Privacy Policy

    Last updated July 2026

    This Privacy Policy explains how Symphia LLC (“Symphia,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with our websites, platform, APIs, embeddable widgets, voice and telephony services, and related products (the “Service”). We built Symphia to be private and secure by default: tenant data is isolated, secrets are scoped, and we do not sell personal information. Please read this policy together with our Terms of Service.

    1. Scope and who this applies to

    This policy applies to three groups: (a) visitors to our marketing websites; (b) customers and their authorized users who administer a Workspace; and (c) end users who interact with a customer’s AI agent through chat, voice, or telephony.

    It does not cover the privacy practices of our customers or of third-party sites and services that we link to or integrate with, which are governed by their own policies.

    2. Our role: controller and processor

    For our websites, our own account and business records, and information about visitors and customer administrators, Symphia acts as a controller.

    When we process end-user conversations and other Customer Data on behalf of a customer to operate their agent, we act as a processor (or “service provider”), and the customer is the controller responsible for that data and for providing required notices and obtaining any necessary consents. If you are an end user, please direct privacy requests about your interactions to the business whose agent you used; we will support that business in responding.

    3. Information we collect

    Information you provide. Account details such as name, email, company, and role; billing and payment information (processed by our payment processor); support requests; and content you submit, including your agent’s knowledge, instructions, tools, and configuration.

    Conversation and usage data. Messages, transcripts, and (where enabled) call audio and recordings processed by an agent; the actions an agent takes; feedback such as thumbs up/down; and analytics about how the Service is used.

    Technical data. IP address, device and browser type, identifiers, log data, and cookies and similar technologies used to operate, secure, and measure the Service (see our Cookie Policy).

    Information from third parties. Data from integrations you connect (for example, calendars, telephony, or systems your agent uses), and from providers that help us with authentication, security, and analytics.

    4. How we use information

    We use information to:

    • provide, operate, and secure the Service and your Workspace, and power your agent’s responses, tools, and insights;
    • authenticate users, prevent fraud and abuse, and enforce our Terms and acceptable-use rules;
    • process payments and manage Credits and billing;
    • provide support and communicate with you about the Service, including service and security notices;
    • monitor, troubleshoot, analyze, and improve the Service and develop new features; and
    • comply with legal obligations and protect the rights, safety, and property of Symphia, our customers, and others.

    5. AI processing and model training

    Your agent’s responses are generated using machine-learning models, including models from third-party providers. Conversation content is processed to produce responses, take actions, and generate the analytics shown in your console.

    We do not sell personal information, and we do not use your end users’ conversation content to train shared or foundation models. We may use aggregated and de-identified data (that does not identify you, your end users, or any individual) to operate, evaluate, and improve the Service. Our model providers are contractually restricted from using data we send them via the Service to train their general models.

    6. Legal bases for processing (EEA/UK)

    Where the GDPR or UK GDPR applies and we act as a controller, we process personal data on the following legal bases: performance of a contract with you; our legitimate interests in operating, securing, and improving the Service (balanced against your rights); compliance with legal obligations; and, where required, your consent (which you may withdraw at any time). Where we act as a processor, we process personal data under our agreement with the relevant customer.

    7. How we share information

    We share information only as needed to run the Service:

    • Subprocessors and service providers — such as cloud hosting and infrastructure, AI model providers, telephony and messaging carriers, payment processors, email delivery, and analytics — each bound by contractual data-protection obligations to process data only on our instructions. A current list of subprocessors is available on request.
    • Within your organization — with users and administrators of your Workspace, according to the roles and permissions you configure.
    • Legal and safety — where required by law, legal process, or to protect rights, safety, and the integrity of the Service.
    • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

    We do not sell personal information and do not share it for cross-context behavioral advertising.

    8. Tenant isolation and security

    Each Workspace’s data is logically isolated, and access is scoped per tenant so that one customer’s data and secrets are not exposed to other tenants or to less-privileged sessions. We protect data with encryption in transit, access controls, audit logging, secret scoping, and content moderation, and we restrict internal access to those who need it. No method of transmission or storage is perfectly secure, but we work continuously to protect data and to respond to and disclose incidents responsibly and as required by law.

    9. International data transfers

    We may process and store information in the United States and other countries where we or our subprocessors operate. Where we transfer personal data internationally, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), or other lawful transfer mechanisms.

    10. Data retention

    We retain personal data for as long as your account is active or as needed to provide the Service, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Customer Data processed on a customer’s behalf is retained according to that customer’s configuration and instructions. When data is no longer needed, we delete or de-identify it in the ordinary course, subject to legal retention requirements.

    11. Your privacy rights

    Depending on where you live, you may have rights to access, correct, delete, or receive a portable copy of your personal data; to object to or restrict certain processing; and to withdraw consent. If you are in California, you may have rights under the CCPA/CPRA, including the right to know, delete, and correct personal information, and to opt out of sale or sharing — note that we do not sell or share personal information as those terms are defined. We will not discriminate against you for exercising your rights.

    To exercise rights with respect to data for which we are the controller, contact us at support@symphia.ai. If your request concerns your interactions with a customer’s agent, please contact that business (we act as their processor and will assist them). We may need to verify your identity before acting on a request.

    12. Cookies and analytics

    We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand usage. You can control cookies through your browser and, where offered, our cookie controls. For details, see our Cookie Policy.

    13. Children’s privacy

    The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

    14. Third-party links and services

    The Service and our websites may link to or integrate with third-party sites and services that we do not control. This policy does not apply to those third parties, and we encourage you to review their privacy practices.

    15. Changes to this policy

    We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by email or in-product) and update the “Last updated” date above. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

    16. How to contact us

    For questions about this policy or our privacy practices, or to exercise your rights, contact us at support@symphia.ai. For a data processing agreement or a list of subprocessors, contact support@symphia.ai.