Privacy Policy
1. Who we are
Jently (“Jently”, “we”, “us”) is an AI-powered call center platform operated by TECHERO LLC, a limited liability company organized under the laws of the State of Delaware, United States, with its registered address at 1111B S Governors Ave #21885, Dover, DE 19904, USA. The platform is available at https://jently.io and lets businesses (“Customers” or “tenants”) create AI voice agents that answer and place phone calls, book appointments, answer questions from the Customer's knowledge base, and transfer calls to humans.
This Privacy Policy explains what personal data we collect, why we collect it, how we use, store and share it, and the rights you have. It applies to the jently.io website, the Jently dashboard, our APIs, and the voice agent services (together, the “Service”). This Policy is published in English and Turkish; the English version controls in case of any inconsistency.
2. Our two roles: controller and processor
Jently processes personal data in two distinct capacities:
- As a data controller (business) — for data about our Customers and their staff: account and login data, billing data, support communications, and website usage data. For this data, this Policy applies directly.
- As a data processor (service provider) — for data that passes through the Service on behalf of a Customer: the voices, phone numbers and personal details of the people who call (or are called by) a Customer's AI agent (“End Users”), appointment details, uploaded knowledge-base content, and calendar data. For this data, the Customer is the data controller; we process it only on the Customer's instructions, under our agreement (including a data processing addendum) with the Customer. End Users should direct privacy requests to the business they interacted with; we will assist that business in responding.
3. Data we collect
3.1 Account and organization data (controller)
- Name, business email address, organization name, hashed password (we never store plain-text passwords), role and permissions;
- Session data (login timestamps, session tokens), security events (failed logins, lockouts).
3.2 Billing data (controller)
- Subscription plan, invoices, usage records (call minutes, prepaid minute packs, top-ups);
- Payment card data is collected and processed directly by Stripe, our payment processor; we never see or store full card numbers. We store Stripe customer identifiers and payment status.
3.3 Platform content (processor)
- AI agent configurations, prompts, greeting texts, flows;
- Knowledge-base documents the Customer uploads (processed into searchable form);
- Custom tool and integration configurations, including third-party credentials, which are stored encrypted.
3.4 Call and voice data (processor)
- Caller/callee phone numbers, call times, durations, call status and technical telemetry;
- Live call audio (streamed for speech recognition; see AI processing);
- Call transcripts, AI-generated call notes and summaries, sentiment analysis results;
- Call recordings — only where the Customer has enabled recording and applicable consent requirements are satisfied (see Section 7). Voice recordings may qualify as sensitive or biometric information in some jurisdictions; the Customer is responsible for the required notices and consents;
- Appointment details collected during a call (e.g. name, phone number, requested date/time);
- Consent records (e.g. an End User's consent or objection captured during a call).
3.5 Google user data (processor)
See Section 5, which governs all data received via Google APIs.
3.6 Technical data (controller)
- IP address, browser and device information, request logs, approximate location derived from IP;
- Cookies and similar technologies (see Section 13).
4. How and why we use data
| Purpose | Examples | Legal basis (GDPR; equivalent bases under Turkish Law No. 6698 and other laws apply) |
|---|---|---|
| Providing the Service | Operating AI agents, connecting calls, booking appointments, syncing calendars, storing transcripts | Performance of a contract (KVKK art. 5/2-c) |
| Billing and accounting | Metering minutes, invoicing, collecting payments, tax records | Contract performance; compliance with legal obligations (KVKK art. 5/2-ç) |
| Security and abuse prevention | Authentication, rate limiting, fraud detection, audit logs | Legitimate interests (KVKK art. 5/2-f) |
| Support and communications | Responding to requests, service announcements, critical notices | Contract performance; legitimate interests |
| Service improvement | Aggregated, de-identified usage statistics and performance metrics | Legitimate interests |
| Legal compliance | Responding to lawful requests from competent authorities, retention duties | Legal obligation |
We do not sell personal data, we do not share it for cross-context behavioral advertising, and we do not use personal data for third-party advertising.
5. Google user data (Google API Services)
If a Customer connects a Google Calendar to Jently, we access Google user data through Google APIs with the Customer's explicit OAuth consent. This section applies to all data we receive from Google APIs.
5.1 What we request and why
| OAuth scope | What it allows | Why we need it |
|---|---|---|
calendar.readonly | Read-only access to calendars and events (including free/busy information) | To check the connected calendar's availability so the AI agent offers appointment slots that do not conflict with existing events |
calendar.events | View and edit calendar events | To create, update and cancel the appointment events that the AI agent books on the Customer's behalf |
5.2 How we use, store and protect it
- Calendar data is used solely to provide the appointment scheduling features described above — checking availability and managing appointment events. It is not used for any other purpose.
