Privacy Policy

Your data, handled with care.

This policy explains what OyeHello collects, why, how we protect it, and the choices you have. Written plainly, no legalese wall.

Last updated: June 1, 2026Effective: June 1, 2026
The short version

We collect what we need to run your voice agents and nothing we don't. We never sell your data or use your call content to train models for other customers. You can export or delete your data at any time. Call recordings and transcripts belong to you.

1. Who we are

OyeHello is an AI voice agent platform operated by Hotreloads Digital ("OyeHello", "we", "us", "our"). We help businesses run human-sounding calls for sales, support, and operations in 10+ languages. This Privacy Policy explains how we handle personal data across our website, dashboard, APIs, and the calls our platform places and receives.

For most personal data that flows through the platform, we act as a processor (or "Data Fiduciary’s service provider") on behalf of the business customer that uses OyeHello. That customer decides who to call and why, and instructs us through their use of the product. For our own website visitors, account holders, and billing records, we act as the controller (Data Fiduciary) and this policy governs directly.

  • Operating entity. Hotreloads Digital, Bengaluru, India.
  • Products covered. oyehello.ai, the OyeHello dashboard, agent APIs, and telephony connected to your account.
  • Contact. support@hotreloads.com for any privacy matter; grievance officer details are in section 15.

2. Scope & the roles we play

This policy applies to three groups of people: (a) our customers and their authorised users who sign in to OyeHello; (b) visitors to our website; and (c) the individuals your agents call or who call your agents ("contacts" or "end callers").

  • As a controller. Account registration, billing, website analytics, marketing, and support are handled by us as the controller.
  • As a processor. Contact lists, call audio, transcripts, and outcomes tied to a customer’s campaigns are processed on that customer’s instructions under a Data Processing Agreement.
  • Your responsibility as a customer. If you use OyeHello to call people, you are responsible for having a lawful basis and any required consent to contact them, and for honouring do-not-call and opt-out registers.

3. Information we collect

We collect information you provide, information generated when the platform runs, and information sent automatically by your device. We aim to collect only what is needed for the purposes below.

  • Account & profile data. Name, work email, phone number, company name, role, password credentials, and team membership.
  • Billing & payment data. Wallet balance, transaction history, GST/tax identifiers, invoices, and payment tokens. Card details are handled by our payment processor; we do not store full card numbers.
  • KYB / verification data. Business registration, authorised-signatory details, and documents you submit for number provisioning and regulatory verification.
  • Contact & campaign data. The phone numbers, names, variables, scripts, and lists you upload or sync to run campaigns.
  • Call content. Call audio, recordings, transcripts, detected intents, sentiment, disposition/outcomes, timestamps, caller and called numbers, and call duration.
  • Usage, log & device data. IP address, browser and device type, pages viewed, feature usage, API request metadata, and diagnostic logs.
  • Cookies & similar tech. Identifiers set in your browser to keep you signed in and to measure product and website usage (see section 12).

4. How we collect it

We collect personal data directly from you when you sign up, configure agents, upload lists, or contact support. We generate data automatically as the platform runs calls and as you use the dashboard.

We may also receive limited data from third parties acting on your instruction, such as a CRM or helpdesk you connect, a telephony carrier that completes a call, or a payment processor that confirms a transaction.

5. Why we process it (legal bases)

Where the law requires a lawful basis (for example under the EU/UK GDPR and India’s Digital Personal Data Protection Act, 2023), we rely on one of the following for each purpose.

  • Contract. To provide the service you signed up for: running agents, metering usage, and giving you dashboards and reports.
  • Legitimate interests. To secure the platform, prevent fraud and abuse, and improve reliability, balanced against your rights.
  • Consent. For optional marketing communications and certain cookies. You can withdraw consent at any time.
  • Legal obligation. To keep tax, accounting, and telecom-compliance records the law requires us to retain.

6. How we use information

We use personal data to deliver the service, keep it safe, meet our obligations, and, with your consent, tell you about relevant updates.

  • Run your agents. Place and receive calls, transcribe and analyse them, route conversations, and report outcomes.
  • Billing & wallet. Meter minutes and numbers, charge your wallet, issue invoices, and detect billing fraud.
  • Support & security. Diagnose issues, respond to your requests, monitor for abuse, and enforce calling compliance.
  • Improve reliability. Analyse aggregate, de-identified usage to improve accuracy and uptime. We do not use one customer’s call content to train models that serve other customers.
  • Communicate. Send service notices you can’t opt out of (security, billing, legal) and, with consent, product news you can unsubscribe from anytime.

7. Call recordings, transcripts & AI

Recordings and transcripts generated by your agents belong to you, the customer. We store them so you can review outcomes and improve your scripts, and we encrypt them in transit and at rest.

Our agents use speech recognition, language models, and text-to-speech to hold conversations. These run to deliver your calls. We do not sell call content, and we do not use it to train foundation models for third parties.

Recording laws vary by region. Where disclosure or consent is required, configure your agents to announce that the call is recorded and to capture consent at the start of the call. You are responsible for meeting the recording rules that apply to the people you call.

