Privacy Policy

This document is a template placeholder and must be reviewed by counsel before launch.

1. Who we are

Spelo, Inc. ("Spelo", "we", "our") provides a voice widget and supporting infrastructure for websites. This policy explains what data we collect, why, and how we handle it.

2. Data we collect

• Account data: name, email, company, billing details provided at signup.
• Site config: site IDs, allowed domains, database connection strings you configure (stored encrypted at rest).
• Usage data: voice minute counts, API call volumes, error logs. Used for billing and reliability.
• Audio: voice audio streams directly between the visitor's browser and OpenAI over WebRTC. Audio does not pass through our servers.
• Transcripts: optional. Disabled by default. If you enable them, transcripts are stored in your account region for 30 days.

3. How we use data

• To operate the service, bill accurately, and respond to support requests.
• To detect abuse, fraud, and security incidents.
• To improve reliability and performance of the widget.

We do not sell your data.

4. Subprocessors

We use a minimal set of infrastructure providers: Supabase (auth, database), OpenAI (voice model), Stripe (billing), Vercel (hosting), Cloudflare (edge). Updated list at /subprocessors.

5. Data retention

Account data is retained while your account is active, plus 90 days after deletion for legal and billing reasons. Usage logs are retained 12 months.

6. Your rights

You may request access, correction, export, or deletion of your data. Email privacy@spelo.ai — we respond within 30 days.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Production access is limited to a small engineering team with SSO + hardware keys. SOC 2 Type II report available under NDA.

8. Contact

Questions about this policy? Email privacy@spelo.ai .