- OAuth access and refresh tokens are stored encrypted at rest and are never shared with third parties.
- We store only the minimum calendar-derived data needed for the feature (e.g. busy time ranges while computing availability, and identifiers of events we created).
- Google user data is never used for advertising, never sold, and never used to train artificial-intelligence or machine-learning models (including our own or third-party generalized AI models).
- Humans do not read Google user data, except (a) with the Customer's explicit permission (e.g. a support request), (b) where necessary for security or abuse investigation, or (c) where required by law.
- Google user data is transferred to others only where necessary to provide or improve the user-facing features described here, to comply with applicable law, or as part of a merger or acquisition with prior notice.
5.3 Limited Use disclosure
Jently's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5.4 Revoking access and deleting Google data
- You can disconnect Google Calendar at any time from the Jently dashboard (Settings → Integrations). Disconnecting deletes the stored OAuth tokens.
- You can also revoke Jently's access from your Google Account at myaccount.google.com/permissions.
- Upon disconnection or account deletion, we delete stored Google user data within 30 days, except where a longer retention is required by law. Appointment records created in Jently's own database (name, phone, time) are the Customer's business records and are retained per Section 11. Events already created in your Google Calendar remain in your calendar under your control.
6. AI processing (speech recognition, language models, speech synthesis)
The core of the Service is an AI voice pipeline. During a call: (a) call audio is streamed to a speech-to-text provider to produce a live transcript; (b) the transcript, together with the Customer's agent configuration and relevant knowledge-base excerpts, is sent to a large language model to generate the agent's response; (c) the response text is converted to speech by a text-to-speech provider. Transcripts may additionally be analyzed for sentiment and summarized into call notes.
- Our AI providers act as our sub-processors under commercial API agreements and process the content only to provide the service to us.
- No training: we do not use Customer or End User content to train foundation models, and we use commercial API tiers whose terms prohibit the provider from training models on that content.
- Limited provider retention: AI providers retain API inputs and outputs at most for short abuse-monitoring windows (typically up to 30 days) before deletion, and we use zero-retention configurations where the provider offers them.
- AI outputs can be inaccurate; Customers are responsible for reviewing critical information (see our Terms of Service).
7. Call recordings and consent
- Call recording is off unless the Customer enables it for specific call types. Inbound calls are not recorded by default.
- Laws on recording and on automated (AI) calls differ by country and U.S. state; they may require announcing the recording (or two-party consent), disclosing that the caller is speaking with an AI system, or obtaining prior consent. The Customer is responsible for configuring greetings/announcements and obtaining any consents required by the laws applicable to its calls; the platform provides consent-capture and announcement tools.
- Where consent is captured during a call, we store the consent record (who, when, what was consented to) so the Customer can demonstrate compliance.
8. Sharing and service providers (subprocessors)
We share personal data only with the service providers needed to run the Service, under contracts that restrict their use of the data to providing services to us. For security and confidentiality reasons we disclose our subprocessors here by category; Customers may request the current named subprocessor list (and subscribe to change notices) at [email protected] or through their data processing addendum.
| Category | Purpose |
|---|---|
| Cloud infrastructure & storage providers | Hosting the application and databases; storing call recordings and uploaded documents |
| Content delivery, DNS & security providers | CDN, DDoS protection, edge security |
| Stripe (named — payment processor) | Payment processing, invoicing |
| Google LLC (named — see Section 5) | Google Calendar API, only when connected by the Customer |
| Artificial-intelligence service providers (speech recognition, language models, speech synthesis) | Converting call audio to text, generating agent responses and knowledge-search embeddings, converting responses to speech |
| Error & performance monitoring providers | Technical error logs and diagnostics |
| Licensed telecommunications carriers | Carrying phone calls (numbers, SIP trunks) |
We may also disclose data:
- to competent authorities where required by law or a binding order;
- to professional advisers (lawyers, auditors) under confidentiality;
- in connection with a merger, acquisition or asset sale, with prior notice of any controller change;
- with your direction or consent (e.g. third-party tools the Customer connects via webhooks/integrations — data sent to a Customer-configured endpoint is governed by that third party's terms).
