AI INBOUND AGENTS TERMS OF SERVICE

Last updated: February 25, 2026

These AI Inbound Agents Terms of Service ("Terms") govern Customer's use of smrtPhone's AI Inbound Agents service ("AI Inbound Agents" or "Service"). In the event of any conflict, these Terms shall control solely with respect to Customer's use of the AI Inbound Agents Service.

1.  Scope and Applicability

1.1  Covered Parties

This Notice governs the collection and processing of information in connection with AI Services across the following categories of parties, each as defined below:

(a) “Customers” shall mean any business entity or individual that has executed a subscription agreement with smrtPhone and has enabled one or more AI features or AI Agent deployments thereunder, including through the smrtPhone AI Marketplace. Pursuant to smrtPhone’s Terms and Conditions, all Customers are required to be eighteen (18) years of age or older and to possess full legal capacity to enter into binding contractual obligations.

(b) “End Users” shall mean any employee, independent contractor, or duly authorized representative of a Customer who accesses or operates smrtPhone’s AI Services on the Customer’s behalf under the Customer’s account.

(c) “Callers” shall mean any individual who initiates or receives a telephone call that is handled, in whole or in part, by an AI Agent operating on a smrtPhone number.

smrtPhone provides telecommunications platform infrastructure and AI tooling to Customers on a business-to-business basis. smrtPhone does not direct, control, or assume legal responsibility for the manner in which Customers independently utilize the platform in connection with their own business operations, clients, or contacts. Each Customer bears sole and exclusive responsibility for its own compliance with all applicable federal, state, and local laws and regulations governing its use of the platform and its independent relationships with third parties, including, without limitation, any obligations arising under applicable telecommunications, privacy, and consumer protection laws.

1.2  AI Marketplace

smrtPhone operates an AI Agent Marketplace (the “Marketplace”) within the smrtPhone platform through which Customers may subscribe to and activate AI Agents for use within their smrtPhone environment. Marketplace offerings are made available on a subscription and usage basis, as described in the applicable order form and/or in-product purchase flow.

All AI Agents available in the Marketplace are developed, maintained, and provided directly by smrtPhone. smrtPhone does not permit third-party publishers or external developers to offer AI Agents through the Marketplace at this time.

Marketplace offerings may include standard AI Agents as well as Branded Agents. Branded Agents are developed and owned by smrtPhone based on business information, scripts, and/or knowledge-base inputs provided by an authorized implementation partner and/or the Customer. Branded Agents remain smrtPhone AI Agents and are deployed and operated within the applicable Customer’s smrtPhone environment.

Subject to applicable platform permissions, Customers may configure certain Agent parameters, including: Agent name; voice profile; operating language (currently English and Spanish); business identity; Conversation Introduction; and Conversation Closure.

All Marketplace transactions and AI Agent deployments are governed by this Notice, smrtPhone’s Terms and Conditions, and the AI Inbound Agents Terms of Service, as applicable.

Notwithstanding any configuration flexibility afforded to Customers, certain platform-level controls – including, without limitation, the mandatory AI and recording disclosure described in Section 8.1 of this Notice – remain exclusively within smrtPhone’s operational control and may not be altered, suppressed, or circumvented by any Customer configuration.

Each Customer represents and warrants that its use of the Marketplace and any AI Agent deployment complies in all material respects with applicable law.

1.3  Relationship to Other Governing Documents

This Notice shall be read in conjunction with the following documents, each of which is incorporated herein by reference to the extent applicable to a given Customer’s engagement with smrtPhone:

  • smrtPhone Terms and Conditions (available at smrtphone.io/terms-and-conditions/);
  • AI Inbound Agents Terms of Service (available at smrtphone.io/ai-terms-of-service/);
  • smrtPhone Acceptable Use Policy (available at smrtphone.io/acceptableusepolicy/);
  • smrtPhone Data Incident and Breach Notification Policy (available upon written request to compliance@smrtphone.io).

 

2.  Information We Collect

In connection with the provision of AI Services, smrtPhone collects and processes the following categories of information:

2.1  Audio Data

Voice audio captured from inbound and outbound telephone calls handled or assisted by AI features, including calls processed through AI Agents deployed via the Marketplace. Audio data is processed for the purposes of transcription, real-time AI Agent interaction, and quality assurance, and is not used to construct biometric profiles of any kind.

2.2  Transcript and AI-Generated Content

Machine-generated transcriptions of call audio, together with AI-derived content including, without limitation, call summaries, sentiment classifications, intent categorizations, and AI Agent conversational responses generated during the course of a call.

2.3  Call Metadata

Operational data associated with each call, including originating and terminating telephone numbers, call timestamps, call duration, geographic routing data, and call disposition records. Call metadata may constitute Customer Proprietary Network Information (CPNI) as defined under applicable FCC regulations and is handled in accordance with Section 10 of this Notice.

2.4  Customer Configuration Data

Customer-defined platform settings and AI Agent configuration parameters, including Agent name, voice profile selection, language settings, business identity specifications, Conversation Introduction scripts, Conversation Closure scripts, instructional prompts, and knowledge base content uploaded by the Customer for purposes of configuring AI Agent behavior.

2.5  Limitations on Collection

smrtPhone does not collect, derive, or store biometric identifiers – including voiceprints or faceprints – from audio processed through AI Services, and does not create biometric profiles of any individual. Audio is processed solely for transcription and real-time conversational purposes as described in this Notice.

 

3.  Purposes and Legal Bases for Processing

3.1  Operational Purposes

smrtPhone processes AI Services data for the following operational purposes, each of which is necessary for the performance of the services contracted by the Customer:

  • Real-time call management. Enabling AI Agents to conduct and manage inbound telephone conversations on behalf of Customers in real time, including interpreting Caller intent and generating contextually appropriate responses.
  • Transcription and summarization. Generating written transcriptions of call audio and producing AI-derived summaries for Customer review and operational recordkeeping.
  • Call recording. Recording AI Agent calls and making such recordings available to the applicable Customer through the smrtPhone platform, subject to the mandatory disclosure requirements set forth in Section 8. Recording is a platform-level control for AI Agent calls and is always enabled.
  • Analytics and performance reporting. Generating aggregated analytics, usage statistics, and performance metrics for Customer accounts to support operational oversight and platform quality assurance.
  • Quality review. Reviewing AI Agent performance using call data, transcripts, and system logs for the purpose of evaluating and improving the accuracy and reliability of AI Services.
  • Security and fraud prevention. Processing data as necessary to detect, investigate, and prevent fraudulent activity, unauthorized access, and violations of smrtPhone’s Terms and Conditions.
  • Legal compliance. Processing data as required to fulfill smrtPhone’s obligations under applicable federal and state law, including obligations arising under the Communications Act, FCC regulations, and applicable state telecommunications statutes.

3.2  Service Improvement

smrtPhone may utilize aggregated, de-identified data derived from AI Services for the purpose of improving, developing, and enhancing its AI Services offerings. Such use is strictly limited to data that has been rendered non-identifiable through appropriate technical and organizational measures. smrtPhone does not use personally identifiable call content – including recordings, transcripts, or Caller information – to train general-purpose artificial intelligence models.

3.3  Prohibited Uses

Notwithstanding any other provision of this Notice, smrtPhone expressly represents that it does not engage in the following activities with respect to AI Services data:

  • Targeted advertising directed to Callers based on the content of their calls or any derived profile;
  • Sale, lease, or transfer of call recordings, transcripts, or AI-generated outputs to any third party for commercial purposes;
  • Automated profiling of Callers for purposes of making, or facilitating, decisions that produce legal or similarly significant effects upon individuals;
  • Use of identifiable Caller data for the training of general-purpose AI or machine learning models.

3.4  Human Handoff

Any Caller may request transfer to a live human representative at any time during an AI Agent call. If the Customer has configured and enabled a transfer destination within its smrtPhone account, the AI Agent shall endeavor to transfer the call to such destination. If no transfer destination has been configured, the AI Agent will inform the Caller that live transfer is unavailable; provided, however, that in elevated-risk scenarios (e.g., requests for urgent help), smrtPhone will automatically initiate safeguards-based escalation to human review or intervention, where feasible, even absent Customer configuration. AI Agents do not place emergency calls (including 911) on a Caller’s behalf.

 

4.  Third-Party Service Providers and Sub-Processors

In order to deliver AI Services at the quality and scale required by its Customer base, smrtPhone engages certain third-party technology vendors and sub-processors. The categories of sub-processors engaged by smrtPhone in connection with AI Services include, without limitation: cloud infrastructure and hosting providers; artificial intelligence speech-to-text and natural language processing vendors; and call analytics and data processing platforms. The identities of individual sub-processors are not publicly disclosed.

AI Services data is processed and stored in the United States. smrtPhone contractually requires its

sub-processors to process AI Services data only for the purpose of providing services to smrtPhone and, where applicable, to maintain the data within the United States.

All sub-processors engaged by smrtPhone in connection with AI Services are bound by contractual obligations requiring, at minimum, the following:

  • Processing of Customer data exclusively for the purpose of providing the contracted service to smrtPhone, and for no independent commercial purpose;
  • A strict prohibition on using Customer call content – including recordings, transcripts, or any derivative thereof – for the training or improvement of general-purpose artificial intelligence or machine learning models;
  • Maintenance of administrative, technical, and organizational security measures consistent with applicable industry standards and no less protective than those maintained by smrtPhone;
  • Compliance with all applicable United States federal and state privacy, security, and telecommunications laws and regulations.

Customers or other interested parties may submit a written request to compliance@smrtphone.io to obtain additional information regarding smrtPhone’s sub-processor engagement practices, subject to smrtPhone’s confidentiality obligations and legitimate proprietary interests.

 

5.  Disclosure of AI Services Data

5.1  Disclosure to Customers

Call recordings, transcripts, AI-generated summaries, and other AI-derived outputs generated in connection with a Customer’s AI Agent deployment are made available to that Customer – and to that Customer only – through the smrtPhone platform, in real time or near real time, as technically feasible. smrtPhone does not share a Customer’s call data with any other Customer or with any unaffiliated third party, except as expressly provided in this Section 5.

Because Marketplace AI Agents are developed and provided directly by smrtPhone, smrtPhone does not disclose call recordings, transcripts, or Caller-identifiable information to third-party AI Agent publishers or external developers.

5.2  Disclosure to Authorized Implementation Partners

  • Scope of Disclosure

In connection with smrtPhone’s Branded Agent program, smrtPhone may collaborate with certain authorized implementation partners that provide business information and implementation support to Customers. Where applicable, smrtPhone may use partner-provided information to develop and configure Branded Agents offered through the Marketplace. Branded Agents remain owned and operated by smrtPhone.

In this context, certain aggregated performance analytics and, where a Customer has expressly authorized such disclosure, call-specific data may be shared with an authorized implementation partner, subject to the following conditions:

  • Aggregated performance analytics (e.g., call volume summaries, AI Agent response metrics) may be shared with authorized implementation partners in the ordinary course of the Branded Agent program;
  • Call-specific data – including individual call recordings, transcripts, or Caller-identifiable information – shall be disclosed to an implementation partner only where the applicable Customer has provided express, documented authorization for such disclosure.

5.2.2  Contractual Restrictions on Implementation Partners

All authorized implementation partners are subject to binding contractual restrictions that prohibit, without limitation: the sale or transfer of shared data for marketing or data brokerage purposes; the use of shared data for the training of artificial intelligence models; and any use of shared data beyond the scope of the authorized business purpose. Implementation partners are required to maintain data security standards consistent with applicable law and with smrtPhone’s own security practices.

5.2.3  De-Identified and Aggregated Insights

smrtPhone may generate and disclose to implementation partners aggregated, de-identified insights derived from AI Services data. Such insights are produced through technical and organizational measures designed to prevent the identification of any individual Caller, Customer, or End User, and do not constitute the disclosure of personal information.

5.3  Disclosures Required by Law

smrtPhone may disclose AI Services data to governmental authorities, law enforcement agencies, regulatory bodies, or courts of competent jurisdiction to the extent required by applicable law, lawful legal process, or court order, including, without limitation, obligations arising under the Communications Act of 1934, as amended, FCC regulations, and applicable state telecommunications statutes. To the extent permitted by law, smrtPhone will endeavor to provide the affected Customer with reasonable prior notice of any such compelled disclosure.

 

6.  Data Retention

6.1  AI Services Data

smrtPhone retains call recordings, transcripts, and AI-generated content for the period reasonably necessary to fulfill the purposes described in this Notice and to provide AI Services to the applicable Customer. Upon the termination or expiration of a Customer’s account, all AI Services data attributable to that Customer shall be deleted or rendered irretrievably inaccessible within ninety (90) calendar days of the effective date of termination, unless a longer retention period is required by applicable law, regulation, regulatory guidance, or a legal hold issued in connection with active or reasonably anticipated litigation or regulatory proceeding.

6.2  Call Detail Records and Metadata

Call detail records (CDRs) and associated call metadata may be retained for periods exceeding those applicable to AI Services data, as required for billing, dispute resolution, regulatory compliance, and audit purposes under applicable federal and state telecommunications regulations. Aggregated, de-identified analytics data derived from AI Services may be retained indefinitely for product development and internal reporting purposes.

6.3  CPNI Retention

To the extent that AI Services generate or process Customer Proprietary Network Information (CPNI) as defined under 47 U.S.C. § 222 and 47 C.F.R. Part 64, such data shall be retained in compliance with applicable FCC retention requirements. Records pertaining to CPNI security incidents, breach notifications, and related compliance activities shall be maintained for a minimum of two (2) years, as required by 47 C.F.R. § 64.2011(c), and shall be made available to the FCC upon lawful request.

6.4  Legal Holds

In the event that smrtPhone receives or issues a legal hold notice in connection with actual or anticipated litigation, regulatory inquiry, or governmental investigation, smrtPhone shall suspend the scheduled deletion of any data subject to such hold for the duration of the hold period, notwithstanding the retention periods set forth in this Section 6.

7.  Information Security

smrtPhone has implemented and maintains a comprehensive program of administrative, technical, and organizational security measures designed to protect AI Services data against unauthorized access, acquisition, disclosure, alteration, destruction, or other unauthorized processing. Such measures include, without limitation: encryption of data in transit using industry-standard protocols; encryption of data at rest; role-based access controls limiting data access to personnel with a legitimate operational need; and periodic security assessments and audits of smrtPhone’s systems and processes.

No method of electronic data transmission or storage can be guaranteed to be fully secure against all foreseeable threats. While smrtPhone employs commercially reasonable security measures, smrtPhone cannot warrant or guarantee the absolute security of AI Services data. In the event of a confirmed security incident affecting AI Services data, smrtPhone shall respond in accordance with its Data Incident and Breach Notification Policy and in compliance with all applicable federal and state breach notification requirements, including the FCC’s CPNI breach notification framework set forth in 47 C.F.R. § 64.2011.

 

8.  Caller Disclosure, Consent, and Rights

8.1  Mandatory Platform-Level Disclosure (AI Agent Calls Only)

Irrespective of any Customer configuration, smrtPhone’s platform automatically prepends a mandatory audio disclosure to every AI Agent call prior to the commencement of any Customer-configured Conversation Introduction. This disclosure is a non-negotiable, platform-level control that cannot be disabled, modified, suppressed, or circumvented by any Customer or End User. The mandatory disclosure informs the Caller that the call is being recorded for quality control and compliance purposes and that AI tools are in use.

This mandatory disclosure applies to AI Agent calls only. smrtPhone’s non-AI call functionality is governed by smrtPhone’s main Privacy Policy and other applicable terms, and Customers remain independently responsible for any disclosures and consents required for non-AI calls under applicable law.

The Agent name within the disclosure is dynamically populated with the name configured by the Customer for that AI Agent; all remaining disclosure language is fixed and exclusively controlled by smrtPhone.

Standard Mandatory Disclosure (System-Generated, Non-Modifiable)

“Hey, this is [Agent Name]. Before we start, I just want to let you know that this call is being recorded for quality control and compliance purposes and that we use AI tools to run and record the calls.”

