Policies & Compliance

1. Purpose

This Data Protection Policy explains how Swiftwave FZ-LLC, operating under the brand name "CallPilot", protects and manages personal data processed through its AI-powered voice communication platform.

Swiftwave FZ-LLC is committed to complying with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and other applicable data protection regulations.

2. Scope

This policy applies to:

• Client account data
• Authorised user information
• Contact data uploaded by clients
• Technical and usage data
• Optional transcript data (where enabled by the client)

3. Data Protection Roles

Depending on the processing context:

• CallPilot acts as a Data Processor when processing data on behalf of clients.
• Swiftwave FZ-LLC acts as a Data Controller for its own operational, administrative, and compliance-related data.
• Clients are responsible for ensuring they have a lawful basis for submitting personal data to the platform.

4. Categories of Data Processed

CallPilot processes the following categories of personal data:

5. Audio Processing

CallPilot does not provide call recording functionality. Audio transmitted through the platform is processed in real time solely to enable live communication functionality.

CallPilot:

• Does not record calls
• Does not store audio files
• Does not maintain call archives

Audio data is processed transiently and is not permanently saved.

6. Transcript Handling

CallPilot does not store call transcripts by default. Clients may optionally enable temporary transcript storage for quality assurance or operational review purposes.

Where enabled:

• Transcript storage is controlled by the client
• Retention duration is configurable within the client platform
• A recommended maximum retention period of five (5) days applies
• Transcript data is automatically deleted after the configured retention period

CallPilot does not maintain permanent transcript archives.

7. Lawful Basis for Processing

Processing activities may be based on:

• Contractual necessity
• Client instruction
• Legitimate business interest
• Legal obligation
• Consent, where required

Clients are responsible for ensuring lawful authority to contact individuals.

8. Data Security Measures

CallPilot implements appropriate technical and organisational safeguards, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure cloud infrastructure
• Role-based access controls
• Restricted access to authorised personnel
• Authentication and monitoring systems

Security safeguards are reviewed periodically.

9. Data Retention

Client account data is retained for the duration of the contractual relationship and for a reasonable period thereafter as required by law or legitimate business needs.

Optional transcript data, where enabled, is retained only for the client-configured period and is automatically deleted.

CallPilot does not retain audio recordings.

10. Cross-Border Data Transfers

Where personal data is transferred outside the UAE:

• Appropriate safeguards are implemented
• Contractual protections are applied
• Secure cloud providers are used

Further information may be provided upon request.

11. Data Subject Rights

Where applicable under law, individuals may request:

• Access to their personal data
• Correction of inaccurate information
• Deletion of personal data
• Restriction of processing

Requests may be submitted to: contact@swiftwave.ai

12. Data Breach Management

In the event of a confirmed data breach:

• An investigation will be conducted promptly
• Affected clients will be notified without undue delay
• Regulatory authorities will be notified where required by law

13. Third-Party Service Providers

CallPilot may use trusted third-party providers for:

• Cloud infrastructure
• AI processing services
• Telecommunications services

All third-party providers are contractually required to maintain appropriate data protection and security standards.

14. Policy Updates

This policy may be updated periodically to reflect operational, regulatory, or legal developments. Updated versions will be published on the CallPilot website.

15. Contact Information

1. Purpose

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Swiftwave FZ-LLC ("Processor") and the Client ("Controller").

This DPA governs the processing of personal data through the CallPilot platform in accordance with applicable data protection laws, including the UAE Personal Data Protection Law (PDPL).

CallPilot is designed to support compliance with applicable data protection laws and incorporates technical and organisational safeguards aligned with internationally recognised data protection principles, including those reflected in UAE PDPL and the EU General Data Protection Regulation (GDPR).

Clients remain responsible for ensuring lawful data collection and use within their respective jurisdictions.

2. Roles of the Parties

• The Client acts as the Data Controller.
• Swiftwave FZ-LLC (CallPilot) acts as the Data Processor.
• The Client determines the purpose and means of processing.
• CallPilot processes personal data solely on documented instructions from the Client.

3. Nature of Processing

Processing activities may include:

• Hosting contact data uploaded by the Client
• Real-time audio processing during calls
• Optional temporary transcript storage (if enabled by Client)

4. No Call Recording

• Does not record calls
• Does not store audio recordings
• Does not maintain audio archives

Audio is processed transiently in real time and is not permanently retained.

