Legal

Privacy Policy

Last Updated: 4/14/2026

1. Information We Collect

heyAstra ("we," "our," or "us") operates an AI-driven telephony and reception platform. We collect information you provide directly to us when opening an account, including your personal or business name, email address, phone number, and billing information.

Additionally, through the normal functioning of our service representing your business, we collect data inputted by your callers, including voice recordings, SMS logs, transcripts, and metadata associated with inbound/outbound communications.

2. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and optimize our AI Receptionist services.
  • Process transactions and send related billing information via our payment processor, Stripe.
  • Send technical notices, updates, security alerts, and support messages.
  • Generate call summaries, appointment logs, and intent tagging for your dashboard.
  • Ensure compliance with telecommunications regulations (e.g., Twilio A2P 10DLC).

3. Call Recordings, Transcriptions & AI Processing

heyAstra's core functionality relies on processing audio data. By utilizing our service, you acknowledge that inbound and outbound calls routing through our platform will be recorded and transcribed by our AI models (and subprocessors, such as Vapi or OpenAI) in real-time to generate responses and summaries.

It is your sole responsibility to ensure that you comply with all local, state, and federal wiretapping and recording laws (e.g., single-party or two-party consent requirements) applicable to your jurisdiction. You must inform your callers that they are interacting with an AI and being recorded, where required by law.

4. Third-Party Data Sharing & Subprocessors

We do not sell your personal data. We share data only with trusted third-party service providers necessary to operate the platform. These include:

  • Telephony & SMS Providers: Twilio or Vapi for routing calls and texts.
  • Payment Processors: Stripe for handling all secure financial transactions. We do not store full credit card numbers on our servers.
  • LLM Providers: OpenAI or Anthropic for processing voice transcripts into conversational responses. Data sent via API to these providers is strictly not used to train their public models.

5. SMS & Mobile Data Sharing (A2P 10DLC Compliance)

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. If your customers opt-in to SMS communication, their consent applies solely to communications originating from your business account.

6. Data Retention and Deletion

We retain your account data, including transcripts and configurations, for as long as your account is active. Audio recordings may be subject to a rolling deletion policy to manage storage costs and enhance privacy. You may request the export or complete deletion of your data at any time by contacting support, subject to our legal obligations to retain certain billing metrics.

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Data Protection Officer at support@heyastra.is.