Privacy Policy

When you use the Services directly (for example, signing up at teleperson.com), Teleperson is the "controller" or "business" with respect to your personal information. When a Teleperson business customer (an "Enterprise Customer") deploys the Services to interact with you, that Enterprise Customer is the controller/business and Teleperson processes your personal information as a service provider/processor on its behalf, in accordance with the agreement between us. In that case, this Policy supplements (and does not replace) the privacy notice provided by the Enterprise Customer, and rights requests should generally be directed to that Enterprise Customer.

Information you provide to us:

• Account & profile: name, email, phone number, password, and, for company representatives, company name, role, and business contact information.
• Service request & conversational data: the content of your interactions with our chat, email, voice, and SMS channels — messages, voice recordings and transcripts, attachments, account credentials you elect to share, and personal information necessary to resolve your request. Some of this information may be sensitive (financial, health, or government identifiers).
• Communications: information you provide when you contact us for support, submit feedback, or respond to surveys.
• Payment information: billing details. Card details are handled by our PCI-compliant payment processors; we do not store full card numbers.
• User content: files, screenshots, browsing context, and other materials you choose to upload or share with the Services.

Information we collect automatically:

• Usage information: pages and features you view, actions you take, session duration, error logs, and referring URLs.
• Device & connection: IP address, device identifiers, browser type and version, operating system, language, and approximate location derived from IP.
• Voice & telephony metadata: caller and called numbers, call duration, timestamps, call quality signals, and routing metadata generated by our voice agent infrastructure.
• SMS metadata: sender and recipient numbers, timestamps, delivery status, opt-in and opt-out events, and message content (see Section 4).
• Cookies and similar technologies: see Section 5.

Information from third parties and public sources:

• Enterprise Customers: when a company deploys Teleperson to serve you, that customer may provide us with information needed to identify and assist you.
• Identity, fraud, and enrichment providers: information from identity-verification, fraud-prevention, and data-enrichment partners to help secure accounts and improve service quality.
• Connected accounts and integrations: if you authorize a third-party connection (financial-data aggregator, calendar, CRM), we receive the data you authorize them to share.
• Advertising and analytics partners: aggregated audience information, attribution data, and event data, where lawful.
• Publicly available sources: company websites, business registries, professional directories, and social media (where you have made information public).

Sensitive personal information: in limited circumstances, the Services may process information that is treated as "sensitive" under applicable law — government-issued identifiers, financial account numbers and credentials, precise geolocation, account log-in credentials, the contents of communications where we are not a party, and audio recordings of your voice. We use sensitive personal information only to perform the Services you have requested, prevent fraud, and comply with law, and we do not use or disclose it to infer characteristics about you for advertising. We do not knowingly process biometric identifiers for the purpose of uniquely identifying an individual without separate, written consent where required by law.

We use the information we collect to:

• Provide, operate, secure, and maintain the Services.
• Authenticate users; prevent fraud, abuse, and unauthorized access; protect the rights, safety, and property of Teleperson, our customers, and the public.
• Process service requests and communicate with third-party companies on your behalf.
• Operate AI features (chat, voice, and SMS agents) — generating responses, summarizing interactions, evaluating safety, and improving the quality and reliability of model output.
• Send transactional messages (account, security, service updates) and, with your consent where required, marketing communications.
• Conduct research, analytics, and product development.
• Comply with legal obligations, respond to lawful requests, and enforce our agreements.

Legal bases (EEA / UK / Switzerland): where required, we rely on performance of a contract with you; our legitimate interests (securing the Services, preventing fraud, improving our products) where those interests are not overridden by your rights; your consent (which you may withdraw); and compliance with legal obligations.

The Services use machine learning and large language models to power chat, search, summarization, and conversational voice and SMS agents. Specifically:

• Voice-agent functionality is provided through our partner Vapi, which orchestrates real-time speech-to-text, model inference, and text-to-speech. Vapi processes audio and transcripts on our behalf as a sub-processor under contractual confidentiality and security obligations.
• SMS messaging is delivered through our partner Twilio, which transmits messages over carrier networks. Twilio processes phone numbers and message content on our behalf as a sub-processor.
• Underlying language and speech models are operated by enterprise AI providers (Anthropic, OpenAI, Google, ElevenLabs, and similar). We contract with these providers under terms that prohibit training their public foundation models on your inputs and outputs without our explicit instruction, and that bind them to confidentiality, security, and limited-retention obligations.

