Privacy Policy

Effective: April 27, 2026. This Privacy Policy explains how Omnify (operated by Elevate With AI) (“Omnify,” “we,” “us”) collects and processes personal information when you use our website, dashboard, APIs, and AI voice and messaging platform (the “Service”).

Roles — please read. Omnify is the Controller only of personal information about its own account holders (“Customers”). For all personal information about your end users (“Contacts”) that you upload, generate, capture, or process through the Service — including phone numbers, names, email addresses, call recordings, transcripts, and anything spoken or typed to your AI agents — you (the Customer) are the Controller / Business and Omnify is the Processor / Service Provider acting on your documented instructions. You alone are responsible for lawful basis, notice, and consent with respect to that data.

1. Information We Collect

1.1 Account & Customer information

name, business name, email, phone, role;
authentication identifiers (via Clerk);
billing information (processed by Stripe; we do not store full card numbers);
configuration data (assistant prompts, sequencer settings, integrations).

1.2 Contact information processed on your behalf

names, phone numbers, email addresses, and other CRM fields you upload;
call recordings, transcripts, voicemail, SMS bodies, and metadata generated when your AI agents interact with Contacts;
event metadata (call duration, outcome, timestamps, IP addresses of inbound callers via our telephony providers).

We process this category strictly to provide the Service to you. We do not sell it, do not use it to train third-party foundation models, and do not use it to market to your Contacts.

1.3 Technical & usage data

device, browser, OS, IP address, referrer, locale;
page views, feature usage, error logs;
cookies and similar technologies as described in Section 7.

2. How We Use Information

to provide, maintain, secure, and improve the Service;
to authenticate users and prevent fraud and abuse;
to process payments and manage subscriptions;
to provide customer support and respond to inquiries;
to comply with law and enforce our Terms of Service;
to communicate with Customers about product, security, and billing;
to generate aggregated, de-identified analytics that do not identify any individual.

3. Legal Bases (EEA / UK)

Where GDPR or UK GDPR applies, our legal bases for processing Customer information are: (a) performance of a contract with you; (b) our legitimate interests in operating, securing, and improving the Service; (c) compliance with legal obligations; and (d) consent where required. For Contact information, the Customer is the Controller and is responsible for establishing the lawful basis.

4. Sharing & Sub-processors

We share information only as follows:

Sub-processors who help us run the Service, bound by written data-processing terms. Current sub-processors include, without limitation: Vercel (hosting), Supabase (database), Clerk (authentication), Stripe (billing), VAPI (voice agent runtime), Twilio and/or Telnyx (telephony), OpenAI and Anthropic (AI models), Google (Calendar and OAuth), Calendly (scheduling).
Professional advisors (lawyers, auditors, accountants) under confidentiality.
Authorities when required by law, subpoena, court order, or to protect rights, safety, or property.
Business transfers in connection with a merger, acquisition, financing, or sale of assets.

We do not sell personal information as “sale” is defined under CCPA/CPRA, and we do not share personal information for cross-context behavioral advertising.

5. International Transfers

Personal information may be processed in the United States and other countries where our sub-processors operate. Where required, we rely on Standard Contractual Clauses, the UK IDTA, or other valid transfer mechanisms.

6. Retention

We retain Customer account information for as long as the account is active and for a reasonable period thereafter to comply with legal, tax, and audit obligations. We retain Contact information for the period instructed by the Customer or until the Customer deletes it through the Service. Backups are purged on a rolling cycle of up to 30 days. Aggregated, de-identified data may be retained indefinitely.

7. Cookies

We use strictly necessary cookies (authentication, security, load balancing) and a small number of analytics cookies to understand product usage. You can control cookies through your browser settings. Disabling strictly necessary cookies will break the Service.

8. Your Rights

8.1 If you are a Customer

Subject to applicable law, you may request access, correction, deletion, portability, or restriction of personal information we hold about you as a Customer; object to certain processing; and withdraw consent where processing is based on consent. Contact privacy@elevatewithai.com.

8.2 If you are a Contact

If you received a call, text, or message generated by an Omnify Customer and you wish to exercise data-subject rights (access, deletion, opt-out, do-not-call) or revoke consent, please contact the Customer who contacted you — they are the Controller of your data and can act on your request. If you cannot identify the Customer, email privacy@elevatewithai.com with the date, time, and originating phone number and we will make a reasonable effort to route your request to the appropriate Customer. We do not have authority to act on your request without the Customer’s instruction except as required by law.

8.3 California, Virginia, Colorado, Connecticut, Utah, Texas, and similar U.S. state rights

Eligible residents may have rights to know, access, delete, correct, port, opt out of sale or sharing, and opt out of certain profiling. We do not sell personal information and do not engage in cross-context behavioral advertising. To exercise rights as a Customer, email privacy@elevatewithai.com; to exercise rights as a Contact, see Section 8.2.

9. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, encryption at rest where supported by our infrastructure, role-based access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it.

11. AI Processing & Automated Decision-Making

The Service routes content (prompts, transcripts, recordings) to AI model providers under contracts that prohibit those providers from using the content to train their models. AI agents make conversational decisions in real time. To the extent any processing constitutes solely automated decision-making with legal or similarly significant effect, the Customer is responsible under GDPR Article 22 and equivalent laws for providing meaningful human review, notice, and the right to contest a decision.

12. Call Recording & AI Voice Disclosure

The Service can record calls and use synthetic voices. The Customer is responsible for delivering all legally required disclosures to Contacts, including two-party-consent recording disclosures, AI/synthetic-voice disclosures (such as those required by California SB 1001 and similar laws), and any disclosures required at the start of an outbound telemarketing call.

13. Data-Processing Addendum

Customers required to enter a Data-Processing Addendum (DPA) in order to use the Service in compliance with GDPR, UK GDPR, or CCPA/CPRA may request our standard DPA at privacy@elevatewithai.com. Our standard DPA is incorporated by reference into the Terms upon execution.

14. Changes to This Policy

We may update this Policy by posting a revised version with a new effective date. Material changes will be communicated by in-product notice or email. Continued use after the effective date constitutes acceptance.

15. Contact

Elevate With AI / Omnify — Privacy Office.
Email: privacy@elevatewithai.com

Last updated: April 27, 2026.