Privacy Policy — Wolfpack AI

01 Overview

This Privacy Policy describes how Wolfpack AI, a sole proprietorship operated by Wolfgang Meyer ("Wolfpack AI," "we," "us," or "our"), collects, uses, protects, and handles information in connection with our AI-powered phone agent services.

We are a B2B service provider. The data we handle is primarily business data belonging to our clients — not personal consumer data. When you engage us to run AI calling campaigns or handle inbound calls, we act as a data processor on your behalf for call content, and as a data controller for our own business records.

This policy applies to our website, service portal, client communications, and the data generated through our AI calling services. It does not govern the privacy practices of our clients, who are separately responsible for their own compliance with applicable privacy laws regarding their customers.

02 What We Collect

We collect the minimum information necessary to deliver and improve our services. Here's exactly what that includes:

Category	What It Includes	Why We Need It
Business Information	Company name, address, industry, website, business description, target audience	To configure and train your AI agent accurately
Contact Information	Name, email address, phone number of account holder and authorized contacts	To communicate with you about your service, send reports, and handle support
Call Recordings	Audio recordings of calls placed or received by your AI agent	Quality assurance, performance review, and agent optimization
Call Transcripts	Text transcriptions of AI agent calls	Reporting, optimization, and review of call outcomes
Payment Information	Billing name, address, and payment method (processed via Stripe)	To collect subscription and setup fees
Service Configuration	Scripts, call flows, logic rules, and instructions you provide	To build and operate your AI agent
Usage & Performance Data	Call volumes, outcomes, connection rates, and other operational metrics	To generate performance reports and improve service quality
Communications	Emails, messages, and notes exchanged between you and our team	Account management and support documentation

ℹ️ Note on payment data: We do not store full credit card numbers, CVV codes, or bank account details on our systems. All payment processing is handled by Stripe, which maintains PCI DSS Level 1 compliance. We retain only the last four digits of a card and Stripe's tokenized identifiers for billing reference.

03 What We Don't Collect

✅ We are deliberately narrow in our data collection. This section is as important as what we do collect.

We Do NOT Collect	Status
Personal consumer data about your customers (beyond what appears in call recordings you authorize)	Not Collected
Protected health information (PHI) without a signed Business Associate Agreement (BAA)	Not Without BAA
Sensitive financial records (account numbers, SSNs, tax records)	Not Collected
Social Security numbers or government-issued ID numbers	Not Collected
Biometric data	Not Collected
Precise geolocation data	Not Collected
Third-party advertising cookies or tracking pixels on our service portal	Not Used
Data sold, rented, or traded to third parties for marketing	Never

If your AI calling script is designed to handle sensitive data (such as in a healthcare or financial services context), please contact us before deployment so we can implement appropriate safeguards and agreements.

04 How We Use Your Information

We use the data we collect for the following purposes — and only these purposes:

Providing and operating the service: Configuring, launching, and maintaining your AI phone agents. Call recordings and transcripts are used to verify agent performance and troubleshoot issues.
Reporting: Generating call summaries, outcome reports, and analytics dashboards that we share with you about your campaigns.
Agent improvement: Reviewing call transcripts and recordings to identify patterns, refine scripts, and improve how your agent handles conversations. This analysis is done in service of your account — we do not train shared AI models on your proprietary call data without your explicit written consent.
Billing and account management: Processing payments, sending invoices, managing subscriptions, and maintaining accurate billing records.
Communication: Responding to your inquiries, providing service updates, notifying you of renewal dates, and sharing relevant performance insights.
Legal and compliance: Maintaining records as required by law, responding to valid legal process, and enforcing our Terms of Service.

We do not use your data for advertising, behavioral profiling, or any purpose unrelated to the services you've engaged us for.

05 Third-Party Services

We work with a small number of carefully selected technology partners to deliver our service. Below is a transparent breakdown of who they are and what data they handle:

Partner	Role	Data Shared	Sells Data?
Bland AI	AI voice call processing — powers the voice AI that makes and receives calls	Call scripts, audio streams, call recordings, transcripts	No
Stripe	Payment processing	Billing name, address, payment method	No
Google	Lead sourcing and research for outbound campaign list building (when applicable)	Business name and industry (used to conduct searches)	No

🤝 Our standard for partners: We only work with subprocessors who maintain appropriate data security standards and do not sell, share, or monetize your data for their own purposes. We review our subprocessors periodically and will notify you of any material changes.

Legal disclosures. We may disclose information when required by law, court order, or valid legal process. Where permitted, we will notify you before complying. We will always challenge requests we believe to be overbroad or unlawful.

Business transfers. If Wolfpack AI is ever acquired, merged, or transferred to another entity, we will notify clients at least 30 days in advance, and the acquiring party will be required to honor this Privacy Policy or give you the option to cancel without penalty.

06 How We Protect Your Data

We take security seriously. These are not buzzwords — they are actual practices we have in place:

Control	Implementation
Encryption at Rest	AES-256 encryption for stored call recordings, transcripts, and sensitive account data
Encryption in Transit	TLS 1.2+ for all data transmitted between our systems, our partners, and your browser
Access Controls	Role-based access; only personnel who need data to perform their function can access it
Authentication	Strong password requirements and multi-factor authentication on internal systems
Vendor Security	We evaluate the security posture of all subprocessors before engagement
Incident Response	We maintain procedures to detect, contain, and notify affected clients of data security incidents in accordance with applicable law

⚠️ No system is 100% secure. While we implement strong protections, we cannot guarantee absolute security of data transmitted over the internet. If you believe your account has been compromised, contact us immediately at privacy@wolfpackai.com.