5. Transcript Storage

By default, transcripts are not stored. If enabled by the Client:

• Transcript retention is client-controlled
• A recommended maximum retention period of five (5) days applies
• Automatic deletion occurs after the configured retention period
• CallPilot does not maintain permanent transcript archives.

6. Security Measures

CallPilot implements appropriate technical and organisational measures, including:

• Encrypted data transmission (TLS)
• Secure cloud infrastructure
• Role-based access controls
• Authentication systems
• Monitoring and logging

Access to personal data is restricted to authorised personnel.

7. Subprocessors

CallPilot may engage trusted third-party service providers for:

• Cloud infrastructure
• AI processing
• Telecommunications services

All subprocessors are contractually bound by data protection obligations.

8. International Data Transfers

Where personal data is transferred outside the UAE:

• Appropriate safeguards are implemented
• Contractual protections are applied
• Secure cloud providers are utilised

9. Data Subject Rights

CallPilot shall assist the Client, where reasonably possible, in responding to data subject requests under applicable law.

10. Data Breach Notification

In the event of a confirmed data breach affecting Client data:

• CallPilot will notify the Client without undue delay
• Provide relevant information to support regulatory reporting obligations

11. Deletion of Data

Upon termination of services, Client data will be deleted or returned in accordance with contractual terms and legal obligations.

Transcript data (if enabled) is automatically deleted after the configured retention period.

12. Liability

Liability under this DPA is subject to the limitations set out in the Terms of Service.

13. Contact

For data processing matters: contact@swiftwave.ai

1. Purpose

This Security & Infrastructure Policy outlines the technical and organisational measures implemented by Swiftwave FZ-LLC to protect data processed through the CallPilot platform.

CallPilot is designed using privacy-by-design and security-by-design principles aligned with internationally recognised data protection standards.

2. Infrastructure Security

CallPilot operates on secure cloud-based infrastructure incorporating:

• Encrypted data transmission (HTTPS / TLS)
• Secure hosting environments
• Firewall and network security controls
• Segregated environments where applicable
• System hardening practices

Infrastructure is configured to reduce exposure to unauthorised access.

3. Access Control

Access to platform systems is restricted through:

• Role-based access controls
• Authentication safeguards
• Restricted administrative privileges
• Access limited to authorised personnel

Access rights are granted based on operational necessity.

4. Audio & Call Data Handling

• Does not provide call recording functionality
• Does not store audio recordings
• Does not maintain audio archives

Audio is processed in real time solely to enable live communication functionality and is not permanently retained.

5. Transcript Controls

CallPilot does not store transcripts by default.

Where clients enable transcript storage:

• Retention is client-controlled
• A recommended maximum retention period of five (5) days applies
• Automatic deletion occurs after the configured period
• CallPilot does not maintain permanent transcript archives

6. Monitoring & Incident Management

Systems are monitored to detect:

• Unauthorised access attempts
• Suspicious activity
• Service anomalies

In the event of a confirmed security incident, internal investigation procedures are initiated and affected clients are notified where required.

7. Third-Party Service Providers

CallPilot may engage trusted third-party providers for:

• Cloud infrastructure
• AI processing
• Telecommunications services

Such providers are contractually required to maintain appropriate security safeguards.

8. Data Protection Alignment

CallPilot incorporates security measures aligned with internationally recognised data protection principles, including those reflected in UAE PDPL and GDPR frameworks.

Clients remain responsible for ensuring lawful data collection and usage within their jurisdictions.

9. Continuous Improvement

Security controls are periodically reviewed and updated to address emerging risks and technological developments.

10. Contact

For security-related enquiries: contact@swiftwave.ai

1. Purpose

This policy explains how artificial intelligence (AI) is used within the CallPilot platform and outlines our commitment to responsible and lawful AI deployment.

2. How AI Is Used

CallPilot uses AI technologies to:

• Process live audio input during calls
• Generate conversational responses
• Facilitate automated call interactions
• Support communication efficiency

AI operates in real time to enable platform functionality.

3. No Autonomous Decision-Making

CallPilot does not:

• Make legally binding decisions
• Enter into contracts
• Approve financial transactions
• Take independent enforcement action

All business decisions remain the responsibility of the client.

4. No Call Recording

CallPilot does not provide call recording functionality.

Audio transmitted through the platform is processed in real time and is not recorded, stored, or archived.

5. Transcript Handling

CallPilot does not store transcripts by default.

Clients may enable temporary transcript storage for quality or performance review purposes.

