Legal

Privacy Policy

Last updated: May 16, 2026

This Privacy Policy explains how Tolvo ("we", "us") collects, uses, and protects your information when you use our Service. We aim to collect the minimum information needed to provide translated international phone calls and to be transparent about what happens to it.

Data Controller

The data controller responsible for your personal data under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and Spanish Organic Law 3/2018 (LOPDGDD) is Zebin Li, an individual sole trader (autónomo) based in Spain, operating Tolvo.

You can reach us at support@tolvo.app for any privacy-related question or request.

If you believe we have mishandled your data, you have the right to lodge a complaint with the Spanish Data Protection Authority — Agencia Española de Protección de Datos (AEPD) — at www.aepd.es, or with the data-protection supervisory authority in your country of residence.

1. What We Collect

Account information

  • Email address (via Clerk or your chosen identity provider)
  • Display name, if you provide one
  • Verified mobile phone number (used for callbacks and SMS verification)
  • Country selection (for assigning a dedicated Tolvo Number)

Payment information

Payments are processed by Stripe. We do not store your full card number or banking details — Stripe holds those. We retain your Stripe customer ID, subscription tier, billing period, and invoice metadata.

Call data

  • The phone numbers you dial and that dial your Tolvo Number
  • Call timestamps, duration, and direction (inbound / outbound / AI-agent)
  • Spoken language of each leg of the call
  • Bilingual transcripts of your calls (the spoken text translated and stored in plain text)
  • For AI agent calls: the free-text instructions you gave the agent and the agent's summary of the outcome

What we do NOT collect

  • We do not record call audio. Audio is processed in memory by our realtime translation provider and discarded
  • We do not track your browsing across third-party websites
  • We do not sell, rent, or share your information for advertising

Technical data

Like most online services, we log basic technical information (IP address, browser user-agent, request timestamps) for security, abuse prevention, and reliability.

2. How We Use Your Information

  • To operate the Service — placing and bridging calls, generating transcripts, billing your subscription
  • To remember the language used in past calls so callbacks are routed correctly (90-day window per contact)
  • To prevent abuse, fraud, and violations of our Terms of Service
  • To provide customer support when you contact us
  • To send essential service notifications (payment issues, security alerts). Marketing emails are opt-in
  • To comply with legal obligations

3. Sub-processors

We rely on the following third-party services to provide Tolvo. Each one only receives the data necessary for its function.

ProviderPurposeData shared
StripeSubscription billingEmail, billing address, payment method (held by Stripe)
TwilioPhone connectivity, SMS verificationPhone numbers, call metadata, SMS content (for OTP)
ClerkAuthenticationEmail, login events
Google (Gemini)Realtime speech translation & intent parsingAudio streams (transient) and text from your calls
CloudflareDNS, CDN, edge securityIP address, request metadata
Hosting providerApplication servers & databaseAll persisted account data and transcripts

We do not transfer your data to any other party except as required by law or under a written agreement consistent with this policy.

4. International Data Transfer

Tolvo and its sub-processors operate globally. Your data may be processed in the United States, the European Union, and other regions where these services have infrastructure. Where applicable, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

5. Retention

  • Transcripts: retained until you delete them or close your account. After account closure, transcripts are deleted within 30 days
  • Call metadata: retained for up to 24 months for billing audit and abuse investigations
  • Account information: retained while your account is active; deleted within 30 days of account closure, except where retention is required by law (e.g., tax records)
  • Technical logs: retained up to 90 days

6. Your Rights

Depending on your jurisdiction (GDPR, CCPA, and similar laws), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data and your account
  • Export your transcripts and account data in a portable format
  • Object to specific processing activities
  • Withdraw consent for any processing based on consent
  • Lodge a complaint with your local data protection authority

To exercise any of these rights, write to support@tolvo.app from the email registered on your account. We respond within 30 days.

7. Cookies

Tolvo uses only essential cookies needed to keep you signed in and to remember your preferences. We do not use third-party advertising or tracking cookies.

8. Children

The Service is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with information, contact us and we will delete it.

9. Security

We use industry-standard practices: TLS encryption in transit, encrypted database storage, scoped access controls, and regular security review. No method of transmission or storage is 100% secure, but we work to minimize risk and to notify affected users promptly in the event of a breach.

10. Recording-law Notice

While Tolvo itself does not record audio, the bilingual transcript can be considered a record under some jurisdictions' two-party-consent laws. You are responsible for any consent your local laws require — for example, by stating "this call may be transcribed" at the start of the conversation when calling within California or the EU.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email at least 30 days before they take effect. The "Last updated" date above always reflects the current version.

12. Contact

Questions about your privacy or this policy? Write to support@tolvo.app.

This document is a starting template. Please have a privacy lawyer or DPO review and adapt it to your specific jurisdiction, business entity, and operational details before relying on it in production.