Privacy Policy

1. Introduction

1.1 This Privacy Policy (“Policy”) explains how Kickcall and its Affiliates, Next Brand Online Inc. (“Kickcall”, “we”, “our”, or “us”) processes, collects, uses and protects Personal Data (defined below) of individuals who use our services, including our platform, websites (e.g., Kickcall.ai) and other online offerings (jointly, the “Services”).

1.2 This Policy also explains your rights and choices about how we use your Personal Data, and how you can access or update certain information about you. In this Policy, “Personal Data” means any information relating to an identified or identifiable individual, such as name, address, telephone number, or email address. In certain jurisdictions, this may also be referred to as “Personal Information”.

2. Scope and Applicability

2.1. This Policy applies where Kickcall acts as a data controller, including when we offer our Services, products, and platforms to individual users.

2.2. This Policy does not apply when we act as a service provider/data processor for enterprise/. business customers and provide them our Services and process Personal Data on their behalf, and the same is governed by customer agreements and data processing agreements.

2.3. Where a customer is a covered entity or business associate under HIPAA, or otherwise requires PHI to be processed, Kickcall will enter into a Business Associate Agreement (BAA) or Data Processing Agreement (DPA) as applicable. Kickcall implements administrative, physical, and technical safeguards to meet HIPAA Security Rule requirements — including access controls, encryption in transit and at rest, audit logging, and breach response procedures — and will flow down equivalent obligations to sub processors through written agreements. Customers requiring HIPAA-compliant services should request a BAA from legal@kickcall.ai before transmitting PHI.

3. Categories of Personal Data We Collect

3.1. We collect the following categories of Personal Data

1. Contact Details such as name, email address, phone number, address, contact preferences.
2. Text and Audio Input that you choose to share with us or input into our Services to generate audio response, as well as any Personal Data that you may decide to include in your text.
3. Audio Recordings and Voice Data (such as data about your voice) to provide Services to you.‍
4. Feedback and communication details that you provide when you contact us. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services. If you respond to a survey, we will capture your responses and any other Personal Data you provide.
5. Payment related details when processed via third parties such as Stripe, and billing address, credit/debit card or banking information or other financial information. Please consult Stripe's privacy policy here.
6. As permissible by applicable law, we may ask you to provide verification of your identity to use our Services. 
7. Device, location, and usage information automatically collected through Cookies and similar technologies.
8. Publicly available information from third parties for verification, analytics, and AI training, where permitted by law.
9. Other Information: We may collect other information you may provide to us when you use our alpha or beta products and services, participate in our responsible disclosure program, attend events hosted by us, interact with us online or offline, or confirm your identity. Some of these services may have additional terms.

3.2. Personal Data We Collect from Third Parties

1. Information from Third Parties: Where permitted by applicable laws, we collect publicly available information from third-parties to enable the training of our AI Agents and systems.
2. Third-Party Logins: If you choose to register or log in to our Services using your account with third parties, we receive Personal Data about you from such third parties, such as your name, email address, username, and profile picture.
3. Information from Service Providers: We may receive information that you have shared with certain third-party service providers, for example in relation to our verification / background checks, such as ‘Know Your Customer’ (KYC) and ‘Anti-Money Laundering’ (AML) checks.

4. Categories of Personal Data We Collect

4.1. Kickcall processes Personal Data for purposes including providing, maintaining, and improving our Services; ensuring security and compliance; fulfilling contractual obligations; and, where applicable, legitimate interests not overridden by your rights. When required by law, we rely on your consent.

4.2. The table below describes the purposes for which we process your Personal Data when acting as a data controller and the legal bases for such processing. When we rely on legitimate interest as the legal grounds to process your Personal Data, you have the right to object to that processing using the online form set out in Section 9 (“Your Rights”). Please note that where the legal bases specified are not applicable in your country, we will rely on consent or other available grounds to process your Personal Data.

4.3. We only rely on our or a third party's legitimate interests to process your Personal Data when we determine that these interests are not overridden by your rights and interests.

4.4. Data Minimization and Purpose Limitation: Kickcall limits data collection to the minimum required to achieve defined purposes. Personal Data used for analytics or AI model improvement is pseudonymized and aggregated wherever feasible.