Where enabled:

• Storage is client-controlled
• A recommended maximum retention period of five (5) days applies
• Transcripts are automatically deleted after the configured period
• CallPilot does not maintain permanent archives of call content

6. Human Oversight

Clients retain full control over:

• Campaign configuration
• Call scripts
• Target lists
• Communication objectives

CallPilot does not independently initiate communications without client instruction.

7. Responsible Use Requirements

Clients must not use CallPilot AI to:

• Engage in fraud or deception
• Conduct unlawful marketing
• Impersonate individuals or organisations
• Harass or intimidate recipients
• Violate telecommunications laws
• Conduct prohibited political or religious campaigning

8. Bias & Fairness

CallPilot aims to deploy AI technologies responsibly.

While AI systems are designed to operate reliably, clients are responsible for reviewing outputs and ensuring communications remain lawful and appropriate.

9. Continuous Improvement

AI models and platform capabilities may evolve over time. Updates are implemented to improve performance, compliance, and security.

10. Contact

For questions regarding AI usage: contact@swiftwave.ai

1. Purpose

This Acceptable Use Policy governs the permitted and prohibited uses of the CallPilot platform.

By using CallPilot, clients agree to comply with this policy.

2. Lawful Use Requirement

CallPilot may only be used for lawful business communication purposes.

Clients are solely responsible for ensuring compliance with:

• UAE telecommunications regulations
• Applicable marketing and consent laws
• Data protection legislation
• Any industry-specific regulations applicable to their business

3. Prohibited Activities

Clients must not use CallPilot to:

• Conduct unsolicited spam campaigns
• Engage in fraudulent or deceptive activity
• Impersonate individuals or organisations
• Misrepresent identity or intent
• Harass, threaten, or intimidate recipients
• Distribute misleading or unlawful content
• Conduct political campaigning where restricted by law
• Conduct religious solicitation where prohibited
• Violate telecommunications or consumer protection regulations

4. Call Recording Restrictions

CallPilot does not provide call recording functionality.

Clients must not attempt to use the platform to bypass or circumvent this restriction.

If clients independently record calls outside the platform, they are solely responsible for compliance with applicable laws and disclosure obligations.

5. Transcript Usage

CallPilot does not store transcripts by default.

If transcript storage is enabled:

• It must be used for legitimate operational or quality purposes
• Retention must remain reasonable
• A recommended maximum retention period of five (5) days applies
• CallPilot does not maintain permanent archives of call content

6. Platform Integrity

Clients must not:

• Attempt to reverse engineer the platform
• Attempt to bypass security controls
• Interfere with system integrity
• Upload malicious code or scripts

7. Enforcement

Swiftwave FZ-LLC reserves the right to:

• Suspend accounts
• Restrict access
• Terminate services

If this policy is violated.

8. Updates

This policy may be updated periodically to reflect regulatory or operational developments.

9. Contact

For compliance or policy questions: contact@swiftwave.ai

1. Purpose

This Call Handling Policy explains how audio and call-related data are processed within the CallPilot platform.

2. No Call Recording

CallPilot does not provide call recording functionality.

The platform:

• Does not record calls
• Does not store audio files
• Does not maintain audio archives
• Does not retain voice recordings

Audio transmitted through CallPilot is processed in real time solely to enable live communication functionality. Audio data is not permanently saved.

3. Real-Time Processing

Audio data is processed transiently to:

• Enable AI-assisted interaction
• Facilitate conversational responses
• Deliver communication functionality

Once processing is complete, audio data is not retained.

4. Transcript Handling

CallPilot does not store call transcripts by default.

Clients may optionally enable temporary transcript storage for operational review or quality assurance purposes.

Where enabled:

• Transcript storage is fully controlled by the client
• Retention duration is configurable within the client platform
• A recommended maximum retention period of five (5) days applies
• Transcript data is automatically deleted after the configured period
• CallPilot does not maintain permanent transcript archives

5. Client Responsibility

Clients are responsible for:

• Ensuring lawful authority to contact recipients
• Providing any required call disclosures
• Complying with telecommunications and data protection regulations

If clients independently record calls outside of CallPilot, they are solely responsible for compliance with applicable legal requirements.

6. Security

Call-related data is transmitted using encrypted communication channels and processed within secure infrastructure. Access to platform systems is restricted to authorised personnel.

7. Updates

This policy may be updated periodically to reflect operational or regulatory developments.

8. Contact

For questions regarding call handling: contact@swiftwave.ai