Privacy Policy

1. Introduction

Callwen, Inc. ("Callwen," "we," "our," or "us") provides an AI-powered document intelligence platform for financial professionals at callwen.com. Our founder is a licensed CPA, and we built Callwen with professional standards of care in mind.

This Privacy Policy describes how we collect, use, store, and protect your information when you use our platform. By using Callwen, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials through Clerk (including Google sign-in). If you join or create an organization, we also collect organization name and role details.

Client and Document Data

You may upload documents, create client records, and generate AI-powered content (briefs, action items, chat responses). We store these to provide our service.

Usage Data

We collect query counts, feature usage, login timestamps, browser type, and IP address to operate and improve the service.

Browser Extension Data

The Callwen browser extension allows you to capture content from web pages directly into your Callwen workspace. The extension collects the following data only when you explicitly initiate a capture:

• Captured content: text selections, full page text, screenshot images, and file URLs — transmitted only when you click the capture button
• Page metadata: URL and title of pages you capture from, used for source tracking and deduplication
• Auto-match signals: domain name and detected company names on the current page, sent to the server to suggest the correct client (paid plans only, only when auto-match is active)
• Parser-extracted data: when viewing Gmail, QuickBooks Online, or tax software, structured data is extracted (email fields, financial report data, form fields) — parsers activate only on paid plans, only on recognized platforms, and only when you initiate a capture
• Monitoring rule matches: if you configure monitoring rules, the extension checks page URLs and domains against your rules locally in the browser; only match notifications are generated, and page content is not transmitted unless you choose to capture

The extension does NOT collect:

• Browsing history or page content from sites you visit without capturing
• Passwords, cookies, or authentication tokens from other websites
• Data from browser tabs other than the active tab during a capture
• Any data when the extension is not actively being used

Local storage: the extension stores only your Callwen authentication token and a cache of client ID/name pairs in chrome.storage.local. No document content, email bodies, or client-sensitive data is persisted in the extension.

Payment Information

Payment processing is handled entirely by Stripe. We store only your Stripe customer ID and subscription status — we never see or store your credit card number.

3. How We Use Your Information

• Provide, maintain, and improve the Callwen platform
• Process documents and queries through AI providers to deliver results
• Manage your account, organization, and subscription
• Communicate with you about service updates and account activity
• Analyze aggregate usage patterns to improve service reliability

We explicitly do NOT:

• Sell your data to third parties
• Use your uploaded documents to train AI models
• Share data between organizations — each org's data is fully isolated
• Display advertisements or share data with ad networks

4. Data Storage and Security

We use industry-leading infrastructure providers with strong security certifications:

• Supabase (database and file storage) — SOC 2 Type II certified
• Clerk (authentication) — SOC 2 Type II certified
• Vercel (frontend hosting) — SOC 2 Type II certified
• Stripe (payments) — PCI DSS Level 1 certified

All data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted with AES-256. Database connections use encrypted connection pooling. Access is controlled through role-based access control (RBAC) with Admin and Member roles.

5. AI Processing

Callwen uses the following AI providers to process your documents and queries:

• Anthropic (Claude)
• Google (Gemini)
• OpenAI (GPT)

Under our API agreements with these providers, they do not retain your data or use it for model training. We send only the minimum data necessary to fulfill each request.

6. Data Sharing

We share your information only with the following categories of recipients, and only as necessary to provide the service:

• AI providers — Anthropic, Google, and OpenAI for document processing
• Infrastructure providers — Supabase, Vercel, Railway, and Clerk for hosting and authentication
• Stripe — for payment processing
• Legal requirements — when required by law, subpoena, or court order
• Business transfers — in connection with a merger, acquisition, or sale of assets (with notice to you)

7. Data Retention

• Account data: retained while your account is active, plus 30 days after deletion
• Documents: retained while your account is active, plus 30 days after you delete them
• Usage logs: retained for 12 months
• Payment records: retained for 7 years for tax and legal compliance

8. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Delete your account and associated data
• Export your data in a portable format
• Restrict certain processing activities

To exercise any of these rights, contact us at privacy@callwen.com.

9. Organization Data

If you use Callwen as part of an organization, the organization administrator controls access to the organization's data. Member access is scoped to the organization they belong to. When a member is removed from an organization, their access is revoked immediately. The organization owns its data — individual members do not retain access to organization data after removal.

10. Cookies

Callwen uses only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

11. Children's Privacy

Callwen is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors.

12. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your data, and opt out of data sales. We do not sell personal information. To exercise your rights, contact privacy@callwen.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email or a prominent notice on our platform before the changes take effect.

14. Contact Us

If you have questions about this Privacy Policy, contact us at:

• Email: privacy@callwen.com
• Web: https://callwen.com
• Callwen, Inc.
• Fort Lauderdale, Florida