This disclosure plays automatically at the commencement of every AI Agent call and is immediately followed by the Customer’s configured Conversation Introduction, if any.

8.2  Customer Disclosure and Consent Obligations

While smrtPhone’s mandatory platform disclosure satisfies certain baseline notice requirements, Customers bear independent legal obligations with respect to disclosure and consent that vary significantly by jurisdiction and industry. Each Customer is solely responsible for ensuring that its AI Agent deployment complies with all applicable disclosure and consent requirements beyond those provided by smrtPhone’s standard platform disclosure. Such Customer obligations include, without limitation, the

following:

  • Obtaining any consent required under applicable state all-party recording consent laws beyond what smrtPhone’s standard platform disclosure provides. The following states are commonly identified as imposing an all-party (sometimes referred to as two-party) consent requirement under which the consent of all parties to a telephone conversation must be obtained prior to recording: California, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan (in certain circumstances), Montana, New Hampshire, Pennsylvania, and Washington. Customers are strongly advised to consult qualified legal counsel regarding their specific consent obligations in each jurisdiction in which they operate;
  • Making any additional disclosures required under applicable federal or state telemarketing, autodialer, debt collection, or other sector-specific laws and regulations;
  • Ensuring that the Customer’s configured Conversation Introduction does not misrepresent the AI nature of the Agent, contradict the mandatory recording disclosure, or otherwise create a misleading impression in the mind of the Caller;
  • Complying with the Telephone Consumer Protection Act (47 U.S.C. § 227) (“TCPA”), the FTC Telemarketing Sales Rule (16 C.F.R. Part 310), and all applicable state autodialer and telemarketing statutes with respect to any outbound calling conducted through the platform.

8.3  Implied Consent

To the extent permitted by applicable law, a Caller’s continuation of a telephone call following the delivery of smrtPhone’s mandatory platform disclosure shall constitute implied consent to the recording and AI processing of that call. Each Customer is solely responsible for independently determining whether implied consent, as described herein, is legally sufficient in each jurisdiction in which the Customer operates, and for obtaining any additional affirmative or written consent required by applicable law.

8.4  Right to Request Human Assistance

A Caller may request transfer to a live human representative at any time during an AI Agent call. If the Customer has configured and enabled a transfer destination, the AI Agent shall endeavor to effectuate such transfer. If no transfer destination is configured, the AI Agent will generally inform the Caller that live transfer is unavailable; provided, however, that smrtPhone will automatically initiate safeguards-based escalation to human review or intervention in elevated-risk scenarios, where feasible (see Section 3.4).

8.5  Do-Not-Call, Opt-Out, and Consumer Choice

Each Customer is independently responsible for honoring all applicable federal and state Do-Not-Call registrations, internal opt-out requests received from Callers, and any other consumer choice mechanisms required by applicable law, including, without limitation, the National Do Not Call Registry maintained by the Federal Trade Commission, the TCPA’s opt-out requirements, and applicable state equivalents. smrtPhone provides platform-level tools to assist Customers in maintaining and honoring opt-out lists; however, ultimate compliance responsibility with respect to do-not-call and opt-out obligations rests exclusively with the Customer.

 

9.  Accuracy and Limitations of AI Services

AI Services, including automated transcription, summarization, and conversational response generation, are subject to inherent technological limitations and may produce outputs that are inaccurate, incomplete, or contextually inappropriate. AI-generated outputs should not be relied upon as authoritative records, nor as professional advice of any kind – including, without limitation, legal, medical, financial, regulatory, or compliance advice.

Each Customer bears sole responsibility for independently reviewing, validating, and, where appropriate, disclaiming the limitations of AI-generated outputs prior to acting upon them or making them available to third parties. smrtPhone expressly disclaims any liability arising from a Customer’s or Caller’s reliance upon AI-generated outputs without independent verification.

