Phone StackPhone Stack

Privacy Policy

Last updated: April 16, 2026

1. Introduction

Phone Stack Corp. ("Phone Stack," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI cold calling platform, website, and related services (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, phone number, and billing information. This information is necessary to provide our Service.

Contact Data

You may upload contact lists containing names, phone numbers, email addresses, company names, and other business information for use in your calling campaigns. You are responsible for ensuring you have the right to use this contact data for outbound calling.

Call Recordings and Transcripts

Our Service records phone calls made through the platform. These recordings are transcribed and analyzed by AI to generate call summaries, sentiment analysis, and campaign analytics. Call recordings are stored securely and retained according to the retention schedule described below.

Usage Data

We automatically collect information about how you use our Service, including pages visited, features used, campaign configurations, and performance metrics. We use cookies and similar technologies for analytics and to improve the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your calling campaigns and generate analytics
  • Train and improve our AI models (using aggregated, de-identified data only)
  • Send you service-related communications
  • Process payments and manage your subscription
  • Comply with legal obligations, including TCPA and DNC regulations
  • Detect and prevent fraud, abuse, and security incidents

4. Call Recording and TCPA Compliance

Phone Stack records all calls made through the platform for quality assurance, compliance, and analytics purposes. Our Service automatically provides appropriate disclosures regarding call recording as required by applicable state and federal law. You are responsible for complying with all applicable telemarketing laws, including the Telephone Consumer Protection Act (TCPA) and state-specific regulations.

5. Data Retention

We retain your data as follows:

  • Account data: Retained for the duration of your account plus 30 days after deletion
  • Call recordings: Retained for 90 days by default, configurable up to 1 year
  • Call transcripts and summaries: Retained for the duration of your account
  • Contact data: Retained for the duration of your account, deleted within 30 days of account closure
  • Analytics data: Retained in aggregated, de-identified form indefinitely

6. Data Sharing

We do not sell your personal information. We may share your data with:

  • Service providers: Third-party services that help us operate (cloud hosting, payment processing, telephony providers, AI model providers)
  • Legal compliance: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, audit logging, and regular security assessments. However, no method of transmission or storage is 100% secure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Opt out of certain data processing activities

To exercise these rights, contact us at privacy@phonestack.com.

9. Google User Data (Gmail & Google Calendar)

Phone Stack offers optional integrations that allow you to connect your Google account so the Service can send emails on your behalf and schedule calendar events as part of your calling workflows. When you connect your Google account, Phone Stack accesses your Google user data only with your explicit consent via Google's OAuth 2.0 flow.

9.1 Scopes We Request and Why

  • https://www.googleapis.com/auth/gmail.send — used solely to send emails from your connected Gmail account (for example, meeting confirmations, follow-ups, and callback confirmations triggered by your AI call agent). We do not read, modify, delete, or otherwise access your inbox, drafts, labels, or any other Gmail content.
  • https://www.googleapis.com/auth/calendar.events — used to create calendar events (such as booked meetings) on the calendar you authorize. We only create or modify events created by Phone Stack.
  • https://www.googleapis.com/auth/calendar.freebusy — used to check your availability before proposing meeting times to your prospects. We only access busy/free windows, not event details.
  • https://www.googleapis.com/auth/userinfo.email — used to identify which Google account you have connected.

9.2 How We Store and Protect Google User Data

OAuth tokens (access tokens and refresh tokens) issued by Google are stored encrypted at rest in our Firestore database and are transmitted over TLS 1.3. Tokens are used only by our backend to perform the actions you authorize and are never exposed to client-side code or third parties. You may revoke Phone Stack's access at any time from your Google Account permissions page or by disconnecting the integration from your Phone Stack Settings.

9.3 Limited Use Disclosure

Phone Stack's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Specifically, Phone Stack:

  • Uses Google user data only to provide or improve user-facing features that are prominent in the Phone Stack user interface (sending emails you triggered, scheduling meetings you booked, and checking availability you authorized);
  • Does not transfer Google user data to others except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice;
  • Does not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising;
  • Does not allow humans to read Google user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized; and
  • Does not use Google user data to develop, improve, or train generalized AI and/or machine learning models. Any AI features that reference your data are scoped to your own account.

