Privacy Policy

1. Introduction

Welcome to QuorumVoice ("we," "us," or "our"), a product of Distinct Perspective, LLC. QuorumVoice is a multi-tenant communication intelligence platform that captures, transcribes, categorizes, and logs phone calls, voicemails, SMS messages, and emails for organizations such as HOA boards, property management companies, small businesses, schools, and nonprofits.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, visit our website at quorumvoice.com, or interact with communications managed through QuorumVoice. By using our services, you agree to the practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Information You Provide Directly

Account information: Name, email address, phone number, organization name, and role when you create an account or are invited to an organization.
Billing information: Payment details processed through our billing provider, Stripe. We do not store credit card numbers directly on our servers.
Contact information:Names, phone numbers, email addresses, and other details you add to your organization's contact directory.
Communication content: Emails you compose and send, SMS messages you draft, and notes you attach to contact records.

2.2 Information Collected Automatically

Call recordings: Inbound and outbound phone calls recorded through our platform with appropriate consent and disclosure.
Call metadata: Call duration, timestamps, caller ID, dialed numbers, call disposition, and call flow events.
Transcripts:Automated transcriptions of call recordings and voicemails generated through Deepgram's Nova-3 speech-to-text engine.
SMS messages: Inbound and outbound SMS message content, timestamps, and delivery status.
Email metadata: Sender, recipient, subject lines, timestamps, and message content for emails processed through connected accounts.
Device and usage data: IP address, browser type, operating system, referring URLs, pages visited, and interaction patterns with our platform.

2.3 Information from Third-Party Sources

Email providers:When you connect your organization's email account (Microsoft 365 or Gmail) via OAuth, we access email messages and metadata as authorized.
Telephony provider: Call detail records, SMS delivery reports, and recording files from our telephony infrastructure provider, Telnyx.

3. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our communication intelligence platform.
Record, transcribe, and categorize phone calls and voicemails for your organization.
Process and deliver SMS messages in compliance with applicable regulations.
Sync and display emails from connected email accounts in your unified communication timeline.
Generate AI-powered classifications, summaries, and insights from your communications.
Create searchable embeddings of communication content for semantic search functionality.
Link communications to the correct contact records and maintain per-contact unified timelines.
Process billing and manage your subscription.
Send transactional notifications about your account and service updates.
Enforce our terms of service and comply with legal obligations.
Detect, investigate, and prevent fraudulent or unauthorized activity.

4. Call Recording & Transcription

QuorumVoice records and transcribes phone calls as a core feature of the platform. We take call recording compliance seriously:

Two-party consent: All calls processed through QuorumVoice include an automated recording disclosure at the beginning of the call, informing all parties that the call may be recorded. This disclosure plays before any conversation begins.
Recording storage: Call recordings are stored securely in private storage buckets and accessed only via time-limited signed URLs. Recordings are never publicly accessible.
Transcription:Recordings are automatically transcribed using Deepgram's Nova-3 speech-to-text engine. Audio is sent directly to Deepgram for processing (not routed through Telnyx) and is not retained by Deepgram after transcription. Transcripts are stored alongside call records in your organization's data.
Access controls: Only authorized members of your organization can access call recordings and transcripts, subject to role-based permissions.
Voicemail: Voicemail messages are recorded, transcribed, and categorized using the same secure pipeline as live calls.

5. AI Processing

QuorumVoice uses artificial intelligence to enhance the value of your communications data:

Classification:We use Anthropic's Claude language model (accessed via the Vercel AI Gateway) to automatically categorize communications by topic, urgency, and sentiment.
Summarization: AI-generated summaries of calls, voicemails, and email threads are created to help your team quickly understand communication content.
Embeddings:We generate vector embeddings of communication content using OpenAI's embedding models (accessed via the Vercel AI Gateway) to power semantic search across your organization's communications.
Data isolation: AI processing is performed on a per-organization basis. Your data is never used to train AI models and is not shared with or accessible to other organizations on the platform.
Gateway routing: All AI/ML requests are routed through the Vercel AI Gateway, which provides an additional layer of security, observability, and access control. We do not send data directly to AI provider APIs.

6. Third-Party Services

We rely on trusted third-party service providers to operate our platform. These providers process data on our behalf under strict contractual obligations:

Supabase: Database hosting, user authentication, file storage (including call recordings), and real-time data synchronization. All tenant data is isolated using row-level security policies.
Vercel: Application hosting, serverless function execution, and AI Gateway routing for all AI/ML operations.
Telnyx: Telephony infrastructure including call control, call recording, SMS messaging, phone number provisioning, and 10DLC compliance for US A2P messaging.
Deepgram: Speech-to-text transcription via the Nova-3 engine. Audio is sent directly to Deepgram (not through Telnyx) and is not retained after transcription is complete.
Resend: Transactional email delivery for outbound email communications.
Anthropic: AI language model provider (Claude) for communication classification and summarization, accessed exclusively via the Vercel AI Gateway.
OpenAI: Embedding model provider for semantic search vector generation, accessed exclusively via the Vercel AI Gateway.
Stripe: Subscription billing, payment processing, and customer portal management. Stripe processes all payment transactions.

