Privacy Policy

Version 1.0 · Effective June 23, 2026

AMDY LLC, a New Mexico, USA limited liability company (“AMDY”, “we”), operates an answering-machine-detection service for outbound call centers. This Privacy Policy explains what data we handle, how we use it, who we share it with, how long we keep it, and the rights you have. Contact: [email protected].

What we collect

  • Account data: name, work email, billing details, and the IP addresses of the servers you connect.
  • Detection telemetry: call timestamps, the classification result (human, voicemail, FAS, honeypot, etc.), the server, carrier, and country/area code, and optionally the caller and called numbers.
  • Operational logs: API requests, dashboard usage, and error reports.
  • Cookies & analytics: with your consent, analytics and retargeting cookies to understand site usage and measure marketing. You can decline via the cookie banner.

What we do NOT collect or do

  • Call audio is processed in flight to produce a classification and is not retained by default.
  • We do not sell your data, we do not “share” it for cross-context behavioral advertising beyond the retargeting cookies you can opt out of, and we do not share detection telemetry between customer accounts.

How we use data

  • To provide the Service: classify calls and return results to your dialer.
  • To run your account: billing, usage metering, quota alerts, and support.
  • To secure and improve the Service: detect abuse, debug, and measure quality in aggregate.
  • To communicate: transactional email (receipts, alerts) and, with consent, product updates.

We do not use your call content or detection telemetry to train models that are exposed to, or shared with, other customers.

Legal bases (GDPR / UK GDPR)

Where applicable we rely on: performance of a contract (providing the Service), legitimate interests (security, fraud prevention, service improvement), consent (analytics/marketing cookies and marketing email), and legal obligation (tax/accounting). You may withdraw consent at any time.

Controller / processor & data processing

For the personal data in the calls you place (such as phone numbers), you are the controller and AMDY is your processor. AMDY processes that data only on your documented instructions, keeps it confidential, applies reasonable security, uses sub-processors only with equivalent obligations, assists you with data-subject requests and breach notification, and returns or deletes it on termination. For the CCPA/CPRA AMDY acts as your service provider and will not retain, use, sell, or share that data for any purpose other than performing the Service. You are responsible for the lawful basis and any consent for the calls you place and for honoring opt-outs and Do-Not-Call obligations.

Retention

  • Call audio: not retained by default.
  • Detection telemetry: retained up to about 12 months, then deleted or irreversibly aggregated.
  • Operational logs: retained up to about 30 days.
  • Account & billing records: kept for the life of the account and as long as required by law (e.g. tax records up to 7 years).

Once data is irreversibly aggregated or de-identified it is no longer personal data. You can request deletion at any time.

Sharing & sub-processors

We share data only with service providers acting on our behalf under equivalent obligations:

  • PayPal — payments
  • Resend and mail.3ava.com — transactional and marketing email
  • Google OAuth — sign-in
  • Hosting and infrastructure providers that run the Service

We may also disclose data if required by law or to protect our rights, users, or the public.

International transfers

We may process data in the United States and other countries. Where required for transfers out of the EEA, UK, or Switzerland, we use appropriate safeguards — the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, and the Swiss addendum, with a transfer impact assessment. Email [email protected] to request a copy of the relevant mechanism.

Cookies

We use strictly-necessary cookies (sign-in, security) that do not require consent, and — only with your consent — analytics and retargeting cookies. You can accept or decline non-essential cookies via the cookie banner, change your choice at any time, and we honor Global Privacy Control (GPC) signals as an opt-out of “sale”/“share”.

Automated processing

The Service classifies call audio automatically (human vs. machine). The classification is probabilistic, is used by you to route your own calls, and does not by itself make a legally or similarly significant decision about the person called. Any notices required for automated decision-making about the called party are your responsibility as the controller.

Your California privacy rights (CCPA / CPRA)

If you are a California resident, you have the right to know, access, delete, and correct your personal information, and to opt out of its “sale” or “sharing”. The categories of personal information we may collect are identifiers (name, email, IP), commercial information (billing), internet activity (dashboard usage, analytics cookies), and the call metadata we process on your behalf. We do not sell your personal information. To the extent retargeting cookies are a “share”, you may opt out via the cookie banner or a GPC signal, or by emailing [email protected]. We will not discriminate against you for exercising these rights and will respond within the time required by law (generally 45 days).

Security

We use access controls, encryption in transit, and credential/API-key protections. No system is perfectly secure; keep your credentials and API keys confidential and notify us of any suspected compromise. If AMDY becomes aware of a personal-data breach affecting data we process on your behalf, we will notify you without undue delay and, where feasible, within 72 hours of confirmation, with the information you reasonably need for your own notification obligations.

Your rights

Depending on your location you may have rights to access, correct, export, or delete your data, and to object to or restrict certain processing. Email [email protected] and we will respond within the time required by applicable law.

Children

The Service is for businesses and is not directed to children; we do not knowingly collect data from children.

Changes & contact

We may update this policy; material changes take effect when posted with an updated version and effective date. Contact [email protected].