Skip to legal content
Padoori Padoori
← Back to Home

Legal & Trust

  • Terms of Service
  • Privacy Policy
  • Data Processing Addendum (DPA)
Home / Legal / Privacy Policy

Privacy Policy

Last updated: June 6, 2026

At Padoori Enterprise Systems, Inc. ("Padoori", "we", "us", or "our"), we respect your privacy and are committed to protecting the personal data of our customers ("Customers", "you") and the individuals who interact with our conversational voice systems ("Callers", "End Users").

This Privacy Policy describes how we collect, use, store, and process personal data when you use the Padoori SaaS platform, when callers interact with a Padoori conversational AI voice agent, or when you submit a lead through our forms.

1. Information We Collect

We process data to deliver secure, grounded, low-latency voice services. This data falls into two primary categories:

1.1 Customer Account Data

This is information you provide when registering an account, booking onboarding calls, or utilizing our portal:

  • Contact information: Name, work email, phone number, company name, position, and industry.
  • Billing information: Corporate card details and billing address (processed securely via Stripe).
  • Authentication credentials: Usernames, API keys, and connection tokens for third-party integrations (e.g. Clio or Salesforce).

1.2 Caller Session Data

When an end user calls your Padoori voice agent, we automatically process and collect information on your behalf as a data processor:

  • Voice Audio: Real-time audio streams are captured and routed to transcription engines.
  • Call Transcripts: Audio streams are transcribed into text logs in real time.
  • Call Summaries: Generative models summarize the intent, outcome, and structural data collected during the call.
  • Telephony Metadata: Caller ID (phone number), time stamps, call duration, connection latencies, and routing data.

2. How We Use Information

We use the collected data for the following purposes:

  • To operate, maintain, and support the Padoori voice agent infrastructure.
  • To provide real-time speech-to-text, cognitive response rendering, and text-to-speech pipelines.
  • To sync captured lead criteria and calendar appointments directly to your target CRM.
  • To send immediate notifications (such as Slack alerts or Gmail notifications) of finished call summaries to your operations team.
  • To comply with regulatory laws and prevent fraudulent activity.

3. Third-Party Data Sharing & Subprocessors

Padoori does not sell or lease caller transcripts or data. To execute our sub-500ms voice pipeline, we share transient streams with the following categories of secure infrastructure subprocessors:

Subprocessor Type Service Purpose Data Transferred
Telephony Providers Carrier routing, SIP trunking (e.g., Twilio, Telnyx) Caller ID, VoIP audio streams
Speech Processing APIs Real-time Speech-to-Text & Text-to-Speech (e.g., Deepgram, Cartesia) Transient raw voice streams & text transcripts
Language Model Providers Cognitive reasoning & response formatting (e.g., Anthropic, OpenAI) Transient text prompts & RAG context (no training allowed)
Database & Hosting Platform operations, RAG vectors, and database storage (AWS, Supabase) Customer account metrics, templates, and call records
Note: All data shared with speech and language APIs is processed under zero-data-retention (ZDR) terms, meaning subprocessors are contractually prohibited from using your data to train their models.

4. Call Data Retention

We retain Call Session Data on your behalf in accordance with your account configuration. By default, call transcripts, call summaries, and audio recordings are stored securely in our platform database for 90 days to allow RAG diagnostics and performance auditing. Customers may configure custom retention schedules, including auto-deletion configurations (e.g., immediate deletion upon CRM sync completion).

5. Security Controls & HIPAA Compliance

Padoori takes data security seriously. We maintain standard security measures including:

  • Encryption of all data in transit (TLS 1.3) and at rest (AES-256).
  • SOC 2 Type II compliance framework audits conducted annually.
  • Dedicated HIPAA-compliant pipeline configurations for healthcare clients, featuring isolated database storage and Business Associate Agreements (BAAs).
  • Role-Based Access Control (RBAC) limiting administrative access to production systems.

6. Data Subject Rights (CCPA/GDPR)

Depending on your location, you or your callers may have rights regarding their personal data, including the right to access, correct, delete, or restrict processing of their data. Because Padoori processes Caller Session Data as a processor on behalf of our business clients, callers wishing to exercise these rights should contact the company that owns the telephone line. Padoori will assist our customers in responding to such requests.

© 2026 Padoori Inc. All rights reserved.

Secure, low-latency, deterministic enterprise voice agents.