Adsum
Adsum

Privacy Policy

Last updated: May 17, 2026

Adsum ("we", "us", "our") provides an AI phone receptionist service that answers inbound calls for small service businesses. This Privacy Policy explains what data we collect through theadsum.comand the Adsum platform (the "Service"), how we use it, and the rights you have.

1. Who this policy applies to

Adsum is a B2B platform. We process two kinds of personal data:

  • Business owner data — about you, the customer who signs up for Adsum to answer your business phone.
  • Caller data — about people who call your business phone number after you connect it to Adsum.

You (the business owner) are the data controller for caller data. We act as a data processor on your behalf. You are responsible for telling your callers that calls are being answered and recorded by an AI service (see Section 5).

2. Information we collect

From you, the business owner

  • Email address, full name, business name
  • Business website URL and address
  • Mobile phone number (for emergency alerts)
  • Payment information (full card number is handled by Stripe — we only store the last four digits)
  • Account authentication tokens (managed by Supabase Auth)

From callers (people who phone your business)

  • Caller phone number (caller ID)
  • Voice recording of the entire conversation
  • Transcript of the conversation
  • Any name, address, service details, or other personal information the caller shares with the AI receptionist
  • Time, duration, and outcome of the call

Automatically when you use the dashboard

  • IP address, browser type and version, device type
  • Pages visited and actions taken within the dashboard
  • Authentication cookies and session tokens

3. How we use this information

  • To run the AI receptionist that answers your phone
  • To create and manage your account and dashboard
  • To process subscription payments via Stripe
  • To send SMS alerts to your phone when emergency calls come in
  • To improve the service through aggregated, anonymized analytics
  • To comply with legal obligations (tax, accounting, lawful subpoenas)

We do not sell personal data. We do not share data with third-party advertisers. We do not use call recordings or transcripts to train public AI models.

4. Third-party processors

To run the Service we rely on third-party providers. They process data on our behalf under data-protection agreements:

  • Vapi (USA) — call audio, transcript, structured data; voice AI infrastructure
  • Cartesia (USA) — audio data; text-to-speech
  • Deepgram (USA) — audio data; speech-to-text
  • OpenAI (USA) — transcript text; conversation AI model
  • Anthropic (USA) — your business website content; onboarding-time prompt generation
  • Firecrawl (USA) — your business website URL; one-time scrape during onboarding
  • Supabase (Singapore region) — account data and call records; primary database
  • Cloudflare (USA) — API request routing and DNS
  • Vercel (USA) — page hosting and serving
  • Stripe (India and USA) — payment processing and subscription billing
  • Twilio (USA) — SMS emergency alerts

5. Call recordings — your responsibility

By configuring Adsum to answer your business phone line, you confirm that you have the legal right to record incoming calls on that line and that you will inform callers of the recording where required by law.

In the United States, certain states require all parties on a call to consent to recording. Adsum's default opening message can be configured to inform callers that the call is being answered and recorded by an AI receptionist; this is your responsibility to enable and verify. Two-party consent states include (without limitation) California, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.

You can delete individual call records from your dashboard at any time. We retain encrypted backups for up to 30 days after deletion for disaster-recovery purposes.

6. Data retention

  • Call recordings and transcripts — retained while your account is active. Permanently deleted within 30 days of account closure.
  • Account information — retained while your account is active. Permanently deleted within 30 days of account closure.
  • Billing and tax records — retained for 7 years from the date of transaction to comply with tax and accounting laws.

7. Your rights

If you are in India (DPDPA 2023)

You have the right to access, correct, and erase your personal data, and to seek grievance redressal. Email contact24@abhisheksuryavanashi.dev.

If you are in the European Union or UK (GDPR / UK-GDPR)

You have the right to access, rectify, erase, restrict processing, port your data to another provider, and object to processing. To exercise these rights, email contact24@abhisheksuryavanashi.dev. You also have the right to lodge a complaint with your local supervisory authority.

If you are in California (CCPA / CPRA)

You have the right to know what we collect, delete what we hold, correct inaccuracies, and opt out of any "sale" or "share" of personal data. We do not sell or share personal data as those terms are defined under California law.

We respond to verified requests within 30 days.

8. Cookies and tracking

We use cookies only for:

  • Authentication — keeping you signed into your dashboard
  • Preferences — remembering settings like which tab you last viewed

We do not use third-party advertising cookies. We do not track you across other websites. We do not have a cross-site fingerprinting analytics system.

9. Children

Adsum is a B2B service intended for adult business owners. We do not knowingly collect personal data from anyone under 18. If we learn that we have inadvertently collected data from a minor, we will delete it.

10. Security

  • All data is encrypted in transit using TLS 1.3.
  • All data is encrypted at rest by our service providers (AES-256 or equivalent).
  • Customer data is isolated using row-level security in our database.
  • Administrative access is logged and audited.

No system is perfectly secure. If you believe you have discovered a security vulnerability, please email contact24@abhisheksuryavanashi.dev before disclosing publicly.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you by email and update the "Last updated" date at the top of this page.

12. Contact

For any question about this Privacy Policy, to exercise your data rights, or to report a security concern, email contact24@abhisheksuryavanashi.dev. We respond within 30 days, faster for security disclosures.