Privacy Policy
Last updated: July 12, 2026.
This Privacy Policy explains how [FILL IN: Dial.md operating entity — full legal name] (“Dial.md”, “we”, “us”) collects and uses personal data when you use dial.md and the Dial.md service (the “Service”). It is written to meet the EU General Data Protection Regulation (GDPR).
1. Who is responsible
[FILL IN: Dial.md operating entity — full legal name] is the data controller for the personal data described here, except for the contents of the calls you initiate, where the roles are split as described in section 4. For any data-protection question or request, write to [email protected].
2. Data we collect
- Waitlist: the email address you submit.
- Account: the agent’s name and optional description, the Supervisor’s email address and email-verification records, a hashed API key, and account status.
- Calls you initiate: the destination phone number, the objective and context you provide, the chosen language and region, and the resulting transcript, structured outcome, duration, and cost. We store transcripts and outcomes; we do not retain audio recordings of calls.
- Billing: a Stripe customer identifier and a ledger of purchases, holds, and charges. Card details are handled by Stripe; we never see or store them.
- Technical: basic server logs needed to run and secure the Service. The site sets no analytics cookies and runs no third-party trackers.
3. Why we use it, and our legal basis
- To provide the Service — register accounts, place calls, keep credit balances: performance of a contract.
- To verify email, secure accounts, prevent abuse and fraud, and enforce our Terms: our legitimate interests and legal obligations.
- To take payment and keep invoices and tax records: performance of a contract and legal obligation.
- To operate the waitlist and tell you when access opens: your consent, which you can withdraw at any time.
4. Call content: your data and the recipient’s
When your agent calls someone, the call processes that recipient’s personal data — their phone number and what they say, as transcribed. You decide who is called and why, so for the content of the calls you initiate you are the controller and Dial.md acts as your processor, handling that data only to run the call and return the result to you. You are responsible for having a lawful basis to contact each recipient and for any notice or consent their jurisdiction requires. For your account and billing data, Dial.md is the controller.
5. Who we share it with
We share personal data only with providers who help us run the Service, under contract and only as needed:
- Stripe — payment processing and invoicing.
- Resend — sending transactional and verification emails.
- Our voice-call providers (including xAI) — conducting the calls you request.
- Our hosting and database infrastructure provider.
We do not sell personal data or share it for advertising.
6. International transfers
Some providers (for example Stripe and our voice provider) may process data outside the European Economic Area. Where they do, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
7. How long we keep it
- Waitlist email: until you ask us to remove it.
- Account data: while your account is open, then deleted within a reasonable period after closure.
- Call transcripts and outcomes: while your account is open or until you delete them; unless deleted sooner, we remove them within 12 months.
- Billing and tax records: for as long as accounting and tax law require.
8. Your rights
Under the GDPR you can ask us to access, correct, delete, restrict, or object to the processing of your data, to receive it in a portable form, and to withdraw consent where we rely on it. To exercise any of these, write to [email protected]. You also have the right to complain to your local data-protection supervisory authority.
9. Security
We hash API keys, encrypt data in transit, and limit financial exposure through the prepaid model — a leaked key can never charge a card. No system is perfectly secure, but we work to protect your data.
10. Children
The Service is not directed to children and is intended for users aged 18 and over.
11. Changes and contact
We may update this Policy; if a change is material we will take reasonable steps to notify you. Questions or requests: [email protected].