Privacy Policy & Terms
Comprehensive data protection framework for Syncora Systems Voice AI Infrastructure
01Introduction
Syncora Systems ("we," "our," or "the Company") operates an enterprise-grade Voice AI infrastructure platform designed for B2B lead qualification, appointment scheduling, and autonomous customer engagement. This Privacy Policy governs all data processing activities related to our AI-powered voice automation services.
Given the sensitive nature of voice data and biometric information, we maintain the highest standards of data protection in compliance with GDPR, CCPA, HIPAA (where applicable), and emerging AI governance frameworks.
By accessing our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you are accepting on behalf of an organization, you represent that you have the authority to bind that organization.
02Voice Data & Biometrics
Voice recordings may constitute biometric data under certain jurisdictions (e.g., Illinois BIPA, Texas CUBI). We process such data with enhanced protections.
Collection: We collect and process voice recordings during AI-mediated telephone interactions. This includes inbound and outbound calls processed through our Voice AI agents.
Purpose: Voice data is processed for:
- Real-time speech-to-text transcription
- Intent recognition and conversational AI routing
- Quality assurance and service improvement
- Training and fine-tuning of AI models (with consent)
- Compliance monitoring and dispute resolution
Voiceprint Analysis: We do not create persistent biometric voiceprints for identification purposes. Voice characteristics are processed transiently for real-time interaction only.
03AI Processing Disclosure
Syncora Systems utilizes advanced artificial intelligence technologies to deliver our voice automation services:
Large Language Models (LLMs)
We leverage state-of-the-art LLMs for natural language understanding, context retention, and dynamic response generation.
Neural Text-to-Speech (TTS)
Advanced neural TTS engines synthesize human-like voice output with natural prosody and intonation.
Automatic Speech Recognition (ASR)
Real-time speech-to-text conversion with support for multiple languages, accents, and domain-specific terminology.
Intent Classification
Machine learning models classify caller intent to route conversations and trigger appropriate workflows.
Automated Decision-Making: Our AI systems make real-time decisions during calls (e.g., scheduling appointments, qualifying leads). Humans can review and override these decisions upon request.
04Call Recording Consent
The Client (your organization) is solely responsible for obtaining legally sufficient consent from end-users before AI-mediated calls are initiated or received.
Two-Party Consent Jurisdictions: In states such as California, Florida, Illinois, Pennsylvania, and others requiring all-party consent, Clients must ensure:
- Clear disclosure that the call is being recorded
- Explicit notification that an AI system is being utilized
- Opportunity for the caller to opt-out or request a human agent
AI Disclosure Requirements: Several jurisdictions now mandate disclosure when a caller is speaking with an AI. Our platform supports configurable disclosure prompts at the beginning of each call.
Indemnification: Clients agree to indemnify Syncora Systems against any claims arising from failure to obtain proper consent or provide required disclosures.
05Data Retention Policy
| Data Type | Retention Period | Post-Retention Action |
|---|---|---|
| Voice Recordings | 90 days | Permanent deletion |
| Call Transcripts | 180 days | Anonymization or deletion |
| Interaction Metadata | 365 days | Aggregation for analytics |
| AI Training Data | Until consent revoked | Deletion upon request |
| Account Information | Duration of contract + 7 years | Archival or deletion |
Custom Retention: Enterprise clients may negotiate custom retention periods. Shortened retention is available upon request; extended retention requires additional data processing agreements.
06Third-Party Processors
We share data with carefully vetted third-party processors under strict contractual obligations:
Telecommunications Providers
SOC 2 CERTIFIEDVoice call routing, SIP trunking, and phone number provisioning. Data shared: Call metadata, audio streams (encrypted).
AI Model Providers
DPA IN PLACELLM inference, speech recognition, and text-to-speech synthesis. Data shared: Anonymized prompts, audio segments (encrypted).
Cloud Infrastructure
ISO 27001Secure compute, storage, and database services. All data encrypted at rest and in transit.
Data Processing Agreements: All third-party processors are bound by Data Processing Agreements (DPAs) that mandate GDPR-equivalent protections, breach notification, and audit rights.
07Security Measures
We implement enterprise-grade security controls to protect your data:
ENCRYPTION AT REST
AES-256-GCM
All stored data encrypted with hardware security module (HSM) managed keys.
ENCRYPTION IN TRANSIT
TLS 1.3
All network communications secured with latest TLS protocol and perfect forward secrecy.
ACCESS CONTROL
Zero-Trust RBAC
Role-based access with MFA, SSO integration, and principle of least privilege.
MONITORING
24/7 SOC
Continuous security monitoring, intrusion detection, and incident response.
Incident Response: We maintain a documented incident response plan. In the event of a data breach, affected parties will be notified within 72 hours as required by GDPR.
Certifications: Our infrastructure maintains SOC 2 Type II certification, and we conduct annual penetration testing by independent security firms.
08GDPR Compliance
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we comply fully with the General Data Protection Regulation:
- Right of Access (Art. 15): Request a copy of all personal data we process about you.
- Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data ("Right to be Forgotten").
- Right to Restrict Processing (Art. 18): Limit how we use your data.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing for direct marketing or legitimate interests.
- Rights Related to Automated Decisions (Art. 22): Request human review of AI-made decisions.
Data Protection Officer: Contact our DPO at dpo@syncora.ai
09California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to know what personal information is collected, used, and disclosed.
- Right to delete personal information held by us and our service providers.
- Right to opt-out of the sale or sharing of personal information.
- Right to correct inaccurate personal information.
- Right to limit use of sensitive personal information.
- Right to non-discrimination for exercising CCPA rights.
We Do Not Sell Personal Data: Syncora Systems does not sell personal information to third parties as defined under CCPA.
Authorized Agents: You may designate an authorized agent to submit requests on your behalf with proper verification.
10Terms of Service
By using Syncora Systems services, you agree to the following terms:
- Use our AI technology exclusively for lawful business purposes.
- Not use our services for fraud, impersonation, harassment, or deceptive practices.
- Comply with all applicable telecommunications, AI disclosure, and privacy laws.
- Maintain the confidentiality of API keys, credentials, and account access.
- Not attempt to reverse-engineer, decompile, or extract our proprietary AI models.
- Obtain all necessary consents before using voice cloning features.
- Not use our platform to process data of minors under 18 without parental consent.
Termination: Violation of these terms may result in immediate suspension or termination of services without refund.
11Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, SYNCORA SYSTEMS PROVIDES SERVICES "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR GOODWILL.
OUR TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE FEES PAID BY YOU IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.
12Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or business operations.
Notification: Material changes will be communicated via email to your registered address and/or prominent notice on our platform at least 30 days before taking effect.
Acceptance: Continued use of our services after the effective date of changes constitutes acceptance of the updated policy.
13Contact Information
For questions about this Privacy Policy, data requests, or our privacy practices: