Privacy Policy
How Kallina AI collects, uses, and protects your personal data in compliance with GDPR and applicable privacy laws.
Table of Contents
1. Introduction
This Privacy Policy explains how MEGA PROMOTING S.R.L. ("Kallina AI", "we", "us", or "our"), operating at kallina.info, collects, uses, discloses, and safeguards your personal data when you use our Voice AI platform and related services.
We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), the Republic of Moldova Law 133/2011 on personal data protection (and upcoming Law 195/2024), and other applicable privacy laws.
Data Controller:
MEGA PROMOTING S.R.L.
IDNO: 1019600021765
IT Park Resident, Moldova
Email: contact@kallina.info
Phone: +373 61 066 888
2. Personal Data We Collect
We collect the following categories of personal data:
2.1 Account Information
- Identity data: Full name, company name, job title
- Contact data: Email address, phone number, business address
- Account credentials: Username, password (encrypted/hashed)
- Billing data: Payment information, billing address, tax ID (IDNO/VAT)
2.2 Voice AI Service Data
- Call recordings: Audio recordings of voice interactions (with consent)
- Transcripts: Text transcriptions of voice calls
- Conversation logs: Chat messages, AI responses, conversation metadata
- Caller information: Phone numbers, call timestamps, call duration
Important: Voice recordings may constitute biometric data under GDPR Article 9. We process this data only with explicit consent and appropriate safeguards.
2.3 Technical Data
- Device information: IP address, browser type, operating system
- Usage data: Pages visited, features used, time spent on platform
- Cookies and similar technologies: Session cookies, analytics cookies (see Cookie Policy)
- Log data: Server logs, error reports, API usage
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data only when we have a valid legal basis:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and management | Contract performance | Art. 6(1)(b) |
| Providing Voice AI services | Contract performance | Art. 6(1)(b) |
| Voice recording and transcription | Explicit consent | Art. 6(1)(a) + Art. 9(2)(a) |
| Billing and invoicing | Contract performance / Legal obligation | Art. 6(1)(b) / Art. 6(1)(c) |
| Customer support | Legitimate interest | Art. 6(1)(f) |
| Analytics and service improvement | Legitimate interest | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
4. How We Use Your Data
We use your personal data for the following purposes:
- Service delivery: To provide, maintain, and improve our Voice AI platform
- Account management: To create and manage your account, process payments
- Customer support: To respond to inquiries and provide technical assistance
- AI training: To improve our AI models (only with explicit opt-in consent)
- Analytics: To understand usage patterns and improve user experience
- Communications: To send service updates, security alerts, and (with consent) marketing
- Legal compliance: To comply with applicable laws, regulations, and legal processes
- Security: To detect and prevent fraud, abuse, and security incidents
5. Data Sharing and Third Parties
We share personal data with the following categories of recipients:
5.1 AI and Cloud Service Providers
- OpenAI (USA): For AI language processing - Data Processing Agreement in place with Standard Contractual Clauses (SCC)
- Anthropic (USA): For Claude AI processing - DPA with SCC
- Google Cloud Platform (EU/USA): Cloud infrastructure - DPA with EU data residency
- ElevenLabs (UK/USA): Text-to-speech synthesis - DPA with SCC
5.2 Business Partners
- Payment processors: For secure payment handling (GDPR-compliant)
- Analytics providers: For service analytics (data anonymized where possible)
- Customer support tools: For support ticket management
5.3 Legal Requirements
We may disclose data when required by law, court order, or government request, or to protect our rights, safety, or property.
6. International Data Transfers
Some of our service providers are located in the United States or other countries outside the European Economic Area (EEA) and Moldova.
Safeguards for transfers to USA:
- Standard Contractual Clauses (SCC) approved by the European Commission
- Transfer Impact Assessments (TIA) conducted for each transfer
- Data minimization and pseudonymization where possible
- Encryption in transit (TLS 1.3) and at rest (AES-256)
You can request a copy of the applicable SCCs by contacting us.
7. Data Retention
We retain personal data only as long as necessary for the purposes described:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 3 years | Contract, legal obligations |
| Voice recordings | 90 days (configurable) | Service delivery, quality assurance |
| Transcripts | 1 year (configurable) | Service delivery, analytics |
| Billing records | 7 years after transaction | Legal/tax requirements |
| Analytics data | 26 months (anonymized after) | Service improvement |
| Marketing consent | Until withdrawn + 3 years | Compliance proof |
| Security logs | 1 year | Security monitoring |
After retention periods, data is securely deleted or anonymized.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right to access (Art. 15): Request a copy of your personal data
- Right to rectification (Art. 16): Correct inaccurate or incomplete data
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Right to restrict processing (Art. 18): Limit how we use your data
- Right to data portability (Art. 20): Receive your data in a machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest or for marketing
- Right to withdraw consent (Art. 7): Withdraw consent at any time
- Right to lodge a complaint (Art. 77): Complain to your supervisory authority
To exercise your rights: Email contact@kallina.info with subject "Data Rights Request" or use our self-service portal. We respond within 30 days.
9. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access control: Role-based access, multi-factor authentication
- Infrastructure: EU-based servers, SOC 2 compliant providers
- Monitoring: 24/7 security monitoring, intrusion detection
- Training: Regular employee security awareness training
- Auditing: Regular security audits and penetration testing
10. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately for deletion.
11. Changes to This Policy
We may update this Privacy Policy periodically. Significant changes will be notified via email and/or prominent notice on our website. Continued use after changes constitutes acceptance.
Review this policy regularly. The "Last Updated" date at the top indicates the most recent revision.
12. Contact Us
Data Controller:
MEGA PROMOTING S.R.L.
IDNO: 1019600021765
IT Park Moldova
Contact for Privacy Matters:
Email: contact@kallina.info
Phone: +373 61 066 888
Supervisory Authority (Moldova):
National Centre for Personal Data Protection (CNPDCP)
Website: https://www.datepersonale.md
Email: centru@datepersonale.md
For EU residents: You may also contact your local data protection authority.
Questions About This Policy?
If you have any questions about this privacy policy, please contact us.
contact@kallina.info