9. International transfers
Where data is processed depends on the component: call recordings and documents uploaded to the Service are stored in Türkiye (AWS Istanbul); the application and its databases are hosted in the European Union; our AI service providers and certain other providers process data in the United States; and TECHERO LLC itself is established in the United States. Where data protection laws restrict cross-border transfers, we rely on the safeguards those laws permit and support our Customers' own compliance:
- EU/EEA (GDPR): Standard Contractual Clauses (and UK/Swiss addenda where applicable) with our subprocessors and, on request, with Customers through our data processing addendum;
- Türkiye (KVKK art. 9): for Customers established in Türkiye, our data processing addendum supports the KVKK standard-contract mechanism for transfers to us and our subprocessors; where no other mechanism applies, transfers rely on the data subject's explicit consent obtained by the Customer;
- equivalent mechanisms under other applicable laws.
10. Security
- Encryption in transit (TLS 1.2+) for all traffic; encryption at rest for credentials, OAuth tokens and integration secrets (AES-256-GCM);
- Passwords hashed with bcrypt; account lockout after repeated failed logins; session limits;
- Strict tenant isolation — every data access is scoped to the owning organization;
- Role-based access, least-privilege internal access, audit logging, rate limiting;
- Continuous monitoring and periodic security reviews.
No system is perfectly secure. If we learn of a personal data breach likely to result in a risk to individuals, we will notify the competent authorities and affected parties as required by applicable law (including GDPR arts. 33–34, KVKK art. 12 and U.S. state breach notification laws).
11. Data retention
- Account data: for the life of the account; deleted or irreversibly anonymized within 90 days after account closure (backup copies purged within a further 35 days).
- Billing and invoice records: retained for the periods required by applicable tax and commercial law (typically 7–10 years).
- Call transcripts, notes, recordings, appointments: retained while the Customer's account is active, subject to the Customer's configuration and deletion actions; deleted with the account as above.
- Consent records: retained for as long as needed to demonstrate compliance, and for statutory limitation periods.
- Google user data: see Section 5.4.
- Technical logs: typically 90 days unless needed longer for security investigations.
12. Your privacy rights
Your rights depend on where you are and which law applies to the processing. We honor requests as required by applicable law, whether you interact with us directly or through the business whose agent you spoke with. If you are an End User of a business that uses Jently, we may refer your request to that business — the controller of your data — and will assist it in responding.
12.1 Türkiye (KVKK art. 11)
You may request to: learn whether your personal data is processed; receive information about that processing; learn its purpose and whether it is used accordingly; know the third parties to whom it is transferred in Türkiye or abroad; request correction of incomplete or inaccurate data; request deletion or destruction under KVKK art. 7; request notification of correction/deletion to recipients; object to results produced exclusively by automated analysis; and claim compensation for damage caused by unlawful processing. We respond within 30 days, free of charge. You may also complain to the Turkish Personal Data Protection Board (kvkk.gov.tr).
12.2 EU/EEA and UK (GDPR)
You have the rights of access, rectification, erasure, restriction, portability and objection, and the right to withdraw consent and to lodge a complaint with your supervisory authority. We respond within one month.
12.3 United States (state privacy laws)
Where a U.S. state privacy law applies to you, you may have rights to know/access, correct, delete, and obtain a portable copy of your personal information, and to opt out of sales, sharing for cross-context behavioral advertising, and certain profiling. We do not sell personal information and do not share it for cross-context behavioral advertising. We do not discriminate against you for exercising your rights; you may use an authorized agent where the law allows.
To exercise any of these rights, contact [email protected]. We may need to verify your identity before acting on a request.
13. Cookies
| Cookie / storage | Purpose | Type |
|---|---|---|
| Authentication session | Keeping you signed in securely | Strictly necessary |
i18n_redirected | Remembering your language preference | Preference |
| Theme preference | Remembering light/dark mode | Preference |
We do not use third-party advertising or cross-site tracking cookies. If we introduce analytics cookies in the future, we will update this Policy and, where required, ask for consent.
14. Children
The Service is a business tool and is not directed to children under 16 (or under 13 within the meaning of the U.S. COPPA). We do not knowingly collect data from children. Note that an AI agent cannot always determine a caller's age; Customers deploying agents in contexts involving minors are responsible for legal compliance.
15. Changes to this policy
We may update this Policy from time to time. For material changes we will give notice via the dashboard or email at least 15 days before the change takes effect. The “Last updated” date at the top shows the current version. Earlier versions are available on request.
16. Contact
TECHERO LLC (operating the Jently platform)
1111B S Governors Ave #21885, Dover, DE 19904, USA
Privacy requests: [email protected]
General support: [email protected]
This document is provided in English and Turkish. The English version controls in case of any inconsistency; the Turkish version is provided for convenience and to satisfy KVKK disclosure requirements toward data subjects in Türkiye.