Privacy Policy
Last updated: March 1, 2026
This Privacy Policy describes how CallBro ("we," "us," or "our") collects, uses, shares, and protects information when you use our website at callbro.ai, our desktop application for macOS, Windows, and Linux, our apps for mobile devices, and any other applications or related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Full name (optional)
- Password — stored only as a cryptographic hash; we never store plaintext passwords
- Authentication provider (e.g., "local" or "Google")
If you sign in via Google OAuth, we also receive your Google account ID, name, profile picture URL, and OAuth tokens from Google.
1.2 Audio Data
When you use the recording feature, the desktop application captures:
- Microphone audio from your selected input device
- System audio from other applications (if you enable this feature)
Audio is captured locally on your device, converted to PCM format, and streamed in real time to our backend server, which forwards it to a third-party Speech-to-Text (STT) provider for transcription. We do not persistently store raw audio files on our servers. Audio data is processed in transit and discarded after transcription.
1.3 Transcripts, Notes, and AI-Generated Content
We store:
- Transcripts produced by the STT provider (as structured JSON)
- Raw notes you write during or after meetings
- Enhanced notes generated by AI models from your transcript and notes
- AI chat messages — prompts you send and responses received
1.4 Usage Data
We collect usage metrics, including:
- STT usage — number of tokens transcribed per recording session
- LLM usage — number of input/output tokens consumed per AI request and model used
- Product analytics events collected via PostHog in the desktop application
- Web analytics collected via Google Analytics (only if you consent to analytics cookies)
1.5 Technical and Device Data
- IP address (in server logs)
- Application version, OS, and platform (registered with PostHog)
- Browser user-agent (for locale detection and standard web server logs)
1.6 Cookies and Local Storage
| Category | Purpose | Examples |
|---|---|---|
| Strictly necessary | Authentication session, cookie consent preference | session_token (httpOnly, 30 days), callbro_cookie_consent (localStorage) |
| Functional | Remember language and preferences | NEXT_LOCALE |
| Analytics | Understand site usage (aggregated) | Google Analytics (_ga, _gid) — only with your consent |
| Marketing | Reserved for future use | None currently active |
You can manage cookie preferences at any time via the cookie banner or settings link in the footer. In the desktop application, your authentication token is stored in a local file — no cookies are used.
1.7 Call Detection Data
The desktop application can optionally monitor which applications are running to detect active calls. This data is processed entirely on your device and is never transmitted to our servers.
2. How We Use Your Information
- Provide the Service — transcribe audio, generate AI notes, power the AI chat, and sync your data.
- Authenticate you — verify your identity via email/password or Google OAuth.
- Communicate with you — send transactional emails (welcome, password reset).
- Track usage — monitor STT and LLM token consumption for billing and fair-use purposes.
- Improve the Service — analyze aggregated, anonymized usage patterns.
- Enforce our Terms — detect abuse and protect the security of the Service.
3. Third-Party Data Processors
Your data is processed by external third-party services. By using CallBro, you acknowledge and instruct us to transmit your data to the following processors:
| Provider | Data Processed | Purpose |
|---|---|---|
| Soniox | Audio stream (PCM), language hints | Real-time speech-to-text transcription |
| OpenRouter + downstream LLMs (Gemini, OpenAI, etc.) | Chat messages, transcripts, notes as prompt context | AI note generation, title generation, chat assistant |
| Email, name, Google ID, OAuth tokens | Google OAuth sign-in | |
| Postmark | Email address, full name | Transactional email delivery |
| PostHog | Analytics events, app version, platform | Product analytics (desktop app only) |
| Google Analytics | Page views, anonymized usage data | Web analytics (only with your consent) |
We do not control and are not responsible for the data practices, availability, security, or compliance of any third-party service. Data may be processed in jurisdictions different from your own.
4. Sharing of Information
We do not sell your personal information. We may share information in the following circumstances:
- With third-party processors as described in Section 3.
- Public sharing links — if you enable sharing for a record, anyone with the link can view the title and enhanced note. No authentication is required. You are solely responsible for who you share links with.
- Legal compliance — if required by law, regulation, legal process, or governmental request.
- Business transfers — in connection with a merger, acquisition, or sale of assets.
5. Data Retention
- Account data — retained as long as your account exists.
- Records, transcripts, and notes — retained until you delete them or your account.
- Usage data (STT/LLM token counts) — retained for billing and analytics.
- Server logs — retained for a limited period for debugging and security.
When you delete your account, all associated data is cascaded and deleted from our primary database. Backup copies may persist for a reasonable period before deletion.
6. Data Security
We use commercially reasonable measures: password hashing with bcrypt, JWT-based authentication, HTTPS/WSS for all data in transit, CORS restrictions, and HttpOnly, Secure, SameSite cookies for web sessions.
No method of electronic transmission or storage is 100% secure. We cannot and do not guarantee absolute security. You use the Service at your own risk.
7. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data; withdraw consent for optional processing; or object to processing. Contact us at contact@callbro.ai to exercise any of these rights.
8. Children
The Service is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. Contact us if you believe a minor has provided us with personal data and we will delete it.
9. International Transfers
Your data may be processed in countries other than your country of residence, including the United States and the European Union, through our third-party processors. By using the Service, you consent to such transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
Questions about this Privacy Policy? contact@callbro.ai