Autoli Autoli
Talk to sales
Legal

Privacy Policy

Effective date: April 23, 2026 · Last updated: April 23, 2026

This Privacy Policy explains how Autoli, Inc. ("Autoli," "we," "us") collects, uses, shares, and protects personal information when you use our websites, applications, APIs, and voice AI services (collectively, the "Services"). Please read it alongside our Terms of Use.

1. Introduction

We respect your privacy. This policy describes the personal information we collect, why we collect it, and what rights you have over it. By using the Services you acknowledge that you have read and understood this policy.

2. Who We Are

Autoli is an AI-native customer-relationship management platform. We provide lead, contact, deal, pipeline, voice AI, WhatsApp, and email tools to businesses. References to "we," "us," or "our" in this policy mean Autoli, Inc. and its affiliates.

3. Scope & Roles

3.1 When we are a Controller

For information we collect directly — for example, when you visit our website, sign up for an account, contact us, or apply for a job — we act as the "controller" (or "business" under CCPA).

3.2 When we are a Processor

When our business customers ("Customers") use the Services to process information about their end users (e.g., their leads, contacts, or call recipients), we act as a "processor" (or "service provider" under CCPA) on behalf of that Customer. In that case, the Customer is the controller and is responsible for notifying end users, obtaining consent where required, and honoring their rights. We handle that data only as instructed by the Customer and per our Data Processing Addendum ("DPA").

If you are an end user (e.g., a lead, contact, or call recipient) and have a question about data held by one of our Customers, please contact that Customer directly.

4. Definitions

  • "Personal Information" means any information that identifies or can reasonably be linked to an identified or identifiable individual.
  • "Customer Data" means data submitted to or generated by the Services by or on behalf of a Customer, including lead records, call recordings, and messages.
  • "Sub-Processor" means a third party engaged by us to process personal information on our behalf in connection with the Services.

5. Information We Collect

5.1 Information you provide

  • Account information — name, email, phone, business name, password, role, profile details.
  • Sales-inquiry information — information you submit through our "Talk to sales" form or other contact forms.
  • Billing information — billing address, tax identifiers; payment card details are collected and stored by our payment processor.
  • Content — information you upload, import, or type into the Services (e.g., leads, contacts, deals, campaigns, templates, agent prompts).
  • Support & correspondence — information you share when you contact us for help, feedback, or sales.

5.2 Information collected automatically

  • Device & log data — IP address, device and browser type, operating system, referrer, timestamps, pages viewed, and error logs.
  • Usage analytics — feature interactions, API calls, session duration, and similar product telemetry.
  • Cookies & similar — see Section 7.

5.3 Information from third parties

  • Integrations — if you connect a third-party account (e.g., Twilio, Plivo, WhatsApp Business, Google, Microsoft, OpenAI), we receive data per the scopes you authorize.
  • Identity & fraud-prevention providers — we may receive enrichment or verification signals to protect against abuse.
  • Publicly available sources — for business-prospect enrichment where lawful.

6. Voice AI, Calls & Messaging Data

Because the Services include voice AI agents and messaging, we process additional categories of information on behalf of Customers:

  • Agent configuration — prompts, voice, language, skills, phone numbers, and tool bindings configured by the Customer.
  • Call metadata — date/time, duration, caller/callee numbers, call outcome, cost.
  • Call recordings & transcripts — where enabled by the Customer and permitted by law.
  • AI-generated summaries — summaries and extracted data from a call or conversation.
  • Messages — WhatsApp, SMS, and email content sent or received through the Services.
  • Integration credentials — API keys and OAuth tokens, encrypted at rest.

Customers are responsible for obtaining any consents required for call recording, message retention, and automated dialing (see our Terms, Section 8).

7. Cookies & Similar Technologies

We use cookies and similar technologies to operate the Services, remember your preferences, keep you signed in, measure performance, and understand how the Services are used. Categories we use:

  • Strictly necessary — required to deliver the Services (e.g., authentication, security).
  • Preferences — remember settings such as theme or language.
  • Analytics — help us understand aggregate usage.

You can control cookies via your browser settings. Disabling cookies may affect how the Services work.

8. How We Use Information

We use personal information to:

  • provide, operate, and maintain the Services;
  • create and manage your account and authenticate you;
  • process transactions and manage billing;
  • respond to inquiries and provide customer support;
  • send administrative messages (e.g., service notices, security alerts);
  • send marketing communications about our products (you can opt out at any time);
  • measure and improve the Services, including reliability, performance, and feature usage;
  • detect, prevent, and investigate fraud, abuse, or illegal activity;
  • comply with legal obligations and enforce our Terms.

We do not sell or rent your personal information. We do not use Customer Data to train foundation or third-party generative AI models without the Customer's consent. We may use de-identified and aggregated data to improve our Services.

