1. Scope and Purpose

This Data Processing Agreement ("DPA") forms part of the Terms of Service between BookedOnCall ("Processor," "we," "us") and the customer ("Controller," "you") who subscribes to the BookedOnCall platform.

This DPA applies to all personal data that BookedOnCall processes on your behalf in connection with providing the Service, including but not limited to caller information, call recordings, transcripts, appointment details, and any data accessed through third-party integrations you have authorized.

2. Roles and Responsibilities

You are the Controller of the personal data processed through the Service. You determine the purposes and means of processing. BookedOnCall acts as a Processor, processing personal data only on your documented instructions and solely for the purpose of providing the Service.

You are responsible for ensuring that you have a lawful basis for providing personal data to BookedOnCall, including obtaining any necessary consents from callers for call recording and AI-assisted processing.

3. Data Processing Details

Categories of Data Subjects

Callers to your business number, your employees or team members with account access, and third-party contacts referenced in scheduling or job management systems you have connected.

Types of Personal Data

Names, phone numbers, addresses, email addresses, voice recordings, call transcripts, appointment and scheduling information, service requests, and any other information callers voluntarily provide during calls.

Processing Activities

Receiving and answering inbound voice calls, transcribing call audio, qualifying leads, scheduling appointments, sending SMS confirmations, synchronizing data with connected third-party services (Jobber, Google Calendar), and generating call summaries and reports.

4. Sub-Processors

BookedOnCall uses the following sub-processors to deliver the Service:

Twilio: Voice call handling, telephony infrastructure, and SMS delivery.
Google Cloud / Cloud infrastructure: Hosting, compute, and data storage.
Jobber: Job management data synchronization (only when you authorize the integration).
Google Calendar: Scheduling data synchronization (only when you authorize the integration).

We will inform you of any intended changes to sub-processors with reasonable advance notice. You may object to a new sub-processor by contacting us within 14 days of notification. If we cannot reasonably accommodate your objection, you may terminate the affected Service.

5. Data Security

BookedOnCall implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS) and at rest, access controls, regular security reviews, and employee training on data protection obligations.

In the event of a personal data breach, BookedOnCall will notify you without undue delay (and in any event within 72 hours of becoming aware of the breach) and provide sufficient information to enable you to meet your own breach notification obligations.

6. Data Retention and Deletion

BookedOnCall retains personal data processed on your behalf for the duration of the Service agreement and as needed to fulfill the purposes described in this DPA. Retention periods for specific data types (call recordings, transcripts, account data) depend on your enabled features, your configuration preferences, and applicable legal requirements.

Upon termination of the Service, BookedOnCall will delete or return all personal data processed on your behalf within a reasonable period, unless retention is required by applicable law. You may request deletion of specific records at any time through your account dashboard or by contacting us.

7. Data Subject Rights

BookedOnCall will assist you in responding to requests from data subjects exercising their rights under applicable data protection laws, including rights of access, rectification, erasure, restriction, portability, and objection. We will promptly inform you of any data subject request we receive directly.

8. Audits and Compliance

BookedOnCall will make available to you all information reasonably necessary to demonstrate compliance with this DPA. Upon reasonable request and with reasonable advance notice, BookedOnCall will permit and contribute to audits conducted by you or an auditor you appoint, provided such audits do not unreasonably disrupt our operations.

9. International Transfers

If personal data is transferred outside the jurisdiction in which it was collected, BookedOnCall will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other legally recognized transfer mechanisms, to provide an adequate level of protection for the data.

10. Contact

For questions about this DPA or to exercise any rights described herein, please contact us at privacy@bookedoncall.com.