Model training: we do not use your conversational content to train third-party public foundation models. We may use the following for our own product evaluation and improvement, including evaluating model quality, safety, and routing:

• De-identified, aggregated, or properly anonymized data;
• Operational telemetry (latency, error rates, tool-call traces);
• Content where you (or, for Enterprise Customers, your administrator) have given us instruction to do so.

Output limitations: AI output may be inaccurate, incomplete, or unsuitable for a given purpose. Important decisions should be reviewed by a human. We do not make solely-automated decisions that produce legal or similarly significant effects on you without offering a human review where required by law.

Where you have opted in, Teleperson sends and receives SMS messages through Twilio for purposes such as account verification, transactional notifications, service-request updates, surveys, and conversational support.

• Information collected: the mobile number you provide, the content of inbound and outbound messages, timestamps, opt-in and opt-out events, and delivery and error metadata returned by carriers.
• Consent: you opt in by submitting your number through a Teleperson form, recorded verbal agreement on a call, or by texting a published keyword to our short or long code. Where required by the Telephone Consumer Protection Act ("TCPA") or analogous laws, we obtain prior express written consent before sending marketing or autodialed messages. Consent to receive SMS is not a condition of purchasing any product or service.
• Message frequency and cost: frequency varies based on your activity. Message and data rates may apply. Reply STOP to opt out at any time, or HELP for help. You may also email support@teleperson.com.
• Retention: SMS content and metadata are retained for up to 18 months to operate the service, troubleshoot issues, and meet legal and carrier-compliance obligations, after which records are deleted or de-identified, except where a longer retention period is required by law.
• No resale: we do not sell, rent, or share mobile numbers, opt-in data, or SMS content with third parties for their independent marketing purposes. Numbers and content are shared only with the sub-processors necessary to deliver the messages you have requested.
• Carriers: wireless carriers are not liable for delayed or undelivered messages.

We use cookies, local storage, pixels, software development kits, and similar technologies for the following categories of purposes:

• Strictly necessary: authentication, session management, fraud prevention, load balancing, accessibility. These cannot be disabled without breaking the Services.
• Functional: remembering preferences such as language, region, and UI state.
• Analytics: understanding how users engage with the Services so we can improve them.
• Marketing and advertising: measuring campaign performance and showing relevant content. We do not use marketing cookies on Enterprise-Customer-deployed surfaces unless the Enterprise Customer instructs us to do so.

Most browsers allow you to control cookies through settings. We honor browser-based opt-out signals, including the Global Privacy Control ("GPC") signal, where required by applicable law. For details and choices, see our Cookie Policy.

We share information in the following circumstances:

• With third-party companies (for service requests): the companies you ask us to contact on your behalf, with the information necessary to resolve your request.
• With sub-processors: vendors that process information under our written instruction, including Twilio (SMS), Vapi (voice agents), enterprise AI model providers, payment processors, cloud hosting (including Supabase), email delivery, analytics, and customer-support tooling. A current list of sub-processors is available on request to legal@teleperson.com.
• With Enterprise Customers: if your account is provisioned or paid for by an organization, we may share information with that organization, including usage and conversation records.
• For legal and safety reasons: when required by law, subpoena, or legal process; to enforce our terms; or to protect rights, property, or safety.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets.
• Aggregated or de-identified data: we may share aggregated or de-identified information that cannot reasonably be used to identify you.
• With your consent: otherwise, with your direction or consent.

No "sale" of personal information for money. We do not sell personal information for monetary consideration. Where applicable law treats certain advertising-related sharing (for example, the use of cross-site advertising cookies) as a "sale" or "share," you may opt out as described in Section 9 or by activating GPC in a supported browser.

Teleperson is headquartered in the United States and may process information in the United States and other countries where we or our sub-processors operate. Where required, we rely on appropriate transfer mechanisms (the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, the Swiss-US Data Privacy Framework, and supplementary technical and organizational measures) to safeguard cross-border transfers of personal information.

We retain personal information for as long as necessary to provide the Services and for the legitimate purposes described in this Policy. Typical retention periods include:

• Account and profile data — for the life of your account, plus up to 24 months after closure for legal, fraud, and dispute purposes.
• Service requests and conversational data — up to 24 months from completion, then deleted or de-identified.
• SMS content and metadata — up to 18 months (see Section 4).
• Voice recordings and transcripts — up to 12 months, unless an Enterprise Customer instructs a different retention period.
• Server logs and security telemetry — up to 13 months.
• Records required for tax, accounting, or other legal compliance — for the period required by law.

When we no longer need personal information, we delete or de-identify it using methods designed to prevent re-identification.

