect.

11. Contact

Questions? Email ericlu@ultisai.com.