8. Calling compliance & opt-outs

The platform includes controls to help you call responsibly: calling-window limits, do-not-call / DND and NCPR screening where applicable, frequency caps, and consent capture. You are responsible for turning these on and honouring the results.

When a contact asks not to be called again, our agents capture that opt-out and we suppress the number on future campaigns for your account. Opt-out and consent signals are retained as a record that the request was honoured.

9. When we share information

We do not sell personal data and we do not share it for cross-context behavioural advertising. We disclose it only in these cases, under contract and appropriate safeguards.

  • Sub-processors. Cloud hosting, telephony carriers, speech/AI providers, email delivery, and analytics that operate the service on our behalf.
  • Payment & tax providers. Processors that take payments and help us meet invoicing and tax duties.
  • At your direction. Integrations, webhooks, and exports you connect to your own systems such as a CRM or helpdesk.
  • Corporate events. A merger, acquisition, or financing, where data may transfer subject to this policy and applicable law.
  • Legal & safety. When required by valid legal process, or to protect the rights, property, and safety of OyeHello, our customers, and the public.

We keep a current list of sub-processors and bind each one to confidentiality and data-protection terms. Customers can request the sub-processor list from support@hotreloads.com.

10. International transfers & residency

We aim to store your data in-region so it stays where your rules require. Where data must move across borders (for example to a sub-processor in another country), we use recognised safeguards such as standard contractual clauses or an adequacy finding, and we transfer only what the service needs.

If you have a specific data-residency requirement, contact us before you onboard and we’ll confirm what we can support for your account.

11. Data retention

We keep personal data only as long as needed for the purpose it was collected, then delete or anonymise it. Typical periods are below; you can shorten call-data retention in your settings, and legal holds may extend a period where the law requires.

Account & profile
For the life of your account, then deleted or anonymised within 90 days of closure.
Call recordings & transcripts
Per the retention window you set (default 12 months); exportable and deletable at any time.
Contact lists & campaigns
Until you delete them or close the workspace.
Billing & tax records
Up to 8 years, as required by tax and accounting law.
Opt-out / consent records
Retained as long as needed to prove the request was honoured.
Security & audit logs
Typically 12 to 24 months.

12. How we protect data

We encrypt data in transit and at rest, restrict access on a least-privilege basis, log meaningful actions, and isolate each workspace so one customer’s data never mixes with another’s. Access to production is limited, reviewed, and monitored.

No system is perfectly secure, but we work to reduce risk and to respond quickly if something goes wrong. If a breach affects your personal data, we’ll notify you and the relevant authorities as the law requires. See our Security page for the full set of practices.

13. Cookies & website tracking

On our website and dashboard we use cookies and similar technologies to keep you signed in, remember preferences, secure the service, and understand usage.

  • Essential. Required to sign in, keep sessions secure, and load the app. These can’t be switched off.
  • Analytics. Help us see which features and pages are used so we can improve them.
  • Preference. Remember choices like language and layout.

You can control non-essential cookies through your browser settings or our cookie controls. Blocking some cookies may affect how parts of the site work.

14. Your rights & how to exercise them

Subject to local law, you have rights over your personal data. We honour these for every customer, regardless of where you live.

  • Access & portability. Get a copy of your account data, contacts, transcripts, and call records in a usable format.
  • Correction. Fix inaccurate account details yourself in settings, or ask us to correct them.
  • Deletion. Ask us to delete a contact, a record, or your entire workspace, subject to legal retention.
  • Restriction & objection. Ask us to pause certain processing or object to processing based on legitimate interests.
  • Withdraw consent. Unsubscribe from marketing or turn off optional cookies at any time.
  • Nominate & complain. Where the DPDP Act applies, nominate someone to act for you, and lodge a complaint with us or a regulator.

To exercise a right, email support@hotreloads.com from the address on your account. We’ll verify your identity and respond within the timeframe the law requires, usually within 30 days. If you’re an end caller, contact the business that called you first; we’ll help them fulfil your request.

15. Grievance officer & complaints

If you have a concern about how we handle your personal data, contact our grievance officer. We take complaints seriously and will work to resolve them promptly.

  • Grievance Officer. Data Protection Team, Hotreloads Digital, Bengaluru, India.
  • Email. support@hotreloads.com (mark it "Grievance").

You also have the right to complain to your local data-protection authority, including the Data Protection Board of India where the DPDP Act applies.

16. Children’s data

OyeHello is a business product and is not directed to children. We do not knowingly collect personal data from anyone under the age at which parental consent is required under applicable law. If you believe a child’s data has reached us, contact us and we’ll remove it.

17. Third-party links & services

Our site and product may link to third-party websites and let you connect third-party services. We are not responsible for their privacy practices. Review their policies before you share data with them.

18. Changes to this policy

We may update this policy as the product, our practices, or the law evolves. When we make material changes we’ll update the "Last updated" date above and, where appropriate, notify you by email or in-product. Continued use after an update means you accept the revised policy. Prior versions are available on request.

Contact our privacy team

For any request about your data, an access or deletion request, or a question about this policy, reach us and we'll respond promptly.

Email support@hotreloads.comSee our security practices