4.5. Personal Data and Kickcall Voice AI Agent Services: Kickcall uses Voice Data to provide its voice services, including speech-to-speech services. For voice modeling, when you provide us with your Voice Data, we utilize AI-based technologies that analyse your voice and provide the AI generated response. We do not use Voice Data to infer characteristics about an individual or to profile or target consumers.

4.6. Personal Data and Kickcall Training AI Agents: Kickcall uses Voice Data to help our AI Agents about patterns and connections in speech and audio content and to improve our Services. We do not use Voice Data, Personal Data, or publicly available data used for training to profile or target consumers.

4.7. AI Model Training Disclosures. Kickcall may use de-identified and aggregated data to improve its AI models. No confidential or enterprise data will be used for training without explicit consent. AI Model outputs may be reviewed by authorized human personnel for evaluation and safety purposes.

4.8 Content Moderation and User Suspension. Kickcall does not undertake to review all content and expressly disclaims any duty or obligation to monitor or review content. However, to maintain the integrity and security of your data, and for fraud prevention purposes, Kickcall reserves the right to moderate all voice and text data input into Kickcall tools and voice or other outputs. In certain circumstances, Kickcall may share your inputs or outputs, which may include Personal Data, with third parties to support the content moderation and safety initiatives. Users found to have engaged in activity that violates the Prohibited Use Policy may be subject to termination or suspension under the applicable Terms of Service.

5. Data Recipients

5.1. Your Personal Data may be shared with

1. Kickcall’s Affiliates and for the purpose of this Privacy Policy, “Affiliates” means, any entity that is directly or indirectly controlled by, or is under common control with Kickcall. For this purpose, “control” means the ownership or control, directly or indirectly, of more than fifty percent (50%) of the voting interests or equity in such entity, or the power to direct the management or policies of such entity, whether through ownership, contract, or otherwise.
2. third-party vendors and service providers who provide services such as verification/background checks, content moderation, website hosting, data analysis, advertising, information technology and related infrastructure provision, customer service, email delivery, auditing, and payment processing.
3. third parties with whom, we may jointly develop, promote or offer products and features with other companies or partners which may require providing access to your Personal Data for the purpose of (a) providing, maintaining, or supporting the services you requested, (b) analyzing and improving our services, and (c) marketing, advertising and other promotional activities. Certain services and features may allow you to display or share information with third parties. For example, you may share files or outputs or send information to third-party applications. Be sure you trust any third party with whom you share information.
4. Enforcement Agencies, Regulators or Public Authorities or any Court of Lawas Required By Law and Similar Disclosures: We may access, preserve, and disclose your Personal Data with law enforcement agencies, regulatory bodies, and public authorities or pursuant to the exercise of legal proceedings if we believe doing so is required or appropriate to (a) comply with law enforcement requests and legal process, such as a court order or subpoena; or (b) protect your, our, or others' rights, property, or safety. For the avoidance of doubt, the disclosure of your Personal Data may occur if you use our Services to create any objectionable content.
5. service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell, liquidate, or transfer all or a portion of our assets.
6. any other Personal Data Recipients with your prior consent.

6. International Data Transfer

6.1. Our Services are hosted in the US and Canada. This means we may transfer your Personal Data outside your country, state, or province of residence, depending on your location at that time. Regardless of your location, all Personal Data may be transferred to Canada and the United States for storage.

6.2. The data will be transferred for the time required to fulfil the purpose for which it is processed. It can be shared with our service providers and Kickcall’s Affiliates for the purposes listed in Section 4. In such cases, Kickcall is the controller of the data, and the service providers are processors.

6.3. We may transfer personal data to the following categories of recipients:

6.4. Depending on where you are, we apply appropriate protections when we transfer your Personal Data to such countries. For more information about how we transfer Personal Data, or to obtain a copy of the contractual safeguards we use for such transfers, you may contact us using the contact details indicated in the “Contact Us” section below.

6.5. Please note that the data protection laws in the locations where we transfer or process data may differ from those in your area. While the data is in another jurisdiction, it may be accessed by the courts, law enforcement, and national security authorities of that jurisdiction.

