Privacy Policy
Effective Date: May 16, 2026 · Last Updated: June 2, 2026
Who We Are
OpenLines ("we," "us," or "our") is operated by Lucas Navallo, a sole proprietor based in Canby, Oregon, USA. We provide an AI-powered voice agent service that answers inbound phone calls for small businesses (after-hours, overflow, or primary line answering).
Our website is getopenlines.com. We do not sell products, collect payment information on the site, or use cookies, analytics, or tracking technologies.
Information We Collect
We collect very little personal information because our service is designed with privacy in mind.
During Calls (Real-Time Processing Only):
- Audio of the call is processed in real time by our AI voice agent (powered by xAI Grok Voice).
- We do not save copies of call audio on our servers. Audio passes through our infrastructure to xAI for real-time processing and is not stored on the OpenLines side. Audio is, however, subject to xAI's standard API retention (currently up to 30 days; see xAI's privacy policy).
- A running text transcript of the conversation is held in our worker process memory during the call to generate the post-call summary. The transcript is not persisted to disk on our servers. xAI may retain transcripts as part of the audio retention described above.
After Each Call:
- We send a brief text summary email to the business owner (e.g., "Caller asked about store hours and pricing; agent provided information; no follow-up requested").
- The summary may include the caller's phone number and any name or callback number the caller voluntarily provides.
Call Metadata We Store:
- Duration of the call (in seconds)
- Timestamp
- Reason the call ended
- Business ID (to route the summary correctly)
- Number of transcript lines (we do not store the transcript itself)
Website Visitors:
- We collect nothing. Our public site uses no cookies, no analytics, no tracking pixels, and no third-party scripts.
When You Contact Us:
- If you email us or use a contact form, we collect your email address and the content of your message.
How We Use Your Information
We use the information we collect only to:
- Provide the voice agent service to our business clients
- Send call summary emails to the correct business owner
- Improve the quality and reliability of the service
- Respond to support requests
We do not use call data to train AI models, create profiles, or for marketing purposes.
How We Share Your Information (Subprocessors)
We share limited information only with the following trusted service providers, all based in the United States:
| Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | Telephone network connectivity | Caller phone number |
| LiveKit Cloud | Real-time audio routing | Audio stream (real-time only) |
| xAI | Grok Voice realtime + summarization | Audio stream + temporary transcript |
| SendGrid | Delivery of summary emails | Summary content + recipient email |
| Cloudflare | DNS and email forwarding | Email addresses (support@ / lucas@) |
| DigitalOcean | Server hosting | Call metadata (no audio or transcripts) |
We require all subprocessors to protect your information and only use it for the purposes we specify. We do not sell personal information.
Data Retention
- Audio: Not saved on the OpenLines side. xAI may retain audio per their standard API privacy policy (currently up to 30 days; see xAI's privacy policy).
- Transcripts: Held only in the worker process memory during the call. Not persisted to disk on our servers. xAI may retain transcripts as part of the audio retention described above.
- Call metadata (duration, timestamp, end reason, business ID, summary email content): Retained on our servers indefinitely as part of usage and billing records. We do not currently run an automated deletion sweep. If you want metadata associated with a specific call removed, email privacy@getopenlines.com and we will delete it manually within 30 days.
- Worker logs (on our server): Rotated automatically every 7 days.
- Summary emails: Sent to the business owner and retained on their email server. We do not keep server-side copies after delivery.
- Website contact emails: Retained as long as needed for ongoing support; deletion request honored within 30 days of email to privacy@getopenlines.com.
Your Privacy Rights
Depending on where you live, you may have the following rights:
- Right to Know what personal information we have about you
- Right to Delete personal information we hold about you
- Right to Correct inaccurate information
- Right to Opt-Out of any sale of personal information (we do not sell data)
- Right to Non-Discrimination for exercising your privacy rights
To exercise these rights, email us at privacy@getopenlines.com. Requests are handled manually by the operator. We will acknowledge within 10 business days and complete the request within 45 days, as required by California law.
California-Specific Rights (CCPA/CPRA)
Even though we are a small business, we designed this policy to be compatible with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) because callers from California may call our clients' numbers.
California residents have additional rights, including:
- The right to know what personal information we collect and how it is used
- The right to request deletion of personal information
- The right to opt out of the sale or sharing of personal information (we do not sell or share data for cross-context behavioral advertising)
- The right to limit the use of sensitive personal information (we do not collect sensitive data)
AI and Automated Processing Disclosure
Our service uses artificial intelligence (Grok Voice realtime and Grok-4.3) to:
- Understand spoken conversations in real time
- Generate natural voice responses
- Create short text summaries of calls
Important facts:
- We do not make automated decisions that have legal or similarly significant effects on individuals (e.g., denying credit, employment, or housing).
- Audio is processed in real time. We do not save audio on our servers. xAI may retain audio per their standard API terms (up to 30 days currently); see the Data Retention section above for details.
- Per xAI's standard API terms, your audio is not used to train xAI's models.
- The AI does not have access to any personal information beyond what is spoken during that specific call.
- Summaries are reviewed only by the business owner who subscribed to the service.
The agent identifies itself at the start of every call as the business's "after-hours assistant" (or similar wording set during intake). If a caller asks directly whether they're talking to a real person or an AI, the agent is instructed to be honest and explain it's a voice agent that takes messages. The agent never claims to be human.
Security
We use reasonable technical and organizational measures to protect the limited data we process, including encryption in transit, access controls, and regular security reviews. However, no system is 100% secure.
Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Material changes will be posted prominently on our website.
Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:
Lucas Navallo
OpenLines
Canby, Oregon, USA
privacy@getopenlines.com
Effective Date and Legal Disclaimer
This Privacy Policy is effective as of May 16, 2026.
This document is provided for informational purposes only and does not constitute legal advice. Privacy laws are complex and change frequently. The laws that apply to your specific situation may differ depending on where your clients and callers are located. We strongly recommend that you consult with a qualified attorney licensed in your jurisdiction before relying on this policy or publishing it on your website.
Questions you should ask a real attorney when reviewing this policy:
- Given that callers from any state (including California) can call our clients' numbers, what are my actual CCPA/CPRA obligations as a very small sole proprietor, and do I need to file any notices or assessments?
- Does real-time AI voice processing (with no audio storage) trigger any specific disclosure or consent requirements under current or upcoming state AI laws (such as California's companion chatbot or transparency rules)?
- What are my obligations under CPNI or other telecom regulations when using Twilio for inbound calls, and how should I disclose data sharing with Twilio and xAI?
- Are there any additional state laws (beyond CCPA) that I should voluntarily comply with for credibility as I expand to clients in other states?
- Once I form an LLC, what changes (if any) should I make to this policy or my data processing practices?
Thank you for trusting OpenLines with your business communications.