← Back to home

Privacy Policy

Last updated: April 29, 2026

Novadesk ("we," "us," or "our") operates the novadesk.ai website and the Novadesk AI voice receptionist platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Please read this policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: When you sign up, we collect your name, email address, business name, phone number, and billing information.
  • Business configuration: Services you offer, business hours, booking rules, greeting scripts, and other agent settings you configure.
  • Knowledge base entries: Information you add to train your AI agent (FAQs, service descriptions, policies).
  • Support communications: Messages and information you provide when contacting us for support.

1.2 Information Collected Automatically

  • Call data: When your AI agent handles a call, we collect the caller's phone number, call duration, call timestamps, and call direction (inbound/outbound).
  • Call transcripts: We generate and store text transcriptions of calls handled by your AI agent. These transcripts are used to provide the Service and are accessible through your dashboard.
  • Usage data: Minutes used, number of calls, agent activity, and feature usage for billing and analytics.
  • Technical data: IP address, browser type, and device information when you access the website or dashboard.

1.3 Information We Do Not Collect

  • Call audio recordings: We do not store or retain audio recordings of calls. Calls are processed in real-time through our voice pipeline (speech-to-text, AI response, text-to-speech) and audio is discarded after processing. Call audio is never used for model training.
  • Caller personal data beyond phone number: We do not independently collect personal information about your callers beyond what is captured in call transcripts and caller phone numbers.

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process calls through our AI voice pipeline
  • Generate call transcripts and analytics for your dashboard
  • Process billing and manage your subscription
  • Send appointment reminders, review requests, and other automated workflows you configure
  • Provide customer support
  • Send service-related communications (billing alerts, system updates, security notices)
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers: Third-party services that help us operate the platform, including:
    • Telnyx — telephony and call routing
    • Deepgram — speech-to-text transcription
    • Cartesia — text-to-speech voice synthesis
    • Stripe — payment processing
    • LLM providers (Cerebras, Groq, OpenAI) — AI response generation
  • Integrations you enable: If you connect third-party services (Google Calendar, HubSpot, etc.), we share relevant data as needed for those integrations to function.
  • Legal requirements: When required by law, subpoena, court order, or to protect our rights, safety, or property.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

4. Data Retention

  • Account data: Retained while your account is active and for 30 days after deletion.
  • Call transcripts: Retained for the duration of your subscription. You may request deletion at any time.
  • Billing records: Retained for 7 years as required by tax and financial regulations.
  • Usage analytics: Aggregated and anonymized data may be retained indefinitely for service improvement.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) for all data transmissions
  • Encryption at rest for stored data
  • API key authentication with SHA-256 hashing (keys are never stored in plaintext)
  • Tenant isolation — each client's data is logically separated and inaccessible to other clients
  • Regular security assessments

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. HIPAA Compliance

For healthcare clients on our Enterprise plan, we offer HIPAA-compliant configurations including a signed Business Associate Agreement (BAA), enhanced access controls, and audit logging. Call data for HIPAA-covered clients is handled in accordance with the Privacy Rule and Security Rule. Contact us at aravind@novadesk.ai for details.

7. TCPA Compliance

Our outbound calling features comply with the Telephone Consumer Protection Act (TCPA). Outbound campaigns are restricted to business hours (9am–5pm in the recipient's local timezone), and we maintain do-not-call list compliance. You are responsible for obtaining proper consent before using outbound calling features.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at aravind@novadesk.ai. We will respond within 30 days.

9. Cookies and Tracking

Our marketing website uses minimal tracking. We load fonts from Google Fonts, which may set cookies. We do not use advertising trackers or sell data to advertisers. Our application dashboard may use session cookies for authentication.

10. Children's Privacy

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect information from children. If you believe we have inadvertently collected such information, please contact us immediately.

11. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: