Privacy Policy

Oxphi (“Oxphi,” “we,” “us,” or “our”) provides an AI phone receptionist that answers inbound calls for home services businesses such as HVAC, plumbing, electrical, and roofing companies. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over it.

This policy applies to two groups of people:

• Customers — the business owners and authorized users provisioned with an Oxphi account who use our dashboard.
• Callers — the end users who phone a number powered by Oxphi and speak with one of our customers’ AI agents.

When we use the Service to handle calls on behalf of a Customer, the Customer is the controller of the resulting call data and Oxphi is the processor. Callers with privacy questions about a specific business should contact that business directly.

From Customers

When you onboard with Oxphi or use the dashboard, we collect:

• Account information — your name, email address, and phone number. Account access is authenticated by an API key issued by Oxphi. We do not collect or store passwords.
• Business information — your company name, business type, service area, agent configuration, and routing preferences.
• Billing information — payment method details (handled by our payment processor), billing address, and invoice history. Billing details are typically collected directly by Oxphi during onboarding rather than through self-service checkout.
• Usage data — pages viewed, features used, IP address, browser, device, and approximate location derived from your IP.
• Support communications — messages you send to support@oxphi.io or through other support channels.

About Callers

When someone calls a phone number powered by Oxphi, the Service processes the conversation and may collect:

• Voice recordings of the call from the moment the AI agent answers.
• Transcripts — written, time-coded versions of the recording.
• Caller identifiers — the inbound phone number, and any name the caller provides.
• Service-related details the caller shares during the conversation, including the address where service is needed, the nature of the issue (for example, a leaking water heater), preferred appointment times, and any other information offered.
• Call metadata — start and end time, duration, call outcome, and AI-generated lead score and summary.

We do not knowingly request, store, or process payment card numbers, Social Security numbers, or other sensitive financial identifiers from callers. If a caller volunteers that information unprompted, we recommend you redact it from transcripts after the fact.

• From lead inquiries — when a prospective customer submits our public lead capture form, we collect the business name, contact name, email, optional phone number, and service type. We do not collect passwords or payment details through this form.
• During onboarding — once a customer signs a service agreement with Oxphi, we collect additional business and billing details directly from the customer in order to provision the account, configure the AI agent, and set up invoicing.
• From Customers using the dashboard — when you log in, configure your agent, or contact support.
• Automatically through phone calls — our telephony layer captures audio and metadata for every inbound call answered by your AI agent.
• Automatically through the dashboard — we use cookies and similar technologies to keep you logged in, remember your preferences, and measure how the dashboard is used.

We use the information we collect to:

• Operate the Service — answer calls, transcribe and summarize them, score leads, and route the result to your dispatch destinations.
• Improve AI accuracy — tune and evaluate prompts, models, and lead-scoring logic so future calls are handled better.
• Bill you — calculate included calls, overages, and process payments through our payment processor.
• Provide customer support and respond to your questions.
• Maintain security — detect and prevent fraud, abuse, spam, and unauthorized access.
• Meet legal obligations — comply with applicable law, legal process, and enforce our Terms of Service.
• Communicate with Customers about product updates, service changes, and (where you have opted in) marketing.

We do not use call recordings or transcripts to train general-purpose AI models that would be made available to other customers or to the public.

Every call answered by Oxphi is recorded and transcribed. This is a core part of how the Service works — without recording, we cannot transcribe, summarize, or score leads.

• A recording disclosure is played as part of the standard agent greeting at the start of every call.
• The United States has a mix of one-party and two-party (or “all-party”) consent states. In two-party consent jurisdictions, all parties on the call must be informed before a recording begins.
• Customers are responsible for compliance with the recording consent laws that apply to their business and their callers. If you operate across state lines, take calls from outside the United States, or modify the standard agent greeting, you are responsible for ensuring lawful disclosure by other means.
• If a caller asks the agent not to record the call, the agent will explain that recording is part of how the Service works and the caller may end the call.

With our service providers

We share information with the third parties that help us deliver the Service, including:

• Retell AI — voice agent runtime and orchestration.
• Twilio — phone numbers, telephony, and call routing.
• OpenAI and Anthropic — language models used to power conversation, summarization, and lead scoring.
• Cloud hosting, payment processing, email delivery, error monitoring, and analytics providers we use to run the Service.

These providers act under written agreements that limit how they may use the information we share with them.

With the Customer

Call recordings, transcripts, summaries, lead scores, and caller-provided details are shared with the Customer who owns the phone number that received the call. The Customer can view and export this data through the Oxphi dashboard. If you are a caller and want to know how the business uses your information, please contact the business directly.

For legal reasons

We may disclose information if we believe in good faith that disclosure is required to comply with a subpoena, court order, or other legal process; to cooperate with law enforcement; to enforce our Terms of Service; or to protect the rights, property, or safety of Oxphi, our customers, or the public.

What we never do

We do not sell personal information to third parties, and we do not share call recordings, transcripts, or caller details with third-party advertisers or data brokers for marketing purposes.

We retain Customer account information and call data for the duration of the Customer’s subscription and for a reasonable archival period after cancellation, so that records remain available for billing reconciliation, dispute resolution, and legal compliance.

Customers may request earlier deletion of specific call recordings or transcripts, or of their account in full, by emailing support@oxphi.io. We will honor verifiable deletion requests subject to any overriding legal retention obligation.

We protect information using industry-standard practices, including:

• Encryption of data in transit (TLS) between your browser, our servers, and our service providers.
• Encryption at rest for call recordings, transcripts, and account data stored in our infrastructure.
• Role-based access controls so that only authorized personnel can access production systems.
• Logging and monitoring to detect unusual activity, and a process for responding to suspected security incidents.

No system is perfectly secure. If you become aware of a potential security issue, please report it to support@oxphi.io so we can investigate.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you and receive a copy of it.
• Correct information that is inaccurate or out of date.
• Delete your information, subject to limited exceptions (for example, where we must keep records for legal or accounting reasons).
• Receive your information in a portable, machine-readable format.
• Object to or restrict certain types of processing, where applicable.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect, the right to delete that information, and the right not to be discriminated against for exercising those rights.

Residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the GDPR and similar laws, including the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, email support@oxphi.io. If you are a caller, you generally need to direct your request to the business that operates the phone number you called — they are the controller of that data.

The Service is intended for businesses and is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact support@oxphi.io and we will take steps to delete it.

Oxphi is based in the United States, and our infrastructure and service providers are primarily located in the United States. If you access the Service from outside the United States, you understand that your information will be processed in the United States, which may have data protection rules that differ from those of your home country. By using the Service, you consent to that processing.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify active Customers through email or an in-product message. Your continued use of the Service after the effective date means you accept the updated policy.

Questions, requests, or concerns about this Privacy Policy or your information? Email us at support@oxphi.io.

Oxphi sends SMS text notifications to subscribed clients regarding inbound calls handled by their AI receptionist. By providing your mobile number and opting in, you consent to receive these notifications. Message frequency varies based on your call volume. Message and data rates may apply. Reply STOP to unsubscribe at any time, or HELP for assistance. No mobile information will be shared with, or sold to, third parties or affiliates for marketing or promotional purposes at any time. Mobile opt-in data and consent are used solely to deliver the Oxphi notification service you subscribed to.