PRIVACY.

WHO WE ARE

Cocall is operated by RADISHAI, INC., a Delaware corporation. We run the website at cocall.ai, the hosted MCP server at cocall.ai/mcp, and the dashboard at cocall.ai/app. For anything in this policy, write to [email protected].

WHAT WE COLLECT

We collect the smallest set of data we need to place calls, bill you, and let you (or the AI agent acting on your behalf) review what happened on each call.

• Identity. Your email address; an OAuth identity assertion (name, email, avatar) if you sign in with Google or GitHub; a one-time magic-link token if you sign in by email; and the host-only session cookie we issue on cocall.ai.
• Phone numbers. The phone number(s) you verify as your caller ID via Twilio OTP, plus a record of when each was verified.
• Call metadata. The number you called, the recipient’s name (if you supplied one), the call objective, duration, status, end-of-call reason, and per-call cost.
• Call content. The conversation audio flows directly between Twilio's Conference Bridge and OpenAI's Realtime SIP termination; cocall additionally receives a forked copy of the recipient-side audio via Twilio Media Streams to power the dashboard live-listen feature. We also store the per-turn transcript and the call recording. Transcripts and recordings live in cocall-managed storage.
• Mid-call questions and answers. When the voice AI asks you a question during a live call, we store the question text, your answer, and the timestamps for both.
• Billing. Your Stripe customer identifier, your wallet ledger (topups, charges, refunds), and signed Stripe webhook receipts. We do not see or store your card number or CVV — those go to Stripe directly through their hosted Checkout.
• Operational logs. Server-side logs of API requests and errors, retained for a short security window. These are not user-facing analytics.

We do not set advertising cookies, run third-party analytics, or load tracking pixels. The only cookie we set is the host-only session cookie on cocall.ai (SameSite=Lax, HttpOnly, Secure).

HOW WE USE IT

• To place outbound calls on your behalf and route them through your verified caller-ID number.
• To show you transcripts, recordings, and summaries of your past calls in the dashboard.
• To bill you per minute of call time at the rate posted in your wallet.
• To send you transactional email (magic-link sign-ins, billing receipts) via Resend.
• To operate, secure, and improve cocall — including investigating abuse and fraud.

We do not sell your data. We do not share it with advertisers. We do not use your call content (audio, transcripts) to train AI models. Twilio carries call audio over PSTN/SIP, and OpenAI processes the audio in real time at the Realtime API's SIP termination.

DATA THE COCALL MCP SERVER RETURNS TO AI CLIENTS

Cocall exposes a remote MCP server at cocall.ai/mcp so AI agents (Claude, ChatGPT, Codex, Cowork, etc.) can place calls on your behalf after you complete an OAuth authorization flow. The agent only sees data you authorized it to see, and only the fields listed below.

TOOLS REGISTERED · FIELDS RETURNED

start_call · resume_call

Returns one of two shapes. While the call is awaiting your answer to a mid-call question: status, callId, pendingQuestions[] (with id, question, askedAt per question), and guidance. When the call ends: status, callId, and guidance — the agent then calls check_call_status for the full detail.

check_call_status

Returns the full call detail: callId, status, phoneNumber, recipient, callerName, objective, pendingQuestions[] (with id, question, askedAt), recordingUrl (Twilio API URL, account-auth required), recordingProxyUrl (cocall-hosted URL the agent can open from its authenticated session), endedReason, costUsd, createdAt, endedAt, listenUrl, takenOver, takenOverAt, architecture, modelUsed, fullTranscript.

end_call

Returns a confirmation that the call has been terminated and the call’s final status. The active start_call / resume_call wait then returns its ended result; the agent fetches the final detail via check_call_status.

list_recent_calls

Returns calls[] — an array of recent calls for your organization, newest first. Each row contains: id, status, recipient, objective, createdAt, endedAt.

We update this section any time we add or change an MCP tool. The audio data of a call is not returned through MCP as raw bytes — while the call is live, the optional listenUrl points to a browser page on cocall.ai (/live/{callId}) which streams the audio over an authenticated WebSocket from your signed-in session; agents do not open it. After the call ends, the recording is downloadable via recordingProxyUrl from the agent’s authenticated session, or via recordingUrl directly from Twilio with account auth.

WHO ELSE SEES IT

Cocall is built on top of a small set of third-party services. We name each of them by purpose so you can review their own privacy commitments alongside ours.

• Twilio — PSTN bridge, conference bridge, and verified-caller-ID OTP. Carries call audio between the recipient and OpenAI's SIP termination. Sees the caller and callee phone numbers, signaling metadata, and the call recording. (twilio.com privacy, sub-processors)
• OpenAI — voice AI. Processes call audio in real time at the Realtime API's SIP termination, generates the transcript, and emits tool calls (`send_question_to_boss`, `press_digits`). Cocall does not use call content to train AI models, and OpenAI's API does not train on customer data by default. (openai.com/privacy)
• Stripe — payment processor. We use Stripe-hosted Checkout, so your card number, expiry, and CVV go directly to Stripe and never reach cocall. We store only your Stripe customer ID and webhook receipts. (stripe.com/privacy)
• Resend — transactional email delivery (magic-link sign-ins, billing receipts). (resend.com privacy)
• Google & GitHub OAuth — identity providers, used only when you choose to sign in with one of them. We receive an identity assertion (name, email, avatar) and nothing else. (Google privacy, GitHub privacy)
• Cloudflare — TLS-terminating CDN and front door for cocall.ai. All HTTP traffic to cocall.ai terminates at Cloudflare before reaching our application origin, so Cloudflare sees request headers and IPs in the course of routing. (cloudflare.com privacy)
• Railway — cloud hosting for our application server, Postgres database, and Redis instance. (railway.com privacy)

