Privacy Policy

Last updated: May 15, 2026

1. Introduction

Mermaid Phone ("we," "our," or "us") is a product of Laguna Foundry, a digital agency based in Laguna Beach, California. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered phone answering and voicemail service, website, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, business address, and industry type when you register for an account.
  • Business Data: Services you offer, business hours, pricing information, and other details you provide to configure your AI phone agent.
  • Account Settings and Instructions: Availability rules, booking limits, vacation or holiday settings, voice preferences, routing rules, notification preferences, FAQs, service notes, policies, and other instructions you give through the dashboard, onboarding, chat, phone calls, or support.
  • Payment Information: Billing details processed securely through Stripe. We do not store your full credit card number on our servers.
  • Communications: Messages you send us through contact forms, email, or support channels.
  • Support Requests: Information you provide when you ask Sirena or our team for help, including issue descriptions, account context, and related summaries.

2.2 Information Collected Automatically

  • Call Recordings: Phone calls handled by your AI agent are recorded for service delivery, quality assurance, and to provide you with call summaries and transcripts. Callers are informed that calls may be recorded.
  • Call Metadata: Phone numbers, call duration, timestamps, and call outcomes (booked, message taken, transferred, etc.).
  • SMS Data: Text message content, phone numbers, and timestamps for messages sent and received through the Service.
  • Sirena Chat and Cross-Channel Memory: Messages, call summaries, tool actions, and account context used so Sirena can remember prior interactions across web chat, phone calls, dashboard actions, and other supported channels.
  • Website Usage: Browser type, device information, pages visited, referring URLs, and standard server log data. Mermaid Phone does not use IP address matching to identify marketing visitors.
  • Caller Information: Phone numbers and any information callers provide during conversations with your AI agent (name, appointment preferences, messages, etc.).

2.3 Information from Third Parties

  • Website Scraping: When you set up your account, we may scrape your business website (with your permission) to auto-configure your AI agent with accurate business information.
  • Calendar Integrations: Appointment availability from connected calendar services, including availability, event details, selected calendars, and scheduling results needed to provide booking features.
  • Payment Integrations: Limited payment account, payment link, subscription, balance, card brand, and last-four information from connected payment providers when needed to support billing, payment links, deposits, or account status. We do not store full card numbers.
  • Connected Business Tools: Information from booking, CRM, calendar, payment, or other tools you connect so Mermaid Phone can read, create, update, or summarize supported records.

3. AI, Call Recording, and Account Actions

Important

Our Service uses artificial intelligence to answer phone calls on your behalf. All calls handled by the AI agent may be recorded, transcribed, summarized, and processed.

Specifically:

  • Callers are informed at the beginning of each call that they are speaking with an AI assistant and that the call may be recorded.
  • Call recordings and transcripts are stored securely and made available to you (the business owner) through your dashboard.
  • Call data is used to improve the AI agent's performance and accuracy for your business.
  • Sirena may use prior conversations, dashboard activity, call summaries, customer records, and connected tool results to keep context across supported channels.
  • When you instruct Sirena to update supported settings, she may create or change account information such as business hours, services, booking rules, customer notes, appointment records, notifications, or support tickets.
  • We may review AI actions, transcripts, summaries, and support tickets to troubleshoot, improve service quality, prevent abuse, and help resolve your requests.
  • We may use anonymized and aggregated call data to improve our Service generally.
  • Call recordings are retained for 90 days unless you request earlier deletion or your account requires longer retention for compliance purposes.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including AI call answering, SMS messaging, scheduling, and CRM features.
  • Configure and train your AI phone agent with your business details.
  • Maintain Sirena's cross-channel memory so your account assistant can continue a conversation across the website, dashboard, phone, and other supported channels.
  • Carry out account changes that you request through supported AI tools, dashboard settings, onboarding, support, or connected services.
  • Process payments and manage your subscription.
  • Support connected calendars, payment providers, booking tools, and other business tools you authorize.
  • Send you service-related notifications (call summaries, booking confirmations, system updates).
  • Create, route, and review support tickets when Sirena or our team needs to help with a bug, feature request, custom setup, integration request, or account issue.
  • Improve and optimize the Service, including AI accuracy and call handling quality.
  • Detect and prevent fraud, abuse, or technical issues.
  • Comply with legal obligations.