9. Legal Bases for Processing (GDPR / UK GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract — to perform our agreement with you (e.g., provide the Services).
  • Legitimate interests — to run, secure, and improve our business; to market to existing customers; and to prevent fraud. We balance these interests against your rights.
  • Consent — where required, for example for certain marketing communications or non-essential cookies.
  • Legal obligation — to comply with law (e.g., tax, accounting, responding to lawful requests).

10. Disclosure & Sharing

We share personal information only as described below:

  • Sub-Processors & vendors — cloud hosting, telephony, AI model providers, payment processors, customer-support tools, email providers, and analytics. They handle information under contractual obligations.
  • Integrations you authorize — when you connect a third-party service, data flows according to the scopes you grant.
  • Other Customer users — data within a Customer's workspace is visible to the users that Customer authorizes.
  • Legal & safety — to comply with law, lawful requests, or to protect rights, property, or safety.
  • Corporate transactions — in connection with a merger, acquisition, financing, or sale of assets; you will be notified of any resulting change in data practices.
  • With your consent — for any other purpose disclosed to you.

11. Sub-Processors

We engage carefully selected sub-processors to help us deliver the Services. Typical categories include:

  • Cloud infrastructure and hosting;
  • Telephony providers (e.g., Twilio, Plivo);
  • Messaging providers (e.g., WhatsApp Business via Meta);
  • AI model providers (e.g., OpenAI, Google, Anthropic);
  • Email sending and deliverability providers;
  • Payment processors;
  • Analytics, observability, and error-monitoring tools;
  • Customer-support tools.

A current list of sub-processors is available on request at privacy@autoli.in. We remain responsible for sub-processor compliance with applicable data-protection obligations.

12. International Data Transfers

Autoli is headquartered in the United States, and we may process information in the U.S., India, and other countries where we or our sub-processors operate. Where we transfer personal information outside of the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or an alternative lawful mechanism.

13. Data Retention

We retain personal information for as long as needed to provide the Services, to comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by data type and context.

For Customer Data: we retain it while the Customer's account is active and delete or return it within thirty (30) days of termination on request, subject to exceptions required by law. Customers can also delete records at any time through the Services.

14. Security

We implement administrative, technical, and physical safeguards designed to protect personal information — including encryption in transit and at rest, access controls, logging, role-based permissions, and regular security reviews. No system is perfectly secure; we cannot guarantee the absolute security of your information.

15. Your Privacy Rights

Subject to applicable law, you may have the right to:

  • access and obtain a copy of your personal information;
  • correct inaccurate or incomplete personal information;
  • delete your personal information;
  • restrict or object to certain processing;
  • port your information to another service;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with a supervisory authority.

To exercise these rights, contact us at privacy@autoli.in. We may need to verify your identity before responding. If you are an end user of a Customer's workspace, please direct requests to that Customer first — they are the controller of that data.

We do not discriminate against you for exercising any of these rights.

16. California (CCPA/CPRA) Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended ("CCPA/CPRA"):

  • Right to know — the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
  • Right to delete — subject to exceptions.
  • Right to correct — inaccurate information.
  • Right to opt out — of sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Right to limit — the use of sensitive personal information. We do not use sensitive personal information for purposes requiring this option.
  • Right to non-discrimination.

To exercise these rights, email privacy@autoli.in. You may designate an authorized agent to make a request on your behalf.

17. India (DPDP Act) Rights

If you are in India, the Digital Personal Data Protection Act, 2023 may apply to our processing. You have rights to access, correct, update, and erase personal data, the right to grievance redressal, and the right to nominate. To exercise these rights or reach our Grievance Officer, email privacy@autoli.in.

18. Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, children under the age of 16 (or such higher age as required by local law). If you believe we have inadvertently collected information from a child, please contact us and we will take steps to delete it.

19. AI Transparency & Automated Decisions

Our Services include AI features such as voice agents, AI assistants, and automated summaries. We do not use AI to make decisions that produce legal or similarly significant effects about you without human review. When you interact with an AI voice agent through the Services, Customers are required to make any disclosures required by law. You can always request human review by contacting the Customer you are interacting with or, where we are the controller, by contacting us.

20. Do-Not-Track

Some browsers offer a "Do-Not-Track" signal. Because there is no uniform standard, our Services do not currently respond to DNT signals. We otherwise honor opt-out preferences as described in this policy.

Our Services may contain links to third-party websites or services that are not owned or controlled by us. This policy does not apply to those third parties. We encourage you to review their privacy policies before providing them information.

22. Changes to this Policy

We may update this policy to reflect changes in our practices or legal requirements. If the changes are material, we will provide notice by updating the "Last updated" date at the top of this policy and, where appropriate, by email or in-app notice. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

23. Contact Us

If you have questions about this Privacy Policy or how we handle personal information, please contact:

Autoli, Inc. — Attn: Privacy
Email: privacy@autoli.in
Support: hello@autoli.in
Legal: legal@autoli.in

For residents of the EEA or UK, our EU/UK representative can be reached at the address above until a local representative is appointed.

← Back to autoli.in