Privacy Policy

HearBack (“we”, “us”) provides a service that places AI-assisted phone calls to sales leads who submit forms on WordPress websites operated by our customers (“site owners”). This policy explains, in plain English, what data we handle and why. It is a pilot-stage policy; we will expand it as the service grows, and we will not weaken it retroactively.

Data we process on behalf of site owners

When a visitor submits a form on a site running the HearBack plugin, the plugin sends us the information needed to place and document one phone call:

We process this data as a service provider to the site owner, solely to place the call, qualify the lead, and report the results back to that site owner. We do not sell lead data, use it for advertising, or contact leads for any purpose other than the call the site owner configured.

Calls are recorded and transcribed

Calls placed by HearBack are transcribed, and audio may be recorded and retained by our voice-AI and telephony providers for a limited period, in order to produce the transcript, a written summary, and the lead's extracted answers. Transcripts and summaries are made available only to the site owner (in their WordPress dashboard and by email to their team). The AI agent identifies itself as an AI assistant at the start of each call.

Consent, and the site owner's responsibilities

HearBack only dials leads whose form submission included an affirmative consent (a checked consent box). Submissions without consent are logged as blocked and are never called.

The site owner — not HearBack — is the party with the direct relationship to the lead, and is responsible for complying with the telemarketing and consent laws that apply to them, including the TCPA in the United States and equivalent rules elsewhere: obtaining valid consent on their forms, using appropriate consent wording, and honoring do-not-call requests outside HearBack. HearBack additionally enforces calling hours (8 am–9 pm in the lead's local time) and maintains a per-site opt-out list; a lead who asks not to be called again during a call is opted out immediately and permanently for that site.

Service providers

We use a small number of infrastructure sub-processors to deliver the service: a telephony carrier (to provision phone numbers and connect calls), a voice-AI provider (to run the conversation and produce transcripts), cloud hosting and database providers, and an email delivery provider (to send call summaries to the site owner's team). Each receives only the data needed for its function.

Retention and deletion

Data belonging to site owners

For site owners themselves, we store the account email, site URL, wallet ledger and top-up records, phone number provisioning details, AI agent configuration, and — if calendar booking is enabled — an encrypted Google Calendar authorization used only to check availability and create events the owner asked for.

Security

API access is authenticated with per-site secret keys, calendar credentials are stored encrypted, and access to production data is limited to the operators of the service. No system is perfectly secure; if we become aware of a breach affecting personal data we will notify affected site owners without undue delay.

Your rights

Depending on where you live (for example under the GDPR), you may have rights to access, correct, delete, or restrict the processing of your personal data. Whether you are a lead who received a call or a site owner, write to us and we will act on your request or route it to the responsible site owner.

Contact

Questions, deletion requests, or complaints: trulocal.in@gmail.com.