 

10.  Customer Proprietary Network Information (CPNI)

10.1  Statutory Framework

To the extent that AI Services generate or process Customer Proprietary Network Information as defined under 47 U.S.C. § 222 and implementing regulations at 47 C.F.R. Part 64 (“CPNI”), smrtPhone handles such information in accordance with the requirements of the Communications Act of 1934, as amended, and applicable FCC rules and orders. smrtPhone’s CPNI compliance program is subject to periodic review and enhancement consistent with evolving regulatory guidance.

10.2  Permissible Uses of CPNI

Consistent with 47 C.F.R. § 64.2005, smrtPhone’s use of CPNI is limited to the following permissible purposes:

  • Providing the telecommunications and AI services from which the CPNI was derived;
  • Providing services lawfully requested by the Customer or Caller to whom the CPNI pertains, to the extent permitted by applicable law;
  • Complying with applicable legal and regulatory obligations, including responding to lawful legal process.

smrtPhone does not use CPNI for its own marketing purposes. To the extent a Customer is itself a telecommunications carrier or interconnected VoIP provider subject to FCC CPNI marketing rules, and independently elects to use CPNI in connection with marketing activities, that Customer is solely responsible for complying with all applicable FCC requirements, including 47 C.F.R. §§ 64.2007 through 64.2009.

10.3  CPNI Security Safeguards

smrtPhone maintains administrative, technical, and organizational safeguards designed to protect CPNI from unauthorized access, use, disclosure, or modification, consistent with the requirements of 47 C.F.R.

  • 64.2010. Access to CPNI is restricted to smrtPhone personnel and authorized sub-processors with a documented, legitimate business need. All such personnel and sub-processors are subject to appropriate confidentiality obligations and receive training on CPNI handling requirements.

10.4  CPNI Breach Notification Procedures

In the event of a security breach involving CPNI, smrtPhone shall comply with the mandatory notification procedures set forth in 47 C.F.R. § 64.2011, which impose the following sequential obligations:

  • Law enforcement notification (47 C.F.R. § 64.2011(a)): Within seven (7) business days of a reasonable determination that a CPNI breach has occurred, smrtPhone shall notify the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) in accordance with applicable federal law and regulatory requirements, through commercially reasonable and legally compliant means, unless smrtPhone reasonably determines that immediate customer notification is necessary to prevent imminent irreparable harm to an affected individual, in which case law enforcement shall be notified simultaneously with or immediately following such customer notification;
  • Customer notification (47 C.F.R. § 64.2011(b)): Following expiration of the mandatory law enforcement notification period, smrtPhone shall notify affected Customers of the breach as required by applicable FCC rules, and shall cooperate with Customers in providing any downstream notifications required by applicable state breach notification laws;
  • Breach log maintenance (47 C.F.R. § 64.2011(c)): smrtPhone maintains a contemporaneous, confidential record of all discovered CPNI security breaches for a minimum period of two (2) years, available for inspection by the FCC upon lawful request.

CPNI breach response is further governed by smrtPhone’s Data Incident and Breach Notification Policy, incorporated into this Notice by reference. Customers with questions regarding CPNI incident response may contact compliance@smrtphone.io.

 

11.  Children’s Privacy

The AI Services are designed and intended exclusively for use by business subscribers and are not directed to, marketed toward, or designed for use by children or minors. Pursuant to smrtPhone’s Terms and Conditions, all Customers are required to be eighteen (18) years of age or older and to possess the legal capacity to enter into binding contractual obligations. smrtPhone does not knowingly collect, use, or disclose personal information from individuals under the age of thirteen (13) in connection with the AI Services.

As a provider of telecommunications infrastructure to business Customers, smrtPhone does not exercise control over, and assumes no responsibility for, the identity or characteristics of individuals who interact with a Customer’s AI Agent deployment in the course of that Customer’s independent business operations. Accordingly, each Customer is solely responsible for ensuring that its configuration and deployment of AI Agents complies in all respects with applicable federal and state children’s privacy laws – including, without limitation, the Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501 et seq.) (“COPPA”) and any applicable state equivalents – with respect to its own clients, contacts, and end users.

