Privacy policy

01Overview

Autophonix, LLC d/b/a ThunderPhone ("ThunderPhone," "we," "us") provides an AI-assisted telephony platform. This Privacy Policy explains what we collect, how we use and share it, and your rights. It applies to our website, product, and related services (the "Service").

If you use ThunderPhone through a business account, our Terms of Service govern your use, and our Data Processing Addendum describes our processor commitments when we handle Customer Personal Data on your organization's instructions.

02Who we are and how to contact us

Controller for website, account, and billing data: Autophonix, LLC d/b/a ThunderPhone.

Address: 505 Montgomery St. Suite 1100 #1019, San Francisco, CA 94111, USA

Contact: Privacy: privacy@thunderphone.com · Security: security@thunderphone.com · Legal: legal@thunderphone.com

EU representative (GDPR Art. 27)

Rickert Rechtsanwaltsgesellschaft mbH — Autophonix LLC, Colmantstrasse 15, 53115 Bonn, Germany · art-27-rep-autophonix@rickert.law

UK representative (UK GDPR Art. 27)

Rickert Services UK Ltd — Autophonix LLC, PO Box 1487, Peterborough, PE1 9XX, United Kingdom · art-27-rep-autophonix@rickert-services.uk

When we process Customer Content, such as call audio, recordings, transcripts, and related call data, for a business customer, we act as a processor under our DPA and your organization is the controller.

03What we collect

A. You provide

• Account details: name, email, phone, company, role, and workspace settings.
• Payment details: processed by Stripe. We receive tokens or identifiers; we do not store full card numbers.
• Support tickets, feedback, and communications.

B. Collected automatically

• Device and technical data: IP address, device/browser type, event logs, and diagnostics.
• Service usage and call metadata: numbers dialed or received, timestamps, duration, routing, and diagnostics.
• Cookies and similar technologies: essential storage for consent, login, sessions, and security. With your consent on the marketing site, we also use OpenReplay and Google Analytics where configured. Inside the signed-in product dashboard, operational product analytics and privacy-filtered session replay may run where enabled to operate, secure, support, debug, and improve the Service. See our Cookie Policy.

C. Optional recordings and transcripts

If your admin enables recording or transcription, we process call audio and derived transcripts to provide those features. We do not intentionally collect special categories of data; customers should avoid including them in Customer Content.

04How we use data

• Provide, maintain, and improve the Service; route calls; provide optional recording and transcription.
• Billing and account management, including per-minute usage charges.
• Security, fraud and abuse prevention, and DNC/TCPA compliance tooling.
• Troubleshooting, quality assurance, and product analytics, aggregated or de-identified where possible.
• Legal compliance and enforcement of our Terms.
• Recording and transcription responsibilities: customers are responsible for providing legally required notices and consents, including one-party or two-party recording consent where applicable, before enabling recording or transcription.

05Legal bases

Under GDPR and UK GDPR, we rely on contract to provide the Service, legitimate interests for security, abuse prevention, and product improvement, consent where required, and legal obligations for tax, audit, telecom, and other compliance needs.

06How we share data

• Subprocessors and service providers: vetted providers that host and operate the Service, including infrastructure, telephony, speech/model providers, payments, email, and analytics providers described in our DPA.
• Legal and compliance: to comply with law or protect rights, safety, or the Service.
• Business transfers: in connection with a merger, acquisition, or reorganization, with notice where required.

We do not sell or share personal information as defined by the California CPRA, and we do not use personal information for cross-context behavioral advertising.

07International transfers

Where we transfer personal data internationally, we rely on EU Standard Contractual Clauses and the UK Addendum with our vendors and subprocessors. See our DPA for details.

08Retention

We keep data only as long as needed for the purposes above or as required by law.

• Account and billing data: for the life of the account and for tax/audit after closure.
• Call recordings and transcripts, if enabled: retained per workspace settings, default 30 days where retention controls are available, configurable by your admin.
• Analytics: typically up to 24 months, then aggregated or deleted unless a shorter period is configured.
• Technical logs and diagnostics: typically about 13 months, unless needed longer for security, legal, or compliance reasons.

09Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing of, and port your personal data. To exercise rights, contact privacy@thunderphone.com or our EU/UK representatives for local authority matters. We will respond per applicable law.

10Security

We use industry-standard technical and organizational measures. If we learn of a Security Incident, we will notify affected customers without undue delay and within 72 hours of awareness where required.

11Children

The Service is not directed to children under 13, or the age defined by local law. We do not knowingly collect personal data from children. If you believe a child provided data, contact privacy@thunderphone.com.

12Changes to this policy

We may update this policy from time to time. We will post the new version here and update the Last updated date. If changes are material, we will provide additional notice, such as email or in-product notice.

13Contact us

Autophonix, LLC d/b/a ThunderPhone
505 Montgomery St. Suite 1100 #1019, San Francisco, CA 94111, USA
privacy@thunderphone.com · security@thunderphone.com · legal@thunderphone.com