Privacy Policy

Last updated: April 7, 2026

NeuroSphere (“we”, “us”) operates a multi-tenant AI voice calling platform that helps businesses follow up with leads and book appointments. This Privacy Policy explains what data we collect, how we use it, and the rights you have over it.

1. Data We Collect

Business account data: email, business name, market, dialect, and plan information you provide during sign-up.
Lead data: names, phone numbers, and form responses submitted by end-users via connected Meta/Facebook Lead Ads or uploaded CSV files.
Call data: call metadata, transcripts, outcomes, and recordings generated during AI voice calls placed on your behalf.
Integration tokens: encrypted access tokens for connected services such as Google Calendar and Meta Pages.

2. How We Use Data

To place outbound AI calls and deliver instant lead callbacks.
To display call history, transcripts, and analytics in your dashboard.
To sync booked appointments to your calendar.
To improve service reliability, detect abuse, and comply with legal obligations.

3. Meta Platform Data

When you connect a Facebook Page, we receive leads submitted to that page’s Lead Ad forms via Meta’s webhook system. We only retrieve the specific lead you authorize us to access, store it against your organization, and use it solely to initiate the callback you requested. You can disconnect the page at any time from Settings, which revokes our access and stops further lead ingestion.

4. Data Sharing

We do not sell your data. We share data only with subprocessors required to deliver the service: Supabase (database), Twilio (telephony), ElevenLabs (voice AI), Anthropic (LLM), and Railway (hosting). All subprocessors are bound by data protection agreements.

5. Data Retention

We retain lead and call data for as long as your account is active. On account deletion, we remove all personal data within 30 days, except where retention is required by law.

6. Your Rights

You may access, correct, export, or delete your data at any time by emailing ziad.elalfy@yahoo.com. Egyptian users are protected under Law 151/2020. EU users have rights under the GDPR.

7. Security

All access tokens are encrypted at rest. Webhooks are verified via HMAC-SHA256 signatures. Database access is scoped per organization via row-level security policies.

8. Contact

Questions about this policy? Email ziad.elalfy@yahoo.com.