logo

Privacy Policy

Last Updated: 03/03/2026

Boson AI (we, us, or our) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent demonstrations and related proof-of-concept experiences (the Service), including (in some demos) AI secretary call handling and SMS summaries.
We adhere to the principle of Data Minimization. Our Service is designed to function with the absolute minimum amount of user data necessary to demonstrate our technology. We do not build user profiles for advertising, nor do we sell your data.

1. Information We Collect

1.1 Information You Provide (Google Login)
We utilize Google OAuth to facilitate a secure and password-less login experience. When you choose to log in via Google, we collect strictly limited information from your Google Profile:
  • Name: We collect your name to personalize the user interface
  • Email Address: We collect your email address to create your unique account identifier and to communicate with you regarding critical service updates or security notices.
We do not collect or store your Google password. Authentication is handled entirely by Google's secure servers; we only receive an authentication token.
1.2 Voice and Audio Data (Transient Processing)
The core function of our Service is a voice chat agent. When you use the voice features:
  • Transient Processing: Your voice input is streamed to our processing servers solely for the purpose of generating an AI response.
  • No Long-Term Storage (Voice Playground): We do not store raw audio files or voice recordings on our servers after the immediate interaction is processed. The audio data is discarded once the conversation is complete. (Some proof-of-concept features, such as AI secretary call summaries, may involve retention of call-related data as described in Section 1.4.)
  • No Biometric Identifiers: We do not create, store, analyze, or maintain voiceprints, voice geometry, or any biometric templates capable of identifying you. The processing is strictly functional and not for identification or biometric surveillance.
1.3 Technical Usage Data
We may automatically collect certain anonymous information when you visit, use, or navigate the Service. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and the timestamp of your visit. This data is used primarily to maintain the security and operation of our Service, and for our internal analytics and reporting purposes.
1.4 Phone Number, Messaging, and Call Data (AI Secretary)
If you enable or participate in an AI secretary (or similar) proof-of-concept that involves phone calls and SMS summaries, we may collect and process:
  • Phone number and messaging preferences (including your opt-in/opt-out status).
  • SMS message content we send to you and related metadata (e.g., timestamps, delivery status).
  • Call metadata (e.g., the caller's phone number, time of call, and call duration).
  • Call content needed to provide the feature (e.g., transcripts and summaries). Depending on the configuration, we may also store call recordings or transcripts so you can access "call details" via a link.
Calls placed to an AI secretary-enabled line may be answered by an AI system and processed (including transcription and summarization) so that we can deliver a summary (and, where enabled, call details) to the account user who enabled the feature.

2. How We Use Your Information

We use the information we collect for the following legitimate business purposes:
  • To Provide the Service: To allow you to log in, interact with AI agents, and receive AI-generated responses (including, where enabled, call summaries).
  • To Send and Manage SMS Messages (where enabled): To send you SMS messages such as opt-in confirmations, call summaries, and support/administrative messages (e.g., HELP and STOP), and to honor opt-out requests.
  • To Comply with Telecom Requirements (where enabled): To support A2P/telecom compliance, reduce spam/abuse, and enforce our policies.
  • To Maintain Safety and Security: To monitor for fraud, jailbreaking, prompt injection attacks, or other malicious activity that threatens the integrity of our AI models.
  • To Communicate with You: To send you administrative information, such as changes to our terms, conditions, and policies.

3. Google User Data Policy Compliance

Boson AIs use and transfer to any other app of information received from Google APIs will adhere to the (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Specifically:
  • No Sale of Data: We do not sell your Google user data to third parties.
  • No Advertising: We do not use your Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • No Creditworthiness Checks: We do not use your Google user data to determine creditworthiness or for lending purposes.
  • Limited Transfer: We do not transfer your Google user data to third parties, except as necessary to provide or improve the user-facing features of the Service (e.g., hosting the app on a cloud provider), to comply with applicable laws, or as part of a merger, acquisition, or sale of assets where the successor entity agrees to respect this policy.
Human access to Google user data is prohibited unless:
  • We obtain your affirmative consent;
  • Access is strictly necessary for security purposes(e.g., investigating abuse, fraud, or technical issues);
  • Access is required to comply with the applicable law; or the data is aggregated and used internally in a way that does not identify any individual user.

4. Data Sharing and Third Parties

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
  • Service Providers: We may share your data with service providers, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include cloud hosting services (e.g., AWS) and AI model inference providers (if applicable).
  • Telephony and Messaging Providers (where enabled): If you use AI secretary or similar SMS/call features, we share necessary information (such as phone numbers, message content, and delivery metadata) with our communications providers (e.g., Twilio) and downstream carriers to deliver calls and text messages.
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
We never transfer Google user data except as permitted under the Google API Services User Data Policy.
4.1 SMS Program Disclosures
The following disclosures apply to our SMS messaging features (e.g., AI secretary call summaries):
  • Message frequency varies based on incoming calls and your settings.
  • Message and data rates may apply.
  • No mobile information — including phone numbers, SMS opt-in/opt-out data, and messaging consent records — will be shared with or sold to third parties or affiliates for their marketing or promotional purposes.
  • Carriers are not liable for delayed or undelivered messages.

5. Data Retention

  • Account Information: We retain your Name and Email Address only for as long as your account is active. If you request deletion of your account, this data is removed from our active databases.
  • Audio Data (Voice Playground): As stated in Section 1.2, raw audio data is processed transiently and is not retained at rest for the voice playground experience.
  • Messaging and Call Summary Data (where enabled): We may retain phone numbers, SMS logs (including message content and delivery metadata), call summaries/transcripts, and related call metadata for as long as needed to provide the feature, comply with legal/telecom requirements, and resolve disputes. If you delete your account or request data deletion, we will delete your phone number, SMS logs, call summaries, and related metadata, unless retention is required for legal or compliance purposes.

6. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:
  • Right to Access: You have the right to request a copy of the information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information.
  • Right to Rectification: You have the right to correct inaccurate information.
To exercise these rights, please contact us at the email provided below.
If you have opted into SMS messages, you can opt out at any time by replying STOP, and you can manage messaging preferences in your account settings where available.
Notice to California Residents (CCPA/CPRA):
For the purposes of the California Consumer Privacy Act (CCPA), we categorize our voice processing as Short-term, transient use. We do not sell or share your personal information as defined by the CCPA. We do not collect Sensitive Personal Information for the purpose of inferring characteristics about you. If you provide your phone number for the AI secretary feature, it is used solely to deliver call summary notifications and is not sold or shared for marketing purposes.

7. Childrens Privacy

The Service is not intended for use by children under the age of 18, as required by our Terms. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you become aware of any data we may have collected from children under age 18, please contact us.

8. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.
Where required by Google's OAuth verification program, we undergo security reviews or assessments to maintain access to sensitive or restricted OAuth scopes.

9. Changes to This Privacy Policy

We reserve the right to make changes to This Privacy Policy at any time and for any reason. We will alert you about any changes by updating the Last Updated date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

10. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: contact@boson.ai