How EnvokeAI collects, stores, and protects your data.
We collect information that you provide when signing up, booking a demo, or using our platform. This may include contact details (such as your name, email, phone number, and business information), content you upload (knowledge base documents, FAQs, transcripts, and scripts), and usage data such as chatbot conversations, call transcripts, lead details, and analytics logs. We may also record support interactions when you contact our team.
We use your information to deliver and improve our services, train and run your AI agents, provide customer support, process payments, and meet our legal obligations. Data may also be used to generate anonymised insights such as performance analytics. We do not sell or rent your data to third parties. Where you provide API keys (e.g. OpenAI, Twilio, Deepgram, ElevenLabs), these are used solely for connecting your services and remain under your control.
EnvokeAI is hosted on AWS EC2 in Sydney for low latency across Aotearoa and Australia. All data is encrypted at rest and in transit (HTTPS/TLS). By default, we retain conversation logs and transcripts for 90 days to support analytics and reporting, unless otherwise agreed in your contract. You may request shorter or longer retention periods based on your business requirements.
We only share data with trusted processors necessary to deliver the service (for example AWS for hosting, Stripe for payments, or the AI providers you choose to connect). These providers are bound by strict security and confidentiality obligations. Data is never shared with third parties for marketing purposes.
Under the New Zealand Privacy Act 2020, you have the right to access, correct, or delete the personal information we hold about you. You can also request to restrict processing or export your data. To exercise these rights, contact us at [email protected]. We will respond within a reasonable timeframe.
We may use cookies and similar technologies to improve site performance, understand usage, and support secure login sessions. You can adjust cookie settings in your browser, though some features of the platform may not function correctly if cookies are disabled.
We apply multiple layers of security including encryption, access controls, and audit logging. Only authorised personnel have access to customer data, and all staff follow strict confidentiality requirements. Model transparency tools allow you to trace agent outputs back to source documents, with optional redaction for sensitive material.
We may update this privacy policy from time to time to reflect changes to our services, technology, or legal requirements. When we do, we will update the “Last updated” date at the top of this page. Significant changes will be communicated directly to customers where appropriate.
If you have any questions about this policy or how your information is handled, please contact our privacy team at [email protected].