CallX, Inc. ("CallX", "we", "us", "our") operates a pay-per-call insurance marketplace and supervisory platform. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your information. It applies to Agents, Agencies, Coaches, Publishers, Advertisers, SuperAdmins, Callers whose calls are routed through CallX, and visitors to our websites.
This Policy operates alongside the CallX Terms of Service. Defined terms have the meanings given in the Terms.
| Category | What's in it | Source |
|---|---|---|
| Account identifiers | Name, email, phone number, password (hashed), profile photo, agency affiliation, license numbers (NPN), social handles | You, at signup and in Settings |
| Business & compliance data | Legal entity name, EIN, business address, sample SMS messages, opt-in collection method, certificate of insurance, W-9 / tax documents | You, at onboarding and as required by carriers |
| Call content | Audio recordings, written transcripts, screen-share captures, in-call chat, agent and coach notes | Generated by the Service during calls |
| Call metadata | Caller phone number, time and duration, routing path, disposition, IVR selections, dial source, advertiser/publisher attribution | Generated by the Service |
| Performance data | Conversion rates, applications submitted/written, AP figures, call scores, response time, attendance, customer ratings | Generated by the Service from your activity |
| Payment information | Tokenized card details (held by Stripe, not CallX), billing address, transaction history, refund records | You, via Stripe |
| Device & usage | IP address, browser, OS, device type, pages viewed, click events, error logs, audio device IDs | Automatically when you use the Service |
| Communications metadata | Whether you opened our emails, which links you clicked, SMS delivery and opt-out status | Our email/SMS service providers |
We do not collect biometric identifiers (such as voiceprints or facial geometry) except where you separately and explicitly opt in to a feature that requires them, and where state-specific consent procedures (e.g., Illinois BIPA, Texas CUBI) have been satisfied.
We use information to:
Every voice conversation routed through CallX is recorded, transcribed, and may be analyzed by automated systems for the purposes described in Terms § 7 and Terms § 8. Callers are notified in the inbound call greeting that the call may be recorded and monitored, in compliance with applicable two-party-consent state laws.
You may request a copy of any recording or transcript associated with your account by contacting privacy@callx.com. CallX may redact information necessary to protect third-party privacy or to comply with law before producing records.
We share information with the following categories of recipients, in the contexts described in Terms § 9:
Your Agency Owner, Managers, and designated Trainers see your account profile, performance metrics, call recordings, transcripts, and customer records as part of normal supervision.
Advertisers who purchased a call receive the call recording, basic metadata, and agent-side QA data for that call. Publishers receive metadata about calls they delivered. Advertiser and Publisher identities are not disclosed to each other — they only see the call data relevant to their side of the marketplace.
A Marketplace Coach you book receives live audio and limited contextual information during the active shift only. No persistent access after the shift ends, except as required for dispute resolution.
We engage subprocessors for hosting (e.g., AWS), telephony (e.g., Twilio, Bandwidth), payment (Stripe), email (e.g., Postmark, SendGrid), transcription, fraud detection, analytics, and similar functions. All subprocessors are bound by written confidentiality and data-processing agreements.
We disclose information when required by valid subpoena, court order, regulatory examination, or lawful written cooperative-disclosure request. We will challenge overbroad demands and notify affected users where permitted by law.
If CallX is involved in a merger, acquisition, financing, or sale of assets, information may be transferred. We will notify you of any change in ownership of your personal information.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising as defined by CCPA/CPRA.
To deliver SMS and voice traffic on your behalf, we submit business-identity information to telecommunications carriers, the Campaign Registry (TCR) for 10DLC, Toll-Free Verification (TFV) services, STIR/SHAKEN registries, and Do Not Call list operators. See Terms § 10 for the full list of submission types and your authorization.
We use first-party cookies and similar technologies for authentication, session management, security, and product analytics. We do not use cookies for cross-site advertising. You can control cookies via your browser settings; disabling cookies may impair functionality (e.g., you may be logged out frequently).
Depending on where you live, you may have rights to:
To exercise any of these rights, contact privacy@callx.com. We will verify your identity before fulfilling requests. We will not discriminate against you for exercising your rights.
If you are in the EU/EEA, UK, or another jurisdiction with a supervisory authority, you have the right to lodge a complaint with that authority. CallX's EU representative is [TO BE COMPLETED BY COUNSEL].
| Data type | Default retention | Notes |
|---|---|---|
| Account profile | Life of account + 7 years | Tax and licensing recordkeeping |
| Call recordings | 13 months active, 7 years archive | Longer if regulatory/dispute hold applies |
| Call transcripts | 13 months active, 7 years archive | Mirrors recordings |
| Call metadata | 7 years | Required for marketplace accounting and 1099s |
| Payment records | 7 years | Tax recordkeeping |
| Marketing comms metadata | 2 years after last interaction | For unsubscribe accuracy |
| Security/audit logs | 2 years | Fraud and abuse investigation |
When you close your account, account-profile data and historical recordings are placed in archive after 13 months and deleted at the end of the retention period unless a legal hold applies.
We use encryption in transit (TLS) and at rest (AES-256) for personal information and recordings. Card data is tokenized and stored by Stripe (PCI DSS Level 1) — CallX never stores raw card numbers. Internal access is role-restricted, logged, and reviewed. We perform regular vulnerability scanning, third-party penetration testing, and respond to security incidents under a documented incident-response plan. Notification of a personal-information breach affecting you will be provided as required by applicable law.
The Service is intended for licensed insurance professionals and business users. We do not knowingly collect personal information from children under 13 (or 16 in the EU/EEA). If we learn that we have collected such information without parental consent, we will delete it promptly.
CallX is based in the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. and other jurisdictions where our service providers operate. Where required, transfers from the EU/EEA, UK, or Switzerland are protected by Standard Contractual Clauses or equivalent safeguards.
We may update this Policy from time to time. If a change is material (including a change in the categories of data collected or shared, or in the lawful basis for processing), we will provide at least thirty (30) days' advance notice and re-prompt consent where required.
For privacy questions, requests, or complaints, contact: