Privacy Policy – Optane AI

Last updated: December 26, 2025

This Privacy Policy describes how Optane AI (“Optane AI”, “we”, “us”, or “our”) collects, uses, processes, discloses, and safeguards information when you access or use our websites, dashboards, applications, AI-powered voice agents, integrations, and related services (collectively, the “Services”).

This Policy is intended to be transparent, comprehensive, and informative. It explains what data we handle, how and why it is processed, and the choices and responsibilities of our customers. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope & Definitions

This Privacy Policy applies to information processed by Optane AI in the course of providing its Services to business customers (“Clients”).

  • “Client” refers to a business entity or individual that registers for and uses Optane AI Services.
  • “End Users” refers to individuals who interact with a Client’s AI-powered voice agent (for example, callers to a business phone number).
  • “Personal Data” means information that identifies or relates to an identifiable individual, as defined under applicable data protection laws.

Optane AI primarily operates as a service provider / processor for its Clients. Our Clients determine how and why End User data is collected and used in the context of their own businesses.

2. Our Role & Data Responsibility

Optane AI provides infrastructure and software that enables businesses to deploy AI-powered voice agents. In most cases:

  • Our Clients are the data controllers of their own customers’ or callers’ Personal Data.
  • Optane AI acts as a data processor, processing data only on documented instructions from Clients and solely for the purpose of delivering the Services.

This distinction is important. Clients are responsible for providing appropriate notices to their End Users and for obtaining any necessary consents under applicable laws.

Zero-Retention Architecture: Optane AI operates using a strict zero-retention model. We do not store, log, or record call audio, call transcripts, or sensitive Personal Data generated during voice interactions. All call-related processing is ephemeral and occurs in real time only.

HIPAA-Compliant Configuration: Our infrastructure is configured to enforce HIPAA-aligned no-logging modes across all supported voice, transcription, and language model providers. Audio recording, transcript storage, and long-term logging are disabled by default at the source.

3. Information We Collect

We are committed to data minimization. The categories of information we collect depend on whether you are a Client or an End User interacting with a Client’s agent.

3.1 Client Account Information

When you register for an Optane AI account, we collect information necessary to create and manage your account, including:

  • Business name and business contact details
  • Owner or administrator name
  • Business email address and phone number
  • Authentication credentials (stored securely and hashed)
  • Plan selection, account status, and configuration preferences

This information is required to provide the Services and to communicate with you regarding your account.

3.2 Billing & Subscription Information

Billing and payment processing are handled by our payment provider (for example, Paddle, acting as merchant of record). Optane AI does not store full payment card details.

We may receive and store limited billing-related metadata, such as:

  • Subscription identifiers
  • Payment status and history
  • Invoice references
  • Plan pricing and renewal dates

3.3 Service Configuration & Integration Data

To operate AI agents on your behalf, we process configuration data that you provide or authorize, including:

  • Agent identifiers and configuration settings
  • Integration identifiers (for example, third-party API keys you provide)
  • Business operating hours, time zone, and routing preferences

3.4 End User Interaction Data (Limited & Transient)

When End Users call or interact with a Client’s AI voice agent, certain information may be processed transiently to provide the requested service, such as:

  • Call start and end times
  • Call duration and usage metrics
  • High-level outcomes (for example, whether an appointment was booked)

Important: Optane AI does not ingest, store, or retain raw call content, transcripts, audio recordings, voice biometrics, or sensitive Personal Data in its own databases. Only minimal, non-sensitive operational indicators required for billing and service reliability are retained.

3.5 Technical & Usage Data

We may collect limited technical data when you access our website or dashboard, such as:

  • IP address and device/browser type
  • Log-in timestamps
  • Basic diagnostic and performance logs

4. Data Processing & The "Zero-Retention" Standard

Optane AI maintains a strict Zero-Retention Architecture. We do not store, record, or persist call audio, transcripts, or voice biometrics after a call session terminates. Information is processed strictly as follows:

4.1 Ephemeral Processing (End User Data)

Conversational content is processed ephemerally in-memory by our sub-processors to facilitate real-time AI interaction. This data is never used for advertising, profiling, or model training and is purged immediately upon call termination.

4.2 Retained Metadata (Operational Logs)

To provide billing and analytics, we retain strictly non-content operational metadata:

  • Call Metrics: Duration (minutes/seconds) and timestamps.
  • Billing Data: Usage-derived costs and account identifiers.
  • Logical Outcomes: Categorical success status (e.g., "Appointment Booked: True").

4.3 Purpose of Processing

  • To maintain and operate the real-time AI voice interface;
  • To calculate billing based on consumption minutes;
  • To detect and prevent technical fraud or security issues; and
  • To comply with statutory audit and regulatory obligations under Indian and Australian law.

