🚀 ThunderPhone is currently in soft-launch mode! Feel free to try us out while we put the finishing touches on. Full launch planned for Feb 2.

ThunderPhone Privacy Policy

Last updated: November 7, 2025 • Version: PP-2025-11-07

Autophonix, LLC d/b/a ThunderPhone (“ThunderPhone,” “we,” “us”) provides an AI-assisted telephony platform. This Privacy Policy explains what we collect, how we use and share it, and your rights. It applies to our website, product, and related services (the “Service”).

If you use ThunderPhone through a business account, our Terms of Service govern your use, and our Data Processing Addendum describes our processor commitments when we handle Customer Personal Data on your organization’s instructions.

Who we are & how to contact us

Controller (for website, account, and billing data)Autophonix, LLC d/b/a ThunderPhone

Address505 Montgomery St. Suite 1100 #1019, San Francisco, CA 94111, USA

ContactPriority Email: privacy@thunderphone.com
Security: security@thunderphone.com
Legal: legal@thunderphone.com

EU Representative (GDPR Art. 27)Rickert Rechtsanwaltsgesellschaft mbH — Autophonix LLC, Colmantstraße 15, 53115 Bonn, Germany • art-27-rep-autophonix@rickert.law

UK Representative (UK GDPR Art. 27)Rickert Services UK Ltd — Autophonix LLC, PO Box 1487, Peterborough, PE1 9XX, United Kingdom • art-27-rep-autophonix@rickert-services.uk

When we process Customer Content (e.g., call audio/recordings/transcripts) for a business customer, we act as a processor under our DPA and your organization is the controller.

What we collect

A) You provide

  • Account details: name, email, phone, company, role; workspace settings.
  • Payment details: via Stripe (we receive tokens/identifiers—we do not store full card numbers).
  • Support tickets, feedback, and communications.

B) Collected automatically

  • Device/technical data: IP address, device/browser type, event logs.
  • Service usage and call metadata: numbers dialed/received, timestamps, duration, routing, diagnostics.
  • Cookies: essential cookies for login/session and security. (If we add analytics/ads cookies later, we’ll update this policy and honor required consent/opt-out.)

C) Optional: recordings & transcripts (workspace-controlled)

If your admin enables recording or transcription, we process call audio and derived transcripts to provide those features. We do not intentionally collect special categories of data; customers should avoid including them in Customer Content.

How we use data (purposes)

  • Provide, maintain, and improve the Service; route calls; provide optional recording/transcription.
  • Billing and account management (including per-minute usage charges).
  • Security, fraud/abuse prevention, DNC/TCPA compliance tooling.
  • Troubleshooting, quality assurance, product analytics (aggregated/de-identified where possible).
  • Legal compliance and to enforce our Terms.
  • Recording/transcription responsibilities. Customers are responsible for providing legally required notices/consents (e.g., one-party/two-party consent) before enabling recording or transcription.

Legal bases (GDPR/UK GDPR)

We rely on contract (to provide the Service), legitimate interests (security, abuse prevention, product improvement), consent where required (e.g., for recording notices—managed by the customer), and legal obligations (e.g., tax/audit).

How we share data

  • Subprocessors (service providers). We use vetted providers to host and operate the Service (e.g., GCP, LiveKit, Deepgram, Stripe, GitHub, ngrok). See the live list at Subprocessors.
  • Legal/compliance. To comply with law or protect rights, safety, or the Service.
  • Business transfers. In connection with a merger, acquisition, or reorganization (we will notify where required).

We do not sell or share personal information as defined by the California CPRA, and we do not use personal information for cross-context behavioral advertising.

International transfers

Where we transfer personal data internationally, we rely on EU Standard Contractual Clauses (SCCs) and the UK Addendum with our vendors and subprocessors. See our DPA and Subprocessors list for details.

Retention

We keep data only as long as needed for the purposes above or as required by law.

  • Account & billing data: for the life of the account and for tax/audit after closure.
  • Call recordings/transcripts (if enabled): retained per your workspace settings (default 30 days, configurable by your admin).
  • Technical logs/diagnostics: typically ~13 months, unless needed longer for security/legal reasons.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of your personal data, and to portability. To exercise rights, contact privacy@thunderphone.com (or our EU/UK reps for local authorities). We will respond per applicable law.

Security

We use industry-standard technical and organizational measures. See our Security Overview. If we learn of a Security Incident, we will notify affected customers without undue delay and within 72 hours of awareness where required.

Children

The Service is not directed to children under 13 (or the age defined by local law). We do not knowingly collect personal data from children. If you believe a child provided data, contact privacy@thunderphone.com.

Changes to this policy

We may update this policy from time to time. We’ll post the new version here and update the “Last updated” date. If changes are material, we’ll provide additional notice (e.g., email or in-product).

Contact us

Autophonix, LLC d/b/a ThunderPhone505 Montgomery St. Suite 1100 #1019, San Francisco, CA 94111, USA
privacy@thunderphone.com • security@thunderphone.com • legal@thunderphone.com