9.4 Deletion of Google User Data

You may disconnect Google from Phone Stack at any time in Settings → Integrations. Upon disconnection, we immediately revoke the associated refresh token with Google and delete the stored OAuth credentials from our database within 24 hours. To request deletion of any residual data associated with your Google account, email privacy@phonestack.com.

10. Microsoft User Data (Outlook Mail & Microsoft 365 Calendar)

Phone Stack offers optional integrations that allow you to connect your Microsoft account (personal Microsoft accounts or Microsoft 365 / Entra ID work or school accounts) so the Service can send emails on your behalf through Outlook and schedule calendar events in Microsoft 365 Calendar as part of your calling workflows. When you connect your Microsoft account, Phone Stack accesses your Microsoft user data only with your explicit consent via the Microsoft identity platform OAuth 2.0 flow (Microsoft Entra ID), and only to perform the actions you authorize.

10.1 Scopes We Request and Why

  • Mail.Send — used solely to send emails from your connected Outlook / Microsoft 365 mailbox (for example, meeting confirmations, follow-ups, and callback confirmations triggered by your AI call agent). We do not read, modify, delete, move, or otherwise access your inbox, drafts, folders, attachments, or any other mail content.
  • Calendars.ReadWrite — used to create calendar events (such as booked meetings) on the calendar you authorize and to check your availability before proposing meeting times to your prospects. We only create or modify events created by Phone Stack; we do not read, modify, or delete events that were not created by Phone Stack, except to read busy/free windows needed to schedule around them.
  • User.Read — used to identify which Microsoft account you have connected (display name, email address, and object ID) so that we can show it in your Phone Stack Settings.
  • offline_access — used to obtain a refresh token so Phone Stack can continue performing the actions you authorized (sending emails, creating events) without requiring you to sign in again for each action.

10.2 How We Store and Protect Microsoft User Data

OAuth tokens (access tokens and refresh tokens) issued by the Microsoft identity platform are stored encrypted at rest in our Firestore database and are transmitted over TLS 1.3. Tokens are used only by our backend to perform the actions you authorized and are never exposed to client-side code or third parties. You may revoke Phone Stack's access at any time from your Microsoft account applications & consents page (personal accounts) or from the My Apps portal (work or school accounts), or by disconnecting the integration from your Phone Stack Settings.

10.3 Limited Use of Microsoft User Data

Phone Stack's use of information received from Microsoft Graph and other Microsoft APIs adheres to the Microsoft APIs Terms of Use, the Microsoft Services Agreement, and applicable requirements for apps verified through the Microsoft Cloud Partner Program and the Microsoft 365 App Compliance Program. Specifically, Phone Stack:

  • Uses Microsoft user data only to provide or improve user-facing features that are prominent in the Phone Stack user interface (sending emails you triggered, scheduling meetings you booked, and checking availability you authorized);
  • Does not transfer Microsoft user data to others except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice;
  • Does not use Microsoft user data for serving advertisements, including retargeting, personalized, or interest-based advertising;
  • Does not sell or rent Microsoft user data under any circumstances;
  • Does not allow humans to read Microsoft user data unless we have your affirmative agreement for specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for internal operations where the data has been aggregated and anonymized; and
  • Does not use Microsoft user data to develop, improve, or train generalized AI and/or machine learning models. Any AI features that reference your data are scoped to your own account.

10.4 Deletion of Microsoft User Data

You may disconnect Microsoft from Phone Stack at any time in Settings → Integrations. Upon disconnection, we immediately revoke the associated refresh token with Microsoft and delete the stored OAuth credentials from our database within 24 hours. To request deletion of any residual data associated with your Microsoft account, email privacy@phonestack.com. Phone Stack does not retain copies of Outlook messages we send on your behalf beyond the metadata required to display your own send history inside Phone Stack (recipient, subject, timestamp, and delivery status).

10.5 Tenant Administrator Consent

If you are a Microsoft 365 tenant administrator granting Phone Stack access on behalf of your organization, you represent that you have the authority to do so and that your organization's users have been notified as required by your internal policies. Administrators may revoke consent for the entire tenant at any time via the Microsoft Entra admin center under Enterprise applications → Phone Stack → Permissions.

11. Cookies

We use cookies and similar technologies for analytics (Google Analytics), session management, and to improve your experience. You can control cookie preferences through your browser settings.

12. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy, contact us at:

Phone Stack Corp.
Email: privacy@phonestack.com
San Francisco, CA, United States