In the event that smrtPhone receives credible information indicating that personal information from an individual under the age of thirteen (13) has been collected through the AI Services, smrtPhone shall undertake prompt remedial measures, which may include, without limitation, the deletion of the relevant data. To report a potential children’s privacy concern, please contact compliance@smrtphone.io.

 

12.  United States State Privacy Rights

Depending upon their state of residence or the location in which they received services, Customers, End Users, and Callers may have rights under applicable state privacy legislation with respect to personal information processed by smrtPhone in connection with AI Services. Such rights may include, subject to applicable statutory exemptions and limitations: the right to access personal information held by smrtPhone; the right to request correction of inaccurate personal information; the right to request deletion of personal information; the right to obtain a portable copy of personal information; and the right to opt out of certain categories of processing.

12.1  Processing Practices

smrtPhone does not use AI Services data for targeted advertising directed to individuals. smrtPhone does not engage in the sale of personal information as defined under applicable state privacy laws. smrtPhone does not subject Callers to solely automated decision-making processes that produce legal or similarly significant effects upon individuals.

12.2  Automated Decision-Making Disclosure

smrtPhone’s AI Services do not make final, autonomous determinations that produce legal or similarly significant effects on individual Callers. AI-generated outputs are made available to Customers as informational tools only, and any consequential decisions based upon such outputs are made by the applicable Customer, not by smrtPhone. Customers who utilize AI-generated outputs as a component of their own consequential decision-making processes are independently responsible for complying with all applicable state laws governing automated decision-making, including, where applicable, the Colorado AI Act (effective June 30, 2026, as amended) and analogous legislation in other jurisdictions.

12.3  Exercising State Privacy Rights

Individuals seeking to exercise applicable state privacy rights with respect to AI Services data may do so by submitting a written request as described in Section 13 of this Notice. Appeals of any determination made by smrtPhone in response to a privacy rights request may be directed in writing to compliance@smrtphone.io.

 

13.  Exercise of Privacy Rights

13.1  Callers

Callers seeking to exercise privacy rights with respect to information processed by smrtPhone in connection with a specific AI Agent call are directed, in the first instance, to contact the business whose AI Agent handled the call, as that business (i.e., the smrtPhone Customer) is the primary data controller with respect to its own call operations. In the event that a Caller is unable to obtain a satisfactory response from the applicable Customer, or where smrtPhone has an independent legal obligation to respond, Callers may submit a written request to compliance@smrtphone.io.

13.2  Customers and End Users

Customers and End Users seeking to exercise privacy rights with respect to their own account data or personal information held by smrtPhone may do so through their account settings within the smrtPhone platform or by submitting a written request to compliance@smrtphone.io.

13.3  Verification and Response Procedures

Upon receipt of a privacy rights request, smrtPhone shall undertake reasonable steps to verify the identity of the requesting party and, where applicable, the Customer account associated with the relevant data. smrtPhone will respond to verifiable requests within the timeframes prescribed by applicable law and, where no specific statutory deadline applies, within thirty (30) calendar days of receipt. smrtPhone may extend this response period by an additional thirty (30) days upon written notice to the requestor where the complexity or volume of requests so requires.

 

14.  Amendments to This Notice

smrtPhone reserves the right to amend, update, or revise this Notice at any time, in its sole discretion, to reflect changes in its data processing practices, the AI Services offered, applicable law, or regulatory guidance. In the event of any material amendment to this Notice, smrtPhone shall provide affected Customers with notice through an in-platform notification or banner displayed within the smrtPhone platform. The amended Notice shall take effect upon posting unless a later effective date is specified therein. A Customer’s continued use of AI Services following the effective date of any amendment shall constitute that Customer’s acceptance of the revised Notice. smrtPhone encourages Customers to review this Notice periodically to remain informed of current data processing practices.

 

15.  Contact Information

All privacy and data protection inquiries, requests, and concerns relating to AI Services should be directed to the email address: compliance@smrtphone.io.

This Notice is provided for informational and compliance purposes and does not constitute legal advice. Nothing in this Notice shall be construed as creating any rights in third parties or as modifying any Customer’s obligations under the smrtPhone Terms and Conditions or any other applicable agreement. smrtPhone reserves all rights not expressly granted herein.