We do not transfer your data to AI vendors (Anthropic, OpenAI, etc.) ourselves. When you connect cocall to an AI client like Claude or ChatGPT, the AI client pulls data from cocall using your authenticated MCP session — we don’t push it. What the AI client does with that data afterward is governed by that vendor’s own privacy policy.

HOW LONG WE KEEP IT

• Call recordings, transcripts, and metadata: kept while your account is active. Delete your account or email [email protected] and we’ll delete the call data on receipt.
• Wallet ledger: retained for up to 7 years to support tax and billing audits, even after you delete your account (anonymised where possible).
• Account data (your email, OAuth identity, verified phone numbers): retained until you delete your account.
• Operational logs: retained for a short security window, then deleted.

You can request earlier deletion at any time by emailing [email protected] — see § 07.

YOUR CONTROLS

• Access. You can see your calls, transcripts, recordings, billing ledger, and verified numbers in the dashboard at cocall.ai/app.
• Export. Email [email protected] and we’ll send you a portable copy of your call history.
• Deletion. Email [email protected] from your account address. We’ll delete your account, calls, transcripts, recordings, and verified numbers on receipt. We retain anonymized billing-ledger entries for tax-audit purposes per § 06.
• GDPR / CCPA rights. If you live in the EU, UK, or California, you also have specific rights to access, correct, port, or restrict processing of your data, and to lodge a complaint with your local supervisory authority. Email [email protected] to exercise any of these.

AI-PLACED CALLS · CONSENT & THE LAW

Cocall lets AI agents place real outbound phone calls. That carries specific legal obligations that you and cocall share — and which you should understand before placing a call.

You are the caller of record. When you (or an AI agent on your behalf) initiates a call through cocall, you are the legal caller. Under U.S. federal law — specifically the FCC’s February 2024 ruling that AI-generated voices fall within the Telephone Consumer Protection Act’s prohibition on artificial or prerecorded voice calls (FCC 24-17) and 47 CFR § 64.1200 — you must have the prior express consent of the called party. By using cocall, you warrant that you do.

Recording-consent law varies by state. Several U.S. states require all parties to a call to consent before the call can be recorded: California, Florida, Illinois, Maryland, Massachusetts, Pennsylvania, and Washington. If either you or the person you are calling is in one of these states, you are responsible for obtaining that consent.

What cocall does. To help you comply, every call placed through cocall opens with a disclosure spoken by the voice AI under cocall’s system-prompt Opening rule that (a) discloses the call is being recorded and (b) identifies the caller as an AI assistant. This satisfies one-party-consent regimes and Washington’s announcement clause. It does not substitute for the explicit consent that two-party-consent states require — that consent remains your responsibility.

Cocall is not lawful for marketing, robocalling, or unsolicited outreach. We monitor for abuse and will terminate accounts that violate the TCPA, our terms of service, or the FCC ruling above.

WHAT WE DO NOT ACCEPT

Do not place call objectives, transcripts, or any other data into cocall that contains:

• Payment-card data subject to PCI-DSS (full card number, CVV, magnetic-stripe data).
• Protected Health Information (PHI) as defined by HIPAA, unless we have a Business Associate Agreement in place with you (we currently do not).
• Government-issued identifiers (Social Security numbers, passport numbers, driver’s license numbers).
• Authentication secrets, including passwords, API keys, OAuth tokens, and session cookies.

If we discover restricted data of these kinds in your call content or metadata, we may redact or delete it without notice. If a regulator requires us to disclose it, we will notify you to the extent legally permitted.

SECURITY

If you discover a security vulnerability in cocall, please email [email protected]. We’ll acknowledge your report and work with you on coordinated disclosure. Please do not publish details of the vulnerability until we’ve had a reasonable opportunity to fix it. We do not currently run a paid bug-bounty program; we will, however, credit responsible reporters publicly with their permission.

We do not invite or authorize testing that disrupts cocall’s service for other users (denial-of-service, social-engineering of employees, or live-call interception). Authorized testing should target your own account only.

CHILDREN

Cocall is not directed at children under 13, and we do not knowingly collect personal data from anyone under 13. If you believe a child has signed up, email [email protected] and we’ll delete the account.

CHANGES TO THIS POLICY

When our practices change, we update this page and bump the “Last updated” date at the top. For material changes — new categories of data, new sub-processors with broad access, changes to retention — we will email active users in advance.

CONTACT

For anything in this policy — questions, deletion requests, exports, GDPR/CCPA data-subject rights, regulatory inquiries, complaints — write to [email protected].

RADISHAI, INC. · cocall.ai