Privacy Policy

This Privacy Policy describes how CalmCall SRL (hereinafter referred to as "CalmCall", "we" or "the company"), headquartered in Bucharest, Romania, collects, uses, stores and protects your personal data when you use the CalmCall.ai platform and associated services.

1. Data We Collect

We collect the following categories of personal data:

• Identification data: name, surname, email address, phone number
• Account data: encrypted password, user preferences, notification settings
• Mental health data: conversations with the AI companion, therapeutic journal entries, mood assessments, therapeutic goals
• Technical data: IP address, device type, browser, operating system, login data
• Payment data: processed exclusively through our payment provider (Stripe); we do not store bank card data
• Usage data: features accessed, usage frequency, platform interactions

2. How We Use Your Data

Your data is used exclusively for:

• Providing and improving CalmCall services
• Personalizing your experience with the AI companion
• Facilitating communication with therapists (only with your explicit consent)
• Generating progress reports for you
• Detecting crisis situations for your safety
• Processing payments and managing subscriptions
• Essential service communications (updates, security, terms changes)
• Complying with legal obligations

We do not sell, rent or share your data with third parties for marketing or advertising purposes.

3. Security

Protecting your data is our absolute priority, especially given the sensitive nature of mental health information. We implement the following measures:

• AES-256 end-to-end encryption: all conversations and sensitive data are encrypted both in transit (TLS 1.3) and at rest
• European Union servers: all data is stored on secure servers within the EU
• Restricted access: data access is strictly limited to authorized personnel on a need-to-know basis
• Two-factor authentication (2FA): available for additional account protection
• Security audits: regular assessments of infrastructure and security procedures
• Encrypted backups: daily data backups, encrypted and stored in separate locations

4. Your Rights (GDPR)

In accordance with the General Data Protection Regulation (GDPR) and applicable legislation, you have the following rights:

• Right of access: you can request a copy of all personal data we hold about you
• Right to rectification: you can correct incorrect or incomplete data
• Right to erasure ("right to be forgotten"): you can request complete deletion of all your data
• Right to data portability: you can request export of data in a structured, readable format
• Right to restriction of processing: you can request limitation of how we use your data
• Right to object: you can object to data processing in certain circumstances
• Right not to be subject to automated decision-making: including profiling with legal effects

To exercise any of these rights, contact us at privacy@calmcall.ai. We will respond within a maximum of 30 days.

5. Cookies

CalmCall uses the following types of cookies:

• Essential cookies: necessary for platform operation (authentication, session, security). Cannot be disabled.
• Functional cookies: remember your preferences (language, display settings)
• Analytics cookies: help us understand how the platform is used to improve it. Data is anonymized.

We do not use marketing or advertising cookies. You can manage cookie preferences from your browser settings or from your account settings panel.

6. Contact

For any questions or requests regarding privacy and data protection:

• Company: CalmCall SRL
• Headquarters: Bucharest, Romania
• General email: contact@calmcall.ai
• Privacy email: privacy@calmcall.ai
• DPO: dpo@calmcall.ai

If you believe your rights have been violated, you have the right to file a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) in Romania or the equivalent authority in your country of residence.