5. Third-Party Services

We use the following third-party services to deliver the Service. Each has its own privacy policy governing its use of data:

  • Retell AI: Powers our AI voice agent technology. Processes call audio and generates responses in real time.
  • Twilio: Provides telephony infrastructure for phone calls and SMS messaging.
  • Supabase: Hosts our database and authentication services.
  • Stripe: Processes payments securely. Your payment information is handled directly by Stripe and subject to their privacy policy.
  • Square, Google, Microsoft, and Other Connected Providers: When you connect these tools, they may process the calendar, payment, customer, or account data needed for the features you enable.
  • OpenAI: Provides AI language processing for call handling, message generation, and business data analysis.

We do not sell your personal information to third parties. We share data with the service providers listed above only to the extent necessary to deliver the Service.

6. SMS Consent, Opt-Outs, and Carrier Approval

If you enable SMS or similar messaging features, we may process message content, delivery status, phone numbers, opt-in and opt-out records, support notes, and related carrier compliance information. Some SMS features require business verification, A2P or similar carrier approval, registration information, additional terms, and ongoing monitoring for abuse.

You are responsible for getting the permissions required to text your customers and for honoring opt-out requests. We may block, pause, or remove messaging features if we believe a message, campaign, number, or account may violate law, carrier rules, or Mermaid Phone policies.

7. Customer Data Responsibilities

You decide what customer data is entered into Mermaid Phone and how your business uses it. You are responsible for giving required notices, obtaining required permissions, keeping customer data accurate, and making sure the Service is appropriate for your business, customers, and location.

Mermaid Phone is not designed for protected health information, emergency services, regulated medical workflows, clinical decisions, legal advice, financial advice, or other regulated uses unless we have a separate written agreement that specifically allows that use. Please do not enter protected health information or similarly regulated data unless we have agreed to support it in writing.

8. Data Retention

  • Account Data: Retained for as long as your account is active. When you delete your account, your personal information is removed promptly and the account cannot be reactivated. Some records may remain only where we are legally required to keep them, and call recordings age out under the 90 day window described below.
  • Call Recordings: Retained for 90 days, then automatically deleted unless required for ongoing service or legal compliance.
  • SMS Messages: Retained for the duration of your active account.
  • Sirena Messages and Account Memory: Retained while your account is active so Sirena can understand prior requests, account setup, and support history, unless you request deletion and we are able to honor it.
  • Support Tickets: Retained while needed to resolve the request, keep an audit trail, improve support, and meet business or legal requirements.
  • Connected Tool Data: Retained only as needed to provide the connected feature, preserve account history, troubleshoot issues, or meet legal and provider requirements.
  • Payment Records: Retained as required by tax and financial reporting laws (typically 7 years).
  • Analytics Data: Anonymized and aggregated data may be retained indefinitely for service improvement.

Some information may remain for a limited time in backups, security logs, provider systems, or records we are legally required to keep.

9. Data Security and Privacy Safeguards

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), secure data storage, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

We use access controls, session ownership checks, restricted staff access, redaction where practical, and provider safeguards to reduce unnecessary exposure of customer information, support-ticket details, payment metadata, call transcripts, and connected account data. We also try to avoid sending raw secrets, payment numbers, or sensitive identifiers through support emails.

10. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Export: Request your data in a portable format.
  • Opt-Out: Unsubscribe from marketing communications at any time.

To exercise any of these rights, contact us at help@mermaidphone.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to Delete: You may request deletion of your personal information, with certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • No Sale of Data: We do not sell personal information as defined under the CCPA.

To make a CCPA request, email us at help@mermaidphone.com with the subject line "CCPA Request." We will verify your identity before processing your request.

12. Children's Privacy

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at help@mermaidphone.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Laguna Foundry

Laguna Beach, California

Email: help@mermaidphone.com

Website: lagunafoundry.com

© 2026 Mermaid Phone. Built by Laguna Foundry.