OneCallFlow
Privacy policy
OneCallFlow limits data collected on this website to the demo, sales requests and service security.
Updated 25 June 2026
Who is responsible?
For the website, contact form and public demo, OneCallFlow acts as controller.
For calls handled for a client agency, the agency remains controller and OneCallFlow acts as processor under the client DPA.
Data processed
- Form: name, email, phone, company, message, language and request context.
- Voice demo: LiveKit session, selected agent, duration, and technical connection data.
- Security and abuse prevention: IP address and user agent transformed into salted server-side hashes.
- Email: delivery metadata if email notification is enabled.
Purposes
- Reply to demo or contact requests.
- Provide the requested voice demo.
- Limit abuse, spam and excessive use.
- Improve the website and service without training an AI model on client data.
Retention
| Data | Target retention | Comment |
|---|---|---|
| Sales requests | Up to 12 months after last contact | Deleted sooner on request where possible. |
| Demo sessions | 30 to 90 days | Used for security, abuse prevention and diagnostics. |
| IP/user-agent hashes | 30 to 90 days | Salted server-side hashes, not used for marketing tracking. |
| Agency client data | According to client DPA | Default: audio 30 days if enabled, transcripts 90 days, summaries 12 months. |
Recipients and processors
Recipients are OneCallFlow, its technical providers and, for client-agency calls, the relevant agency. Providers are listed on the Subprocessors page.
Your rights
You may request access, rectification, deletion, restriction, objection or portability where applicable. Contact: privacy@onecallflow.com.
You may also lodge a complaint with the CNIL.
Cookies and trackers
No advertising, retargeting or non-essential analytics tool is active at this stage. Technical anti-abuse data is not used for marketing tracking.