Legal

Privacy Policy

Last Updated: 6/6/2026

1. Information We Collect

heyAstra ("we," "our," or "us") operates an AI-driven telephony and reception platform. We collect information you provide directly to us when opening an account, including your personal or business name, email address, phone number, and billing information.

Additionally, through the normal functioning of our service representing your business, we collect data inputted by your callers, including voice recordings, SMS logs, transcripts, and metadata associated with inbound/outbound communications.

2. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and optimize our AI Receptionist services.
  • Process transactions and send related billing information via our payment processor, Stripe.
  • Send technical notices, updates, security alerts, and support messages.
  • Generate call summaries, appointment logs, and intent tagging for your dashboard.
  • Ensure compliance with telecommunications regulations (e.g., Twilio A2P 10DLC).

3. Call Recordings, Transcriptions & AI Processing

heyAstra's core functionality relies on processing audio data. By utilizing our service, you acknowledge that inbound and outbound calls routing through our platform will be recorded and transcribed by our AI models (and subprocessors, such as Vapi or OpenAI) in real-time to generate responses and summaries.

It is your sole responsibility to ensure that you comply with all local, state, and federal wiretapping and recording laws (e.g., single-party or two-party consent requirements) applicable to your jurisdiction. You must inform your callers that they are interacting with an AI and being recorded, where required by law.

4. Third-Party Data Sharing & Subprocessors

We do not sell your personal data. We share data only with trusted third-party service providers necessary to operate the platform. These include:

  • Telephony & SMS Providers: Twilio or Vapi for routing calls and texts.
  • Payment Processors: Stripe for handling all secure financial transactions. We do not store full credit card numbers on our servers.
  • LLM Providers: OpenAI or Anthropic for processing voice transcripts into conversational responses. Data sent via API to these providers is strictly not used to train their public models.

5. SMS & Mobile Communications (A2P 10DLC Compliance)

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes.

All SMS opt-in data and consent records are excluded from any data sharing with third parties. This information will not be sold, rented, or disclosed to external parties under any circumstances.

How we collect SMS consent:

Website opt-in: When creating a heyAstra account, customers may optionally enter a mobile phone number on the signup form. If they do, a consent checkbox appears with explicit SMS opt-in language. The user must check the box and submit the form to opt in. Each consent is logged with timestamp and IP address.

Verbal in-call opt-in: During an AI-handled call, when a follow-up text would be helpful, the AI asks the caller for explicit verbal consent before sending any SMS. The exact script is: "Would it be okay if I sent you a quick text confirmation to this number? You'll be able to reply STOP at any time, and standard message and data rates may apply." No SMS is sent unless the caller affirmatively agrees. The consent exchange is preserved in the call recording and transcript.

Types of messages we send:

  • Account alerts — trial expiry, usage warnings, subscription updates
  • Security notifications — password reset confirmations
  • Appointment confirmations following a call
  • Business information requested by the caller (address, hours, etc.)
  • Quote and estimate summaries discussed during a call

Message frequency varies based on account activity.

Message and data rates may apply.

Reply STOP to unsubscribe at any time. You will receive one confirmation and no further messages.

Reply HELP for assistance, or contact us at support@heyastra.is.

For full details on our SMS opt-in process, see our SMS Consent & Opt-In page.

6. Data Retention and Deletion

We retain your account data, including transcripts and configurations, for as long as your account is active. Audio recordings may be subject to a rolling deletion policy to manage storage costs and enhance privacy. You may request the export or complete deletion of your data at any time by contacting support, subject to our legal obligations to retain certain billing metrics.

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Data Protection Officer at support@heyastra.is.