5. Legal Bases for Processing

When data protection laws require a legal basis, Optane AI relies on:

  • Contractual necessity – to provide Services under our Terms.
  • Legitimate interests – to secure and operate the Services.
  • Legal obligations – where required by law.

Clients are solely responsible for determining the lawful basis for processing their End Users’ data.

6. Data Retention & Deletion

Information is retained only as long as necessary to fulfill the purposes described in this Policy.

  • Call Data: Not retained. Purged immediately upon call termination (0-second retention).
  • Client account and billing data are retained while the account is active and for a reasonable period thereafter.
  • Usage and operational metrics are retained for billing and audit purposes only.

7. Third-Party Sub-Processors & Functional Infrastructure

Optane AI utilizes specialized third-party sub-processors to deliver high-performance voice services. To protect our proprietary technical architecture, these providers are disclosed by their functional role:

  • Real-time Voice Orchestration: Providers ensuring low-latency call routing and orchestration (configured in "No-Log" mode).
  • Large Language Models (LLM): Advanced AI models processing conversational intent via secure, non-training API endpoints.
  • Speech Synthesis & Transcription: Providers converting voice-to-text and text-to-speech ephemerally.
  • Operational Infrastructure: Secure cloud hosting, payment processing, and transactional communication providers.

A confidential list of specific brand-name sub-processors is available to Enterprise clients upon request via our Data Processing Addendum (DPA), subject to confidentiality obligations.

7.1 International Data Transfers (APP 8 & DPDP 2025)

In accordance with Australian Privacy Principle (APP) 8 andIndia’s DPDP Rules 2025, you acknowledge that while Optane AI is headquartered in India, ephemeral voice data is processed by sub-processors located in the United States.

We have taken reasonable steps to ensure these overseas recipients do not breach the APPs or DPDP standards by:

  • Strict Technical Enforcement: All data in transit is protected using TLS 1.2+ encryption and HTTPS protocols.
  • "No-Logging" API Parameters: We enforce strict API configurations that prohibit sub-processors from retaining, logging, or using call data for model training.
  • Temporal Limitation: Cross-border processing is strictly limited to the duration of the live interaction and the immediate window required for metadata computation.
  • Contractual Safeguards: We utilize sub-processors who maintain industry-standard security certifications (SOC2/HIPAA) compatible with global privacy expectations.

8. Security Measures

We implement reasonable technical and organizational measures, including access controls, encryption, and strict data minimization.

No system is completely secure. Clients are responsible for securing their own credentials and configurations.

9. Client as Final Approver & AI Transparency

Optane AI provides configuration and deployment services based on Client instructions. However, the Client acts as the Data Controllerand the Final Approver of all AI behaviors.

Clients are strictly responsible for:

  • Final Sign-Off: Reviewing and approving all AI prompts, knowledge base data, and "personas" prior to deployment. Deployment constitutes formal acceptance of the configuration.
  • Transparency Compliance: Ensuring that AI agents identify as automated assistants. Client agrees not to request configurations that circumvent mandatory AI-identification disclosures required by the 2025 Australian Consumer Law.
  • Lawful Basis: Providing all required notices to End Users and obtaining any necessary consents for voice interaction and ephemeral processing.
  • Content Accuracy: Ensuring the accuracy, legality, and suitability of all data supplied to the AI Knowledge Base.
  • Regulatory Adherence: Ensuring their specific use of the Service complies with sector-specific regulations (e.g., telemarketing laws or privacy torts).

10. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete Personal Data. Requests should be directed to the Client acting as data controller.

12. Indian DPDP Act 2025 Compliance & Rights

As an entity governed by the laws of India, Optane AI complies with theDigital Personal Data Protection (DPDP) Rules 2025. Individuals whose metadata is processed by our systems (Data Principals) are entitled to the following rights:

  • Right to Information: You may request a summary of the categories of personal data (metadata) we process and the identities of the sub-processors involved in such processing.
  • Right to Withdrawal: You may withdraw your consent for the processing of your data at any time. Given our Zero-Retention Architecture, withdrawal will result in the immediate termination of active processing sessions.
  • Right to Nominate: You have the right to nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity.
  • Grievance Redressal: We have appointed a Grievance Officer to address any concerns regarding data protection. You may lodge a formal grievance via support@optaneai.com.

In accordance with the DPDP Rules 2025, our Grievance Officer will acknowledge your request within 72 hours and provide a resolution within the statutory period, provided such request relates to data actually retained in our operational metadata logs.

11. Changes to This Policy

This Privacy Policy may be updated periodically. Updates are reflected by the “Last updated” date above.

12. Data Processing Addendum (DPA)

For enterprise Clients, a separate Data Processing Addendum (DPA) is available upon request. The DPA formally identifies sub-processors, breach notification procedures, and zero-retention enforcement.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us at:

Optane AI
Email: support@optaneai.com
Address: D-73 Vishal Nagar Society, Surat, India