Privacy Policy
Last updated: July 2026
1. Controller
mysoftwarelab GmbH
Am See 22, 67547 Worms, Germany
Managing Director: Andreas Indorf
Phone: +49 (0) 6241 984 300 0
Email: info@anicall.io
Privacy contact: datenschutz@mysoftwarelab.com
2. Data Collected and Purpose
- Registration: name, email address, encrypted password β legal basis: Art. 6(1)(b) GDPR
- Voice Agent Usage: call transcripts, voice data, call duration, phone numbers
- AI Processing: voice data is transmitted to Groq Inc. (LLM, USA) and ElevenLabs Inc. (TTS, USA); no sharing with third parties for advertising purposes
- Telephony: Twilio Inc. (USA) processes call data and, where applicable, recordings
- Server Logs: IP addresses, timestamps, URLs β deleted after 30 days
3. Data Storage
Data is stored on EU servers (Neon Database, EU region) and transmitted encrypted via TLS/HTTPS.
4. Transfer to Third Parties
To provide our services, we use the following service providers:
| Provider | Purpose | Location |
|---|---|---|
| Groq Inc. | LLM language processing | USA |
| ElevenLabs Inc. | Text-to-Speech | USA |
| Twilio Inc. | Telephony & voice recordings | USA |
| Stripe Inc. | Payment processing | USA |
| Vercel Inc. | Frontend hosting | USA |
| Railway Corp. | Backend hosting | USA |
| Neon Inc. | Database | EU |
| Upstash Inc. | Redis cache | EU |
| Resend Inc. | Email delivery | USA |
All transfers to the USA are based on Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR.
5. Legal Bases (Art. 6 GDPR)
- Art. 6(1)(b) β Performance of contract (account registration, service provision)
- Art. 6(1)(c) β Legal obligations (retention requirements)
- Art. 6(1)(f) β Legitimate interests (security, abuse prevention)
6. Rights of Data Subjects
Under Art. 15β22 GDPR you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
Contact: datenschutz@mysoftwarelab.com
You also have the right to lodge a complaint with a data protection supervisory authority β the authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate, Germany.
7. Cookies
We exclusively use technically necessary session cookies (Auth.js/NextAuth). No tracking or marketing cookies are used.
8. Retention Period
Personal data is deleted as soon as the processing purpose ceases and no statutory retention obligations apply. You can delete your account at any time via the settings or by email.
9. Right to Complain
You have the right to complain to a data protection authority. In Germany: the Federal Commissioner for Data Protection and Freedom of Information (BfDI), www.bfdi.bund.de.
10. Security Measures
We implement technical and organizational security measures (TLS encryption, access controls, regular security audits) to protect your data from unauthorized access.
11. Changes to This Policy
We reserve the right to adjust this privacy policy as needed. The current version is always available on this page.