6.6. International Data Transfers: Where personal data is transferred from the European Economic Area or the UK to jurisdictions that do not provide an adequacy decision, Kickcall relies on Standard Contractual Clauses (SCCs) or other lawful mechanisms to safeguard the transfer.

6.7. Kickcall complies with international data protection laws including the GDPR, CCPA, LGPD, and India DPDP Act 2023. Kickcall relies on Binding Corporate Rules (BCRs), or other lawful mechanisms for cross-border data transfers. Kickcall will cooperate with data protection authorities and supervisory agencies in all jurisdictions of operation.

Customers may request a copy of the applicable safeguards by contacting privacy@kickcall.ai

7. Data Retention

We take measures to delete your Personal Data or keep it in a form that does not permit identifying you when this information is no longer necessary for the purposes for which we process it unless we are required or permitted by law to keep this information for a longer period. When determining the specific retention period, we consider various factors, such as the type of service provided to you, the nature and length of our relationship with you, and mandatory retention periods provided by law and any relevant statute of limitations. Kickcall will not keep data it generates about your voice longer than 3 years after your last interaction with us, except as required by law.

8. Your Cookie Choices

8.1. Cookies, pixel tags, SDKs, or similar technologies (“Cookies”) are technologies used to collect information about users and their activities on a website. We and our third-party partners, such as analytics and advertising partners, may collect information about you using Cookies to collect information about your online activities over time and across different services.

8.2. The information collected via Cookies may include information such as unique identifiers, system information, IP address, web browser, device type, and the web pages that you visit just before or just after you use the Services, as well as information about your interactions with the Services, such as the date and time of your visit, and where you have clicked. 

8.3. Types of Cookies: We may use both session Cookies and persistent Cookies. A session Cookie disappears after you close your browser. A persistent Cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. Cookies we or our third-party partners place may fall under one of the following purposes:

1. Strictly Necessary Cookies:  Cookies that are essential to make our Services available to you, for example, to provide login functionality or to identify bots who try to access our website. These Cookies cannot be disabled as we cannot provide you with the Services without this type of Cookie.
2. Performing & Analytics Cookies: Cookies for website and app analytics purposes to support operation, maintenance, and improvement of our Services. We may use our own analytics Cookies or third-party analytics providers, such as Google Analytics, to collect and process certain analytics data on our behalf and understand how you engage with our Services. You can learn about Google's practices by going to https://www.google.com/policies/privacy/partners/.
3. Targeting & Marketing Cookies: Cookies that may be ours or our third-party partners and support us and our advertisers in serving relevant advertising on our sites as well as sites that are not owned or operated by us to promote our services, articles, or events. The Cookies are used to make advertising messages more relevant to you and your interests or prevent the same ad from continuously re-appearing.

8.4. Depending on the country in which you are located, you may be asked to provide your consent for our use of Cookies (except for strictly necessary Cookies). In addition, you have the following choices concerning the use of Cookies.

1. Browser Settings. Certain web browsers allow you to manage your preferences relating to Cookies. You can set your browser to refuse Cookies or delete certain Cookies. Please note that if you choose to block all Cookies, doing so may impair the use of our Services.
2. Google Analytics Opt-out. To opt out from Google Analytics' use of information collected on the Services through Cookies, you can download the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
3. Third Party Advertising Companies' Opt-Out. We work with third party advertising partners to show you ads that we think may interest you. Some of our advertising partners are members of the Network Advertising Initiative or the Digital Advertising Alliance. If you do not wish to receive personalized ads, please visit their opt-out pages to learn about how you may opt out of receiving web-based personalized ads from member companies. You can access any settings offered by your mobile operating system to limit ad tracking, or you can install the AppChoices mobile app to learn more about how you may opt out of personalized ads in mobile apps.
   

9. Your Rights

9.1. Data Subject Rights

Depending on where you are located or reside, you may have certain rights regarding the Personal Data we maintain about you and certain choices about what Personal Data we collect from you, how we use it, and how we communicate with you.

