Privacy Policy

Effective Date: March 6, 2026 — Last Updated: April 26, 2026

Phoney ("we," "us," or "our") is a voice assistant app for automated phone calls. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Phoney mobile application and related services (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information. When you create an account, we collect your email address and password (hashed and never stored in plain text). If you sign in via Google or Apple, we receive your name, email address, and a unique provider identifier. We do not receive or store your Google or Apple password.

Profile Information. You may voluntarily provide your full name, phone number, date of birth, and mailing address to personalize the Service.

Task Data. When you create a task (e.g., scheduling a doctor's appointment or making a restaurant reservation), we store the task details you provide, including names, phone numbers, dates, times, and any special instructions.

Call Recordings and Transcripts. When Phoney places a call on your behalf, the call audio is processed in real time to conduct the conversation. Call transcripts are generated and stored so you can review the outcome. Call audio is not permanently stored after processing.

Device and Usage Data. We may collect device type, operating system version, and general usage analytics to improve the Service.

Feedback. After a call completes, you may optionally submit free-text feedback and a screenshot about your experience. When you submit feedback, we associate it with the related task record, which may include the task details you provided (e.g., names, phone numbers, appointment information), the call transcript, and the call outcome. This complete feedback record — including your comments, any screenshot, task details, transcript, and outcome — is stored on our servers and may be reviewed by our team solely for the purpose of improving Phoney's AI agent behavior, conversation quality, and overall service. Submitting feedback is entirely voluntary. You may use the Service without ever submitting feedback.

App Feedback. You may also submit general feedback about the app at any time, optionally including a screenshot of your screen. This feedback is stored and may be reviewed by our team for product improvement purposes.

2. How We Use Your Information

• To provide the Service: We use your account and task data to place automated phone calls, process conversations, and deliver results back to you.
• To authenticate you: We use your credentials (email/password, Google, or Apple tokens) to verify your identity and secure your account.
• To improve the Service: We use aggregated usage data and voluntary user feedback to analyze trends, refine our AI agent's behavior, and improve overall functionality. When you submit feedback, our team may review the associated feedback text, screenshots, task details, call transcript, and outcome to understand the context of your experience. This review is conducted solely for internal product improvement and is never used for advertising or shared with third parties.
• To communicate with you: We may send you service-related notifications, such as task completion updates or security alerts.

3. Third-Party Services

We use the following third-party services to operate Phoney. Each processes data as described below:

• Twilio — Provides telephony infrastructure to place and manage phone calls. Twilio processes the phone numbers dialed and call metadata. See Twilio's Privacy Policy.
• Anthropic (Claude AI) — Powers the AI conversation engine that conducts calls on your behalf. Task details and real-time call transcripts are sent to Anthropic's API for processing. See Anthropic's Privacy Policy.
• Deepgram — Provides speech-to-text and text-to-speech capabilities during calls. Call audio is streamed to Deepgram for real-time transcription and voice synthesis. See Deepgram's Privacy Policy.
• Google Sign-In — If you choose to sign in with Google, your Google account email and name are shared with us via Google's OAuth flow. See Google's Privacy Policy.
• Apple Sign-In — If you choose to sign in with Apple, your Apple ID email (or a private relay email) and name are shared with us via Apple's authentication flow. See Apple's Privacy Policy.
• Amazon Web Services (AWS) — Our servers are hosted on AWS Lightsail, and screenshots submitted as part of feedback are stored in AWS S3. Your data is stored and processed on AWS infrastructure in the United States. See AWS's Privacy Policy.
• ElevenLabs — Provides premium text-to-speech voices used during calls. When a premium voice is selected, the text of the AI's spoken responses is sent to ElevenLabs for audio synthesis. No personally identifiable information about you is sent; only the words the AI speaks are transmitted. See ElevenLabs' Privacy Policy.
• PostHog — Provides product analytics to help us understand how the app is used. PostHog receives anonymized usage events (such as which features you interact with, app version, and a randomly generated session identifier). If you are signed in, your internal user ID may be associated with these events so we can understand behavior across sessions. We do not send your name or email to PostHog. See PostHog's Privacy Policy.
• Sentry — Provides crash reporting and error monitoring for both the Phoney app and our backend. If the app or server encounters an error, Sentry receives a report containing the error details, stack trace, device type, operating system version, and app version. Personally identifiable information (such as your name, email, or task content) is not included in these reports. See Sentry's Privacy Policy.
• SendGrid (Twilio) — Delivers transactional emails such as password reset codes. When you request a password reset, your email address and the one-time code are sent to SendGrid for delivery. SendGrid does not receive any other account or task data. See SendGrid's Privacy Policy.

4. Data Storage and Security

Your data is stored on servers hosted by Amazon Web Services in the United States. We implement industry-standard security measures, including:

• Passwords are hashed using bcrypt before storage.
• Authentication tokens are signed using HMAC-SHA256 (HS256).
• All communication between the app and our servers occurs over HTTPS/TLS.
• Database access is restricted to authorized application processes only.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your account and task data for as long as your account is active. Call transcripts are retained so you can review past task outcomes. Feedback you submit, including any associated screenshots, task details, and transcripts, is retained for as long as your account is active. You may delete your account and all associated data at any time directly within the app (Settings → Privacy & Security → Delete Account) or by contacting us.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data and account.
• Portability: Request a machine-readable export of your data.
• Opt-out: You may stop using the Service at any time.

To exercise any of these rights, please contact us at support@phoneyapp-ai.com.

7. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Not be discriminated against for exercising your privacy rights.

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

8. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the app or by email. Your continued use of the Service after any changes constitutes your acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@phoneyapp-ai.com