Kolby AI — Privacy Policy

Privacy Policy

Last updated: May 05, 2026

Note: For information about how we use or don't use data for model training, see our Privacy Overview and Security pages.

Introduction

We at Kolby AI ("Kolby," "we," "us," or "our") are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use Kolby's software, platform, APIs, websites, and related tools (collectively, the "Service").

This policy applies when Kolby acts as a data controller (e.g., you sign up directly). Where we act as a data processor for enterprise customers, our processing is governed by our Data Processing Addendum and the customer's instructions.

Zoom Integration

If you connect your Zoom account to KolbyAI, we receive certain data from Zoom each time you host a meeting where the integration is active. This section describes what we receive, why, and what we do with it.

Data we receive from Zoom

Live meeting audio — per-participant PCM stream, via Zoom Realtime Media Streams.
Live and final meeting transcripts — used as a fallback when our own transcription pipeline drops a frame.
In-meeting chat messages — used for live coaching context only; not retained after the meeting ends.
Meeting and user identifiers (meeting_uuid, user_id, account_id) for matching the meeting to your KolbyAI account.
Your Zoom user profile (email, display name) — read once at install to map your Zoom user to your KolbyAI agent record.

We do not request access to your Zoom recordings, your video stream, or any meeting outside your own host account.

Why we receive it

Live audio is processed in real time by our speech-to-text pipeline (Deepgram) and our coaching engine (Claude, hosted on Microsoft Azure AI Foundry) to surface objection handling, suggested responses, and post-call summaries to you in your KolbyAI dashboard. Without this data the integration cannot function.

How long we keep it

Live audio is never persisted to disk — it is streamed in-memory through our transcription provider and discarded once the transcript is generated. Transcripts and derived AI analyses (summaries, objection notes, coaching events) are retained, encrypted at rest, for the life of your KolbyAI account so you can review historical calls.

How to delete it

When you uninstall the KolbyAI app from Zoom Marketplace, Zoom sends us an app_deauthorized event. Within 30 days of receiving that event we permanently delete:

Your stored Zoom OAuth tokens
Your Zoom user and account identifiers from our database
All transcripts, summaries, and derived AI analyses tied to meetings hosted on the connected Zoom account

You can also disconnect Zoom from inside the KolbyAI Integrations tab at any time. That action soft-disables the connection so it can be re-enabled, and is independent of the full deletion path triggered by uninstall.

Consent and notice

Zoom shows a consent banner to all participants whenever an app receives meeting content. We rely on Zoom's banner; we do not display a separate one. The host of the meeting (you, or your colleague who installed our app) is responsible for ensuring participants are aware that meeting content is being processed by KolbyAI before recording or coaching begins.

1. Personal data we collect

A. Personal data you provide to us directly

Account Information. Name, business email, company, role, and similar identifiers.
Payment Information. Billing contact details; card data is handled by our payment processor (e.g., Stripe).
Inputs & Suggestions. Audio/media, transcripts, prompts, and other content you submit; real-time guidance and analytics we generate in response.
Communications. Support requests, survey responses, or other messages you send us.
Feedback. Product feedback, ratings, and comments about Suggestions.

B. Personal data we receive from your use of the Service

Device Information. Device type, OS, browser, mobile network or ISP, and settings.
Log Information. IP address, timestamps, error logs, and interaction events.
Usage Data. Pages viewed, features used, links clicked, session duration, and similar analytics.
Cookies & Similar Technologies. We and providers use cookies/pixels/scripts to operate, protect, and improve the Service. See our Cookie Policy.
Location Information. Approximate location derived from IP for fraud detection, security, and localization.
Mobile Phone Number. When you provide verbal consent during a recorded voice call to receive SMS messages, we collect your mobile phone number solely to deliver those messages.

C. Information we do not collect

We do not knowingly collect sensitive or special categories of personal data (e.g., genetic, biometric, health, or religious information) for the purpose of uniquely identifying a natural person, and we do not target children under 18. If we learn a user is under 18, we will delete the account and associated personal data.

2. How we use personal data

To provide and maintain the Service, including optional features that enhance functionality and user experience.
To create, manage, and administer your account; facilitate payments; and respond to inquiries.
To improve the Service and conduct research (debugging, reliability, and quality).
To communicate with you about updates, events, and the Service. Marketing emails are opt-out.
To send transactional SMS messages following a voice call, where you have provided verbal consent on a recorded call.
To prevent, detect, and investigate fraud, abuse, and security incidents; to enforce our Terms of Service.
To comply with legal obligations and protect rights, safety, privacy, and property.

No automated decisions with legal/significant effects. We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you.

No sale or cross-context behavioral advertising. We do not "sell" or "share" personal data for targeted advertising as defined by applicable U.S. state privacy laws.

Model training. We do not use your Content to train base models unless you explicitly opt in (e.g., an enterprise admin enables it and accepts additional terms). See our Privacy Overview.