1. Access Your Personal Data: Receive confirmation of processing and request access to the Personal Data we maintain about you. Most of your Personal Data can be accessed and exported by logging into your account. Where provided by applicable law, you may request that we include a description of the purpose of the processing of your personal data, third parties with which your data has been shared, and information regarding the safeguards for international data transfer.
2. Correct Your Personal Data: Request to update and correct inaccuracies in your Personal Data. Most of your Personal Data can be accessed and corrected by logging into your account and accessing your account settings.
3. Delete Your Account: Request to close your account by submitting your request using ‘contact us’.
4. Delete Your Personal Data: Request that Kickcall delete all Personal Data we maintain about you including your account and the Voice Data associated with your account. Where provided by applicable law, you may request that your Personal Data be anonymized rather than deleted. Upon verified deletion requests, Kickcall deletes all user data including cached, backup, or redundant copies within ninety (90) days, unless retention is legally mandated.
5. Restrict or object to processing of your Personal Data, where applicable.
6. Request Portability of Your Personal Data: Request to transfer your Personal Data to another authorized organization.
7. Withdraw Consent: You may withdraw any consent you previously provided to us regarding the processing of your Personal Data at any time. We will apply your preferences going forward and this will not affect the lawfulness of the processing before you withdraw your consent.
8. Opt-out of Processing Your Data for Training: You may opt out of our use of your Personal Data for training at any time by contacting us.
9. Unsubscribe from Marketing Communications: You may unsubscribe from receiving marketing communications at any time by contacting us.
10. In addition to the rights listed above, you may also have the right to lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.
11. Automated Decision-Making and Profiling: Users have the right to request human review of any automated decision that produces legal or significant effects. Kickcall does not deploy AI models for decision-making without human oversight where legally required.

9.2. United States Residents

Residents of certain U.S. states, including California, Connecticut, Colorado, Utah, Virginia, Oregon, Montana, or Texas, have additional privacy rights disclosures regarding their Personal Data, as described below. In certain U.S. states, you have the following rights in addition to those listed in Section 9.1:

1. Sale of Personal Information, Sharing for Cross-Context Behavioural Advertising, and Targeted Advertising: When we share Personal Data through our targeting Cookies or with vendors that provide advertising services to us, that is considered a sale or sharing for cross-context behavioural advertising or targeted advertising under certain U.S. state privacy laws. You can opt out of the sale of your Personal Information, including the sharing of your Personal Information for targeted or cross-contextual behavioural advertising by clicking 'Modify Cookies' in the website footer and adjusting your settings.
2. The following types of Personal Data may be processed for purposes of targeted advertising, and may have been “shared” or “sold” in the 12 months prior to the last modified date of this Privacy Policy:
   1. Online Identifiers: IP address; unique identifier;
   2. unknown advertising vendors (e.g., affiliate marketing companies, tracking technology providers); and
   3. Parties to a corporate transaction (e.g., if we are involved in the purchase, sale, lease, or other acquisition of our systems containing personal information). 
   Due to the fact that our services are intended for users age 18 or over, we do not knowingly “sell” or “share” Personal Information of individuals under the age of 18.

9.3. Do Not Track

Our platform, solution, websites and apps are not designed to respond to “do not track” requests from browsers.

9.4. How to Exercise U.S. State Privacy Rights

California and other U.S. state residents may exercise their privacy rights (including the right to opt-out of “sale” or “sharing” for cross-context behavioral advertising) by visiting our privacy preference center at https://kickcall.ai/cookie-settings or by submitting a request to privacy@kickcall.ai. We will honor opt-outs within 30 business days of receipt, and where required by law provide a way to designate an Authorized Agent to submit requests on your behalf.

10. Third Parties

Our Services may contain links to other websites, products, or services that we do not own or operate. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

11. Security

11.1. We implement reasonable security measures to secure and protect your Personal Data. The up-to-date list of measures along with relevant audit certifications can be obtained at: https://compliance.Kickcall.ai/. We note that, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information, to the extent permitted by applicable law.

11.2. Data Breach Notification: If Kickcall becomes aware of an unauthorized access to Personal Data that materially compromises the confidentiality, integrity, or availability of such data, Kickcall will notify affected parties and appropriate supervisory authorities without undue delay and, in any event, within 72 hours of confirming the incident when required by applicable law. Notification will include the nature of the breach, the categories of data affected, remedial measures taken, and recommended next steps.

11.3. Kickcall conducts Privacy Impact Assessments (PIA) and Algorithmic Impact Assessments (AIA) before launching new AI-driven features or data processing activities.

