1. Who we are
Dials is a product of L1fe AI, Inc., a Delaware corporation with its principal place of business at 8 The Green, Suite 4000, Dover, DE 19901 ("Dials," "we," "us," or "our"). References in this policy to the "Service" mean the Dials platform, including the dashboard, REST API, command-line interface, MCP server, SDKs, webhooks, and any supporting websites and documentation.
For purposes of the EU and UK General Data Protection Regulations, we act as a data controller for our website and account-relationship data, and as a data processor for the personal information your end users transmit through the Service on your behalf. Our processor obligations are governed by our Data Processing Addendum.
2. The personal information we collect
Information you give us
When you create an account, register a brand or campaign, port a number, or contact us, we collect identifiers (name, email, business address, billing details), authentication material (passwords are hashed using a memory-hard KDF), tax and regulatory IDs where required, and the content of your communications with us. Carrier and brand registration may require additional information mandated by the FCC, CTIA, TCR, CRTC, Ofcom, or carrier policy.
Information we collect when you use the Service
We collect data necessary to deliver, secure, and audit the Service. This includes: account and session identifiers, scoped session tokens, the OAS DID for each subject, tenant and project identifiers, IP addresses and user-agent strings, device and browser telemetry, API request metadata, and the contents of usage events written to the audit ledger (operator, scope, route, disposition, duration, trace IDs).
Communications content
When you use the Service to place calls or send messages, the underlying communications necessarily flow through Dials. We process the calling and called numbers, signaling metadata, message content (where the recipient's carrier requires it for delivery), recordings you elect to capture, transcripts and intent classifications you elect to produce, and any related media. We do not use the content of your communications to train Dials' machine-learning models or for any purpose unrelated to providing the Service.
Information from third parties
We may receive personal information from carriers (call-detail records, delivery receipts, port responses), identity providers (when your administrators enable SSO), payment processors, and from public databases used for E911 address validation, DNC verification, and STIR/SHAKEN attestation.
Cookies and similar technologies
Our website and dashboard use cookies and local storage to maintain sessions, remember preferences, and measure how well we serve our pages. We do not place advertising or cross-site tracking cookies. See our Cookie Policy for the categories, purposes, and opt-out controls.
3. How we use personal information
We process personal information to:
- provide, operate, secure, and support the Service;
- authenticate users, agents, and operators, and to enforce scope and policy;
- route, sign, deliver, record, and bill for calls and messages you originate;
- generate the audit ledger, which is essential to the Service and to your compliance with telecom and consumer-protection laws;
- communicate with you about the Service, including service notices, security alerts, and changes to terms;
- detect, investigate, and prevent fraud, abuse, and security incidents;
- comply with our legal obligations under telecom, tax, and data-protection law; and
- improve the Service, where doing so does not require using the content of your communications.
4. Lawful bases (EU/UK)
Where the EU or UK GDPR applies, we rely on the following lawful bases: performance of a contract with you (Art. 6(1)(b)); compliance with a legal obligation, including telecom and consumer-protection law (Art. 6(1)(c)); our legitimate interests in providing, securing, and improving the Service, balanced against your rights and freedoms (Art. 6(1)(f)); and, where applicable, your consent (Art. 6(1)(a)). Special-category data is processed only where you provide explicit consent or where another Art. 9 condition applies.
6. International transfers
Dials maintains regional infrastructure in the United States, Canada, and the European Union. Where personal information moves between regions, we rely on the European Commission's Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum. Customers may elect a specific data-residency region in their tenant configuration; we will not store production recordings or audit-ledger entries outside the elected region.
7. Retention
We retain personal information only as long as necessary for the purposes set out in this policy or as required by law. Default retention windows are described in your tenant settings and in the DPA. Audit-ledger entries are retained for the duration of your account and for as long as we are required to retain them to comply with telecom recordkeeping obligations; you may export them on request.
8. Security
We use commercially reasonable administrative, technical, and physical safeguards to protect personal information, including AES-256-GCM encryption at rest, TLS 1.3 in transit, SRTP for real-time media, hardware-isolated key management, scoped session tokens, fail-closed authorization, continuous vulnerability monitoring, and 24/7 incident response. No service is perfectly secure; we describe our security posture in the Trust Center.
9. Your rights
Depending on your location and the role we play with respect to your data, you may have the right to access, correct, port, restrict the processing of, object to the processing of, or delete your personal information; to withdraw consent where we rely on it; and to lodge a complaint with a supervisory authority. To exercise these rights, write to privacy@dials.com. We respond within thirty (30) days, or sooner where required by law. If you ask us to delete information we hold as a processor, we will forward your request to the relevant Dials customer and assist them in responding.
California residents are also entitled to the rights described in the California Consumer Privacy Act, as amended by the California Privacy Rights Act. We do not "sell" or "share" personal information as those terms are defined in those statutes.
10. Children
The Service is intended for use by businesses and is not directed to children under sixteen. We do not knowingly collect personal information from children under sixteen. If you believe a child has provided us with personal information, write to privacy@dials.com and we will delete it.
11. Automated processing and agents
The Service is designed to be operated by humans and by autonomous agents under their authority. Where an autonomous agent processes personal information on the Service, the person or organization who deployed and scoped that agent remains responsible for compliance with applicable law, including Art. 22 of the EU GDPR where it applies. Our Agent Conduct Addendum describes the additional obligations that apply when agents operate Dials seats.
12. Changes
We update this policy when we change the Service, the law changes, or we receive feedback. Material changes are announced through the dashboard and by email to account owners at least thirty (30) days before they take effect, except where a shorter timeline is required by law.
13. Contact
Privacy questions: privacy@dials.com. Postal mail: Dials, c/o L1fe AI, Inc., 8 The Green, Suite 4000, Dover, DE 19901, USA. EU and UK representatives, where required, are designated in our DPA.
Questions about this document? Write to legal@dials.com. For data subject requests, see our privacy rights workflow.