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for sensitive stores, role-based access controls, audit logging, secrets management, vulnerability scanning, secure software-development practices, employee security training, and incident-response procedures. Our security program is benchmarked against widely recognized frameworks such as SOC 2. No method of transmission or storage is fully secure, and we cannot guarantee absolute security. If we determine that a security incident has affected your personal information, we will notify you and applicable authorities as required by law. If you believe your account or information has been compromised, contact security@teleperson.com.

Depending on where you live, you may have rights regarding your personal information, including the rights to:

• Access, correct, or delete personal information we hold about you.
• Receive a copy of your information in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Opt out of "sale" or "sharing" of personal information and of targeted advertising, where applicable.
• Limit our use of sensitive personal information to what is necessary to provide the Services.
• Opt out of certain profiling that produces legal or similarly significant effects, where applicable.
• Lodge a complaint with your local data-protection authority.

To exercise these rights, email privacy@teleperson.com or use the in-product privacy controls. We will verify your request (typically by confirming control of the account email or phone number) and respond within the period required by applicable law (generally within 30–45 days). You will not be discriminated against for exercising your rights. Authorized agents may submit requests on your behalf with verifiable proof of authority. If we decline a request, you may appeal our decision by replying to our response with the word "Appeal" and a brief explanation; we will respond within the time required by law. If a Teleperson Enterprise Customer is the controller of your information, we will route your request to that customer and assist them in responding.

This section supplements the rest of this Policy and applies to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA").

Categories of personal information collected: in the past 12 months, we have collected the following categories described in Cal. Civ. Code § 1798.140 — identifiers (name, email, phone, IP address, account identifiers); customer-records information (billing details); commercial information (transactions and service-request history); internet or other electronic network activity (usage and device information); geolocation (approximate, derived from IP); audio and electronic information (call recordings and transcripts; SMS content); professional or employment information (for company representatives and applicants); and inferences drawn from the foregoing. With your consent or as necessary to provide the Services, we may collect "sensitive personal information," such as account log-in credentials, financial account information, precise geolocation (where you provide it), the contents of certain communications, and audio recordings of your voice.

Sources, purposes, and disclosures: we collect this information from the sources described in Section 1, use it for the purposes described in Sections 2–5, and disclose it for the business purposes and to the categories of recipients described in Section 6.

Sale or sharing: we do not sell personal information for monetary consideration. We may "share" personal information for cross-context behavioral advertising on our public marketing pages where you have not opted out. You can opt out by emailing privacy@teleperson.com or by enabling GPC in a supported browser.

Sensitive personal information: we do not use or disclose sensitive personal information beyond the purposes permitted by Cal. Civ. Code § 1798.121.

Your rights: California residents have the rights to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and to non-discrimination. To exercise these rights, see Section 10. Authorized agents may submit requests with proof of authority.

If you are a resident of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, New Hampshire, New Jersey, Indiana, Tennessee, or another U.S. state with a comprehensive privacy law, you may have additional rights under those laws (including the rights to access, correct, delete, port, opt out of targeted advertising, sale, and certain profiling, and to appeal a decision on your request). The procedures in Section 10 apply. We do not engage in profiling that produces legal or similarly significant effects without offering an opt-out where required.

If you are located in the EEA, the United Kingdom, or Switzerland, you have rights under the GDPR, UK GDPR, and the Swiss Federal Act on Data Protection, including the rights to access, rectify, erase, restrict, object, and port your personal information; to withdraw consent without affecting the lawfulness of prior processing; and to lodge a complaint with your local supervisory authority. The legal bases on which we rely are described in Section 2. Cross-border transfer mechanisms are described in Section 7. The data controller is Teleperson, Inc., reachable at privacy@teleperson.com.

The Services are not directed to, and we do not knowingly collect personal information from, children under 13 (or under 16 in the EEA/UK). If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

If you apply for a role at Teleperson, we collect the information you submit (resume, contact details, work history, references, eligibility-to-work documentation, and assessment results) and use it to evaluate your application, communicate with you, comply with employment laws, and improve our recruiting processes. We retain applicant information for up to two years from the close of the role unless a longer period is required by law or you ask us to keep your information for future opportunities.

The Services may contain links to, or interact with, third-party websites, applications, and services that we do not control. This Policy does not apply to those third parties; please review their privacy notices.

We may update this Policy from time to time. If changes are material, we will provide notice (for example, by posting on this page or by email) before they take effect. The effective date at the top reflects the most recent revision.

Questions about this Policy or our privacy practices? Contact privacy@teleperson.com or write to Teleperson, Inc., Attn: Privacy, at the address listed on our website. For security issues, contact security@teleperson.com.