Callkom
Sectors Solutions Pricing FAQ
Language Français English
Appearance
FREN
Try for free
Home  /  Privacy Policy
Data protection

Privacy Policy

Last updated: 14 November 2025

Contents

Introduction 1. Processing covered 2. Callkom's role 3. Data collected and purposes 4. Recipients 5. Retention periods 6. Transfers outside the EU 7. Security 8. Your rights 9. Changing your choices 10. Policy changes

Introduction

At Callkom, we place particular importance on protecting your personal data.

The trust you place in us to host your business data and run your automated call flows rests first on the clarity of what we do with that data. We implement appropriate technical and organisational measures to ensure its security, confidentiality and integrity.

Our services (the callkom.io site, the SaaS platform and the AI phone agents) are aimed at a professional (B2B) audience and are not intended for minors. We apply minimisation, strict access controls and priority hosting in the EU, and frame essential flows with contractual safeguards compliant with the GDPR.

We process your data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable local law. Callkom operates at two processing levels: as a controller (site management, SaaS accounts, billing, support, security) and as a processor (when its clients use the platform for their own AI agents).

1. Processing covered

This policy applies to all processing carried out by Callkom in connection with: publishing and operating the callkom.io site; providing and using the SaaS platform; operating, on behalf of its clients, AI phone agent services (inbound and/or outbound calls); managing the commercial, contractual, support and billing relationship; and handling applications and requests sent to Callkom.

Data subjects

  • visitors and users of the site;
  • prospects requesting a demo or contact;
  • Callkom clients and their authorised staff;
  • people called by an AI agent operated on behalf of a client;
  • suppliers and business partners;
  • job applicants.

2. Callkom's role

Controller

Callkom acts in this capacity for its own purposes: site publishing and security, creating and managing SaaS accounts, contractual relationship and billing, B2B outreach (with a right to object), maintenance and improvement, handling rights requests sent directly.

Processor

When the client uses the platform to process their own files or deploy an AI agent that calls their contacts, Callkom acts as a technical processor, on the client's instructions. The client determines the purpose and legal basis towards the people called.

When Callkom directly receives a "do not contact me again" request, it identifies the relevant client and forwards the request without delay. Updating the database and stopping outreach is the client's responsibility.

3. Data collected and purposes

Site visitors and people who contact us

Data provided voluntarily (name, email, phone, company, role, message), browsing data (IP address, pages viewed, cookies), chat data. Purposes: responding to requests, arranging a demo, site security, audience measurement (per your cookie choices). Legal bases: legitimate interest and consent (non-essential cookies).

SaaS platform clients and users

Account data, agent settings, usage and logging data, billing data. Purposes: providing the service, securing access, managing the relationship and billing. Legal bases: contract performance, legitimate interest, legal obligation (billing).

People called by an AI agent

This data is most often provided by Callkom's clients (contact files, CRM, instructions). Callkom acts as a processor. May be processed: identity and contact details, call audio (if enabled), transcript, summary, metadata (date, time, duration). The legal basis towards the called person is determined by the client.

Prospects, applicants, suppliers

Business contact details and data necessary for the relationship, processed on the basis of legitimate interest, pre-contractual measures or contract performance as applicable.

4. Recipients

Your data is only accessible to authorised Callkom teams (support, technical, billing, sales), on a need-to-know basis. We use processors to operate certain components (hosting, authentication, telephony, emailing, payment, CRM, AI); they act on our instructions, with contractual confidentiality and security obligations. We do not sell your data to third parties for marketing without your explicit consent.

5. Retention periods

Callkom retains data only for as long as necessary for the purposes pursued, plus applicable legal periods.

CategoryPeriodBasis
Site visitors (excl. cookies)3 years after last contactB2B guidance
Prospects / commercial contacts3 years after last contactB2B guidance
Clients / users5 years after contract end; 10 years (accounting)Statute of limitations; accounting obligations
Applicants2 years after last contactRecruitment guidance
Suppliers / partners5 years after contract end; 10 years (accounting)Statute of limitations; accounting obligations
AI agent calls6 months (audio, transcript, summary) — up to 12 months if justifiedGuidance; security & traceability

6. Transfers outside the EU

Callkom processes and hosts data primarily within the European Union. Where certain essential technical components involve processing outside the EU/EEA, we apply GDPR-compliant safeguards: Standard Contractual Clauses (SCCs), supplemented where necessary by additional measures (minimisation, encryption, reduced retention); systematic minimisation of data transmitted — never the client's full database; and a preference, where available, for EU regional offerings or zero-retention options.

If the client connects the platform to their own tools (CRM, calendar, telephony), additional transfers are their responsibility and under their control. Where a competent authority makes a lawful request, Callkom transmits only the strictly required data and informs the client where permitted.

7. Security

Callkom implements appropriate technical and organisational measures (Art. 32 GDPR): staff awareness and least-privilege access management; incident response, backup/restore and notification procedures; secure authentication, passwords not stored in clear text, environment segmentation; traffic encryption (HTTPS/TLS), firewall, intrusion detection, antivirus; regular backups, proactive monitoring and security event logging; continuous updates and data-breach management processes.

8. Your rights

Under the GDPR, you have, as applicable, the rights of access, rectification, erasure, objection (notably to outreach), restriction, portability, and to set post-mortem instructions.

To exercise your rights: [email protected]. Please specify the right exercised, the scope concerned, a reply address and any details identifying the processing (e.g. date/time of a call). We respond within one month, extendable by two months for complex cases.

Where your data is processed on behalf of a client (e.g. you were called on behalf of a client company), that client is the controller: we forward your request and assist technically. If, after contacting us, you believe your rights are not respected, you may refer the matter to your local data protection authority.

9. Changing your choices

Outreach: unsubscribe link at the bottom of each email, or request to [email protected]. We keep a record of your unsubscription (opt-out list).

Cookies: you can configure your browser, withdraw your consent via the banner, or allow only strictly necessary cookies.

10. Policy changes

This policy may evolve (legal changes, new service or processor, changes in our security practices). For any substantial change, Callkom may inform you by any useful means. The most recent version is always the one available on callkom.io.

Callkom

We answer and call back for you. The AI voice agent for small businesses and trades, every sector.

Product

Solutions Pricing FAQ

Legal

AI Act 2026 Privacy Terms Legal notice

Contact

[email protected] +33 1 77 50 98 32
© 2026 Callkom · SAS · 96 rue Paradis, 13006 Marseille Conforme RGPD & AI Act · Hébergé en UE