4. SMS communications

Kolby AI sends transactional SMS messages on behalf of sales agents using our platform. The phone numbers we collect for SMS purposes are obtained only through verbal consent during a recorded voice call, and are used solely to deliver the messages you have expressly consented to receive.

We do NOT share, sell, lease, or rent your mobile phone number or any opt-in information to third parties or affiliates for their marketing or promotional purposes. Mobile information is only used to provide the messaging service you have agreed to receive.

Message frequency: Recurring, approximately 1 to 4 messages per recipient per month, varying based on call activity.

Cost: Message and data rates may apply. Charges come from your wireless carrier, not from Kolby AI.

Opt-out: You can opt out at any time by replying STOP, UNSUBSCRIBE, CANCEL, END, QUIT, or STOPALL to any message. Once you opt out you will receive a one-time confirmation that you have been unsubscribed and will not receive further messages.

Help: Reply HELP to any message, or contact support@kolbyai.com for support or questions.

Consent records: Verbal consent given during a voice call is captured on the call recording. Recordings, the timestamp of consent, and the agent identifier are retained for at least four (4) years to satisfy TCPA recordkeeping requirements. Recordings are available on request for compliance review.

Supported carriers: AT&T, Verizon, T-Mobile, US Cellular, and other major U.S. carriers. Carriers are not liable for delayed or undelivered messages.

5. Retention

We retain personal data only as long as necessary to operate the Service and support legitimate business needs (e.g., compliance, safety, dispute resolution, and enforcing agreements). Retention varies by data type, sensitivity, and purpose. Encrypted backups follow a fixed schedule (≤30 days) before automatic deletion. Consent records related to SMS communications are retained for a minimum of four (4) years to satisfy TCPA requirements.

Data received from connected third-party meeting platforms (such as Zoom) is retained on the same schedule as other call-derived data, and is additionally subject to deletion via the platform's uninstall flow as described in the Zoom Integration section above.

6. Security

We implement commercially reasonable technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. See our Security page for more.

7. Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or transfer your personal data; to object to or restrict certain processing; and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with your local authority.

Access/Portability. Request a copy of your personal data in a portable format.
Deletion. Request deletion of personal data collected from you, subject to legal exceptions.
Correction. Request correction of inaccurate personal data we maintain.
Objection/Restriction. Object to or request restriction of certain processing.
Withdraw Consent. Where applicable, withdraw consent without affecting prior lawful processing. To withdraw SMS consent, reply STOP to any message.
Appeal. If we decline a request, you may appeal by replying to our decision email.
Non-discrimination. We will not discriminate against you for exercising your rights.

To exercise rights, contact support@kolbyai.com. We may need to verify your identity (and, where permitted, the identity/authority of your authorized agent) before acting on a request.

To request deletion of data tied to a third-party integration before uninstalling the app, contact privacy@kolbyai.com.

8. Jurisdiction-specific disclosures

Where required (e.g., GDPR/UK GDPR/US state privacy laws), we provide legal bases and additional details below.

Purpose	Type of Data	Legal Basis
Provide, maintain, and facilitate the Service	Identity/contact; Payment; Inputs & Suggestions; Technical	Contract
Optional features that enhance UX	Identity/contact; Inputs & Suggestions; Feedback; Technical	Legitimate interests (product improvement); sometimes Consent
Service communications & account notices	Identity/contact; Communication	Contract (service communications); Consent (marketing)
Payments	Identity/contact; Payment	Contract; Legal obligation
Fraud prevention & security; compliance	Identity/contact; Payment; Technical	Legitimate interests; Legal obligation
Dispute resolution; enforcement of Terms	Identity/contact; Inputs & Suggestions; Feedback; Technical	Legitimate interests; Legal obligation
Debugging and repairing errors	Identity/contact; Feedback; Technical	Legitimate interests (reliability)
Service improvement & research (excluding model training)	Feedback; Technical; Usage	Legitimate interests (evaluate and improve)
SMS transactional messaging	Mobile phone number; Call recording; Consent record	Consent (verbal opt-in on recorded call); Legal obligation (TCPA)
Model training (if explicitly opted in)	Inputs & Suggestions; Feedback	Consent (opt-in only)

International transfers

We may process data in the United States and other countries. For transfers from the EEA/UK, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and implement supplementary measures as needed to ensure an adequate level of protection.

9. SMS program terms

Program name: Kolby AI Follow-Up Messaging

Program description: Transactional SMS messages sent following a voice call you participated in through the Kolby AI platform. Content includes call recap summaries, meeting confirmations, scheduling links, and other information you requested during the call.

How consent is obtained: By giving explicit verbal consent during a recorded voice call with a sales agent using the Kolby AI platform, you agree to receive SMS messages from that agent's organization via Kolby AI. Your consent is captured on the call recording and associated with your phone number.