Privacy Policy

Servon Technologies ("Servon", "we", "us", or "our") operates a Voice AI SaaS platform that provides AI-powered phone receptionists to small businesses ("Business Customers" or "Tenants"). When a customer calls a business using our platform, our AI agent handles that conversation on behalf of the business. This Privacy Policy explains how we collect, use, disclose, and protect information about: • Business Customers — the small businesses and their staff who subscribe to Servon • End Users (Callers) — the individuals who call businesses that use Servon This policy complies with the California Consumer Privacy Act (CCPA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and the Telephone Consumer Protection Act (TCPA). Last updated: June 3, 2026

FROM BUSINESS CUSTOMERS (TENANTS) • Account information: business name, address, phone number, email address • Payment information: processed via Stripe — Servon does not store card numbers • Integration credentials: Google Calendar and Square OAuth tokens (encrypted) • Agent configuration: custom prompts, business hours, service menus, knowledge base documents • Usage data: call analytics, conversation logs, booking records FROM END USERS (CALLERS) • Voice audio: processed in real-time via Deepgram Voice Agent API. Not stored permanently unless call recording is enabled by the Tenant. • Phone number: collected via Twilio caller ID • Appointment details: name, email, requested service, date, and time — collected during the voice conversation when booking • Call transcripts: generated and stored for quality purposes, retained for 90 days AUTOMATICALLY COLLECTED • Device and browser information when accessing the dashboard • IP addresses and access logs

We use the information we collect to: • Operate the Servon platform and provide AI receptionist services • Process and confirm appointments on behalf of Business Customers • Send post-call SMS confirmations and appointment reminders via Twilio • Improve AI conversation quality and accuracy • Provide customer support and resolve technical issues • Send billing and account-related communications • Comply with legal obligations We do not sell personal information to third parties. We do not use caller data for advertising purposes.

We share data with the following trusted service providers to operate our platform: • Deepgram (deepgram.com) — Processes voice audio in real-time for speech-to-text, AI reasoning, and text-to-speech. Voice data is transmitted to Deepgram's API per their privacy policy. • Twilio (twilio.com) — Handles phone call infrastructure, SMS delivery, and call recordings. Caller phone numbers and call audio are processed through Twilio. • OpenAI (openai.com) — Processes text for knowledge base search (embeddings) and prompt generation. We use text-embedding-3-small and GPT-4o-mini models. • Google (google.com) — Provides Google Calendar integration for appointment syncing when enabled by the Tenant. OAuth tokens are stored encrypted. • Square (squareup.com) — Provides booking and payment integration when enabled by the Tenant. OAuth tokens are stored encrypted. • Stripe (stripe.com) — Processes subscription payments. Stripe handles all card data directly; Servon stores only subscription status. • Amazon Web Services (aws.amazon.com) — Provides cloud infrastructure and database hosting. Data is stored in encrypted PostgreSQL databases. All sub-processors are contractually obligated to protect your data and use it only to provide services to Servon.

CALL RECORDING DISCLOSURE When call recording is enabled, our AI agent announces at the beginning of every call: "This call may be recorded for quality purposes." This disclosure covers two-party consent requirements in California, Florida, Illinois, Washington, Connecticut, Michigan, Maryland, Massachusetts, New Hampshire, Oregon, and Pennsylvania. Business Customers are responsible for ensuring their use of call recording complies with applicable laws in their jurisdiction. VOICE DATA PROCESSING Voice audio is transmitted in real-time to Deepgram's API for processing. Deepgram performs speech recognition, AI reasoning, and voice synthesis. Audio is not permanently stored by Servon unless recording is explicitly enabled. Call transcripts derived from voice processing are retained for 90 days. TCPA COMPLIANCE Servon provides inbound call handling tools. Business Customers are prohibited from using Servon for unsolicited outbound calls or for calling numbers registered on the National Do Not Call Registry.

• Call transcripts: 90 days from date of call • Call recordings (if enabled): 30 days from date of recording • Booking and appointment data: 2 years from booking date • Customer contact records (name, phone, email): 2 years from last interaction • Account data (Business Customer): retained until deletion is requested • Payment records: 7 years as required by financial regulations • System logs: 30 days To request deletion of your data, contact us at support@servon.io.

CALIFORNIA RESIDENTS (CCPA) You have the right to: • Know what personal information we have collected about you • Request deletion of your personal information • Opt out of the sale of personal information (note: Servon does not sell personal information) • Non-discrimination for exercising your privacy rights To exercise these rights, email support@servon.io with "CCPA Request" in the subject line. CANADIAN RESIDENTS (PIPEDA) You have the right to: • Access the personal information we hold about you • Request correction of inaccurate information • Withdraw consent to collection and use (subject to legal and contractual restrictions) • File a complaint with the Office of the Privacy Commissioner of Canada To exercise these rights, email support@servon.io with "PIPEDA Request" in the subject line. BUSINESS CUSTOMERS Business Customers may access, export, or delete their account data and associated call records through the Servon dashboard or by contacting support@servon.io.

Servon does not knowingly collect personal information from individuals under 13 years of age. Our platform is designed for business use. If you believe we have inadvertently collected information from a minor, please contact support@servon.io immediately.

We use cookies and similar technologies on our website (servon.io) and dashboard for: • Authentication: keeping you logged in to your account • Analytics: understanding how our website is used (aggregate, anonymised data) • Preferences: remembering your dashboard settings We do not use cookies for advertising or tracking across third-party sites. You can control cookie settings through your browser preferences.

We implement industry-standard security measures including: • Encryption in transit: TLS 1.2+ for all data transmission • Encryption at rest: AES-256 for database storage • Access controls: JWT-based authentication, role-based access, tenant data isolation • Infrastructure: hosted on AWS with security best practices While we take reasonable steps to protect your information, no system is completely secure. We encourage Business Customers to use strong passwords and enable two-factor authentication.

We may update this Privacy Policy from time to time. When we make material changes, we will notify Business Customers by email and update the "Last updated" date at the top of this page. Your continued use of Servon after changes become effective constitutes acceptance of the revised policy.

For privacy-related questions, requests, or concerns: Email: support@servon.io Business: Servon Technologies Address: E/1401, Sun Southwinds, Bopal, Ahmedabad, Gujarat 380058, India For general support: support@servon.io For legal matters: support@servon.io