11.4. Kickcall adheres to a Zero Trust Security Model and implements industry-standard encryption protocols (AES-256 for data at rest and TLS 1.3 for data in transit).

11.5. Kickcall maintains a responsible vulnerability disclosure program for security researchers.

11.6. Kickcall’s information security practices align with SOC 2 Type II and ISO 27001 certifications.

12. Privacy by Design and Default

Kickcall implements Privacy by Design and Default principles by embedding data protection and security considerations into every stage of product development and Service delivery. All systems and processes are structured to ensure that only the minimum necessary Personal Data is collected and processed for defined purposes, using appropriate technical and organizational safeguards such as encryption, access controls, and pseudonymization. By default, privacy-protective settings are applied to all Personal Data, and any additional processing occurs only with explicit user consent.

13. Children’s Privacy

Our Services are not intended for or directed at children under the age of 18 and Kickcall does not knowingly collect, store, or process Personal Data from children under the age of 18. If you are under the age of 18, you are not permitted to submit any Personal Data to us for any Service. If we become aware that we have inadvertently received Personal Data from a child under the age of 18, we will delete that information from our records. Additionally, all users are strictly prohibited from uploading, transmitting, emailing, or otherwise making Voice Data from children under the age of 18 available to us or other users or using them for any of our Services. If you believe we may have inadvertently processed such Personal Data, please contact us at legal@Kickcall.ai.

14. Additional Information About Biometric Data

Biometric Data and Explicit Consent. Certain Services may process biometric identifiers (including Voiceprints) for identity verification. By electing to use biometric features, you expressly consent to the collection, processing, and retention described herein. Kickcall will only process biometric data for the explicit purposes disclosed at collection and will retain such data no longer than necessary (default retention: up to 3 years after the last interaction), unless a different period is required by law. Where applicable (for example, laws similar to Illinois’ BIPA), Kickcall will obtain explicit consent and provide procedures to access, correct, or delete biometric data. To exercise these rights, contact privacy@kickcall.ai.

15. Sub-processor Transparency

Kickcall maintains an up-to-date public list of sub-processors available at its compliance portal. Kickcall will provide at least thirty (30) days' notice before onboarding any new sub-processor and allow customers to object where permitted.

16. Transparency Reports

Kickcall publishes periodic transparency reports detailing government data requests, AI model usage summaries, and content moderation metrics.

17. Data Subject Access and Portability API

Kickcall provides automated tools and APIs enabling users to export their personal data in structured, commonly used formats (e.g., JSON, CSV).

18. Updates to this Policy

We may periodically update this Privacy Policy. If there are significant changes, we will notify you as required by law.

19. DisputeResolution and Governing Law

19.1. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to its conflict-of-law rules.

19.2. Good Faith Negotiation

In the event of a dispute or claim arising under these Terms, the parties shall first attempt to resolve the issue through good faith discussions and negotiations within fifteen (15) days of written notice.

19.3. Mediation

If the dispute remains unresolved after good faith negotiations, the parties agree to attempt resolution through mediation administered by the ADR Institute of Canada or another mutually agreed mediator, to take place in Toronto, Ontario.

19.4. Arbitration

If mediation fails, the dispute shall be finally resolved by binding arbitration under the Arbitration Act, 1991 (Ontario). The arbitration shall be conducted in English by a single arbitrator appointed by mutual agreement or, failing such agreement, by the ADR Institute of Canada. Kickcall may designate alternate governing law or arbitration forums for international users where appropriate. The arbitrator’s decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction.

19.5. Class Action Waiver

You agree not to participate in class, collective, or representative legal actions against Kickcall; disputes must be resolved individually.

20. Contact Us

For any questions regarding this Policy or our processing of your Personal Data, please contact our Data Protection Officer at legal@kickcall.ai  or write us at:

Data Protection Officer: Next Brand Online Inc., 6^th Floor, 8 Nelson St. W, Brampton, ON, Canada, L6X 1B7

You may exercise your rights under applicable law by using this contact us. Before fulfilling your request, we may ask you to provide reasonable information to verify your identity. Please note that applicable law may provide for exceptions and limitations to each of these rights.