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

Within your organization: Communication data is shared among authorized members of your organization based on their assigned roles and permissions.
Service providers: With the third-party providers listed above, solely to provide and maintain our services.
Legal requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.
With your consent: We may share information with third parties when you have given explicit consent.

8. Data Security

We implement robust security measures to protect your information:

Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL.
Encryption at rest: Sensitive data including OAuth tokens and organizational identifiers are encrypted using database-level vault encryption.
Row-level security: All tenant data in our database is protected by row-level security policies ensuring strict organizational isolation. Users can only access data belonging to their own organization.
Access controls: Role-based access control (superadmin, owner, admin, member, viewer) governs what actions users can perform and what data they can access within the platform.
Private storage: Call recordings and sensitive files are stored in private storage buckets and accessed only through time-limited signed URLs.
Webhook security: All inbound webhooks are verified using provider-specific signature validation, and endpoints are designed to be idempotent to prevent duplicate processing.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we continuously review and improve our security practices.

9. Data Retention

We retain your information as follows:

Account data: Retained for the duration of your active account and for a reasonable period after account closure to comply with legal obligations.
Call recordings:Retained according to your organization's configured retention policy. Default retention is 12 months from the date of recording unless your plan or applicable law requires a different period.
Transcripts and summaries: Retained for the same duration as their associated call recordings.
SMS messages:Retained for the duration of your organization's subscription and subject to your configured retention settings.
Email data: Email metadata and content synced from connected accounts are retained while the email integration remains active.
Billing records: Retained as required by applicable tax and financial regulations.

You may request deletion of your data at any time by contacting us at privacy@quorumvoice.com.

10. Your Rights

Depending on your location, you may have certain rights regarding your personal information:

10.1 General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data under certain circumstances.
Right to restrict processing: Request that we limit how we use your personal data.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing of your personal data for certain purposes.
Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

10.2 California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

Right to know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, and the purposes for collection.
Right to delete: Request deletion of your personal information, subject to certain exceptions.
Right to opt-out of sale: We do not sell personal information. However, you have the right to opt-out if this ever changes.
Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
Right to correct: Request correction of inaccurate personal information.
Right to limit use of sensitive personal information: Request that we limit our use of sensitive personal information to what is necessary for providing the services.

To exercise any of these rights, contact us at privacy@quorumvoice.com. We will respond to verifiable requests within 30 days (GDPR) or 45 days (CCPA).

11. SMS & TCPA Compliance

QuorumVoice sends and receives SMS messages on behalf of organizations using our platform. We are committed to compliance with the Telephone Consumer Protection Act (TCPA) and related regulations:

Opt-out handling: We maintain opt-out records for all contacts. When a contact opts out of SMS communications, we immediately honor that request and suppress all future outbound SMS to that number.
10DLC compliance: All SMS messaging through QuorumVoice is conducted via registered 10-digit long code (10DLC) campaigns in compliance with carrier requirements for application-to-person (A2P) messaging in the United States.
Consent records: Organizations using QuorumVoice are responsible for obtaining proper consent from their contacts before sending SMS messages. Our platform provides tools to track and manage consent status.
Message content: All SMS messages sent through QuorumVoice include required identification and opt-out instructions as applicable.

12. Cookies & Tracking Technologies

We use cookies and similar technologies to:

Essential cookies: Maintain your authentication session, remember your preferences, and enable core platform functionality. These cookies are strictly necessary and cannot be disabled.
Analytics cookies: Understand how visitors interact with our marketing website to improve our content and user experience.

We do not use advertising cookies or third-party tracking pixels. For more information, see our Cookie Policy.

13. Children's Privacy

QuorumVoice is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe that a child under 13 has provided us with personal information, please contact us at privacy@quorumvoice.com.

14. International Data Transfers

QuorumVoice is operated from the United States. If you are accessing our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms, to ensure your data receives an adequate level of protection.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify registered users via email or through an in-app notification.
Where required by law, obtain your consent before applying material changes to how we process your data.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy inquiries: privacy@quorumvoice.com
Legal inquiries: legal@quorumvoice.com
Company: Distinct Perspective, LLC

For GDPR-related inquiries, you also have the right to lodge a complaint with your local data protection supervisory authority.