07 Data Retention

We keep data only as long as necessary for the purpose it was collected, legal compliance, or dispute resolution. Our retention schedule:

Data Type	Retention Period	Reason
Call Transcripts	90 days from call date	Sufficient for reporting, QA, and optimization cycles
Call Recordings (audio)	90 days from call date	Performance review and quality assurance
Billing & Payment Records	7 years from transaction date	Tax compliance and financial recordkeeping requirements
Account & Contact Information	Duration of subscription + 12 months	Service continuity, dispute resolution, and re-engagement
Service Configuration (scripts, flows)	Duration of subscription + 90 days	Transition support and potential re-activation
Support Communications	3 years from last interaction	Account history and dispute resolution

After applicable retention periods, data is securely deleted or anonymized. You may request earlier deletion in accordance with Section 9 (Your Rights), subject to our legal retention obligations.

08 HIPAA & Healthcare Clients

🏥 We support healthcare businesses. However, HIPAA compliance requires a signed Business Associate Agreement (BAA) before any protected health information (PHI) may be handled.

If you are a HIPAA-covered entity or a business associate operating in the healthcare space, you may use our services in compliance with HIPAA, provided that:

You have entered into a signed Business Associate Agreement (BAA) with Wolfpack AI before any call involving PHI is placed or received
Your call scripts and AI agent instructions are designed in accordance with the HIPAA Minimum Necessary standard
You have obtained all required patient authorizations for AI-assisted calls involving PHI
You notify us promptly of any suspected breach involving PHI so we can coordinate our incident response obligations under HIPAA

We do not accept PHI without a BAA in place. If you believe PHI was inadvertently transmitted through our service without a BAA, contact us immediately at privacy@wolfpackai.com.

To request a BAA or discuss HIPAA-compliant configurations, contact us at the email above. We review BAA requests within 3 business days.

09 Your Rights

We believe in genuine data rights, not checkbox compliance. Here's what you can ask us to do — and we'll actually do it:

Right to Access: You can request a summary of what data we hold about your account and business. We'll provide it within 10 business days.
Right to Export: You can request a copy of your data in a machine-readable format (JSON or CSV, as applicable). Transcripts, call logs, and account configuration data are available on request.
Right to Correction: If any account information we hold is inaccurate or outdated, you can ask us to correct it at any time. Just email us with the specifics.
Right to Deletion: You can request deletion of your data. We'll honor the request for all data not subject to legal retention requirements (billing records, for example, must be kept for tax compliance). We'll tell you clearly which records we cannot delete and why.
Right to Restrict Processing: You can ask us to limit how we use your data while a dispute or concern is being resolved.
Right to Object: If you believe we are processing your data in a way that is inconsistent with this policy or applicable law, you have the right to object. We will investigate and respond.

To exercise any of these rights, email privacy@wolfpackai.com with the subject line "Data Rights Request" and a description of what you'd like. We will acknowledge your request within 3 business days and complete it within 30 days (with notification if additional time is needed).

We will never penalize you for exercising your privacy rights.

10 California Residents — CCPA

If you are a California resident doing business with us, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights:

Right to Know. You have the right to know what categories of personal information we collect, the purposes for which we collect it, and whether we disclose it to third parties.
Right to Delete. You have the right to request deletion of your personal information, subject to certain legal exceptions.
Right to Opt-Out of Sale. We do not sell personal information. This right is technically satisfied, but it's a genuine practice, not a technicality.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights.
Right to Correct. You have the right to request correction of inaccurate personal information we hold about you.
Right to Limit Sensitive Data Use. To the extent we process sensitive personal information as defined by the CPRA, you have the right to limit its use to purposes necessary to provide the service.

Categories of personal information we collect (per CCPA categories): Identifiers (name, email, phone), commercial information (transaction records), and professional information (business details). We do not collect sensitive personal information as defined by the CPRA in our standard course of business.

To submit a CCPA request: Email privacy@wolfpackai.com with "CCPA Request" in the subject line. We will respond within 45 days (with up to a 45-day extension if needed, with notice).

11 Children's Privacy

Our services are designed for and marketed exclusively to businesses. We do not knowingly collect personal information from individuals under 18 years of age. Our service agreements require clients to be of legal contracting age. If you believe a minor has inadvertently provided us with personal information, please contact us immediately and we will delete it promptly.

12 Changes to This Policy

If we make material changes to this Privacy Policy — such as adding new data collection categories, new third-party sharing, or changes that affect your rights — we will notify you by email at least 14 days before the changes take effect.

Minor clarifications, formatting changes, or corrections that do not affect your rights may be made without prior notice. The "Last updated" date at the top of this page always reflects the current version.

We will not retroactively apply a changed policy to data already collected in a way that materially reduces your rights without your explicit consent.

13 Contact Us

Privacy questions, rights requests, BAA inquiries, and data concerns all go to the same place — us, directly. There's no ticket queue or bot in front of this inbox.

Business: Wolfpack AI (sole proprietorship, Wolfgang Meyer)
Privacy & Data Requests: privacy@wolfpackai.com
Subject Lines That Help: "Data Rights Request" · "CCPA Request" · "BAA Request" · "Security Concern" · "Privacy Question"
Response Commitment: We acknowledge all privacy-related emails within 3 business days. We'll tell you if we need more time.

💬 Straight talk: This policy was written to actually explain what we do — not to obscure it. If something is unclear, or if you think we've missed something important, email us. We take privacy seriously and we're open to feedback.