Privacy Policy

Last updated: April 16, 2026

1. Who We Are

Receva is operated by Grizzly Tec LLC ("we", "us", "our"). We provide an AI-powered phone answering service for businesses. This policy explains how we collect, use, and protect data when you use our Service.

2. Our Role

When you use Receva, you are the data controller — you decide how your business handles caller information. We act as a data processor, processing call data solely on your behalf to deliver the Service. We do not use your call data for our own purposes.

3. What We Collect

Account Data (from you)

  • Name, email, phone number
  • Business name and description
  • Telegram bot token and chat ID (for notifications)
  • Billing information (processed by Stripe — we never see your full card number)

Call Data (from callers)

  • Caller phone number
  • Call recording (audio)
  • Call transcript (AI-generated text of the conversation)
  • Call summary and recommended next actions (AI-generated)
  • Call duration and timestamps

4. How We Use Data

  • To provide the Service: answering calls, generating transcripts and summaries, delivering notifications to your configured channels
  • To bill you: tracking usage minutes for subscription billing
  • To improve reliability: monitoring for errors and service issues

We do not sell, share, rent, or trade your data with third parties for marketing or advertising purposes. Ever.

5. Data Retention

Data TypeRetention Period
Call recordings14 days — automatically deleted by our telephony provider and from our storage
Transcripts & summariesRetained in your account until you delete them or close your account
Account dataRetained while your account is active; deleted within 30 days of account closure
Billing recordsRetained as required by tax/accounting law

6. Third-Party Processors

We use the following services to deliver the product. Each processes data on our behalf under their own privacy policies:

  • Vapi — telephony, call routing, and voice AI orchestration
  • Anthropic (Claude) — AI conversation handling and call summarization
  • ElevenLabs — voice synthesis (via Vapi)
  • Supabase — database and file storage
  • Stripe — payment processing
  • Telegram — notification delivery (using your own bot)
  • Vercel — web application hosting

7. Security

  • All data is encrypted in transit (TLS/HTTPS)
  • Database access is restricted by row-level security — each tenant can only access their own data
  • Recording storage uses signed URLs with expiration
  • API keys and credentials are stored securely and never exposed to the client

8. Your Rights

You can at any time:

  • Access your data through your dashboard
  • Delete individual call records or your entire account
  • Export your call history by contacting us
  • Withdraw consent by canceling your subscription

9. Caller Disclosure

As the business owner using our Service, you are responsible for complying with applicable call recording laws in your jurisdiction. Many states require one-party or two-party consent for recording. Our AI receptionist can be configured to inform callers that the call is being recorded. Consult legal counsel for your specific requirements.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 14 days before taking effect.

11. Contact

Privacy questions? Contact us at privacy@grizzlytec.com.