The Platform is a multi-tenant SaaS product. Three categories of individuals interact with it:

• Agency Owners & Team Members — businesses that subscribe to the Platform to deploy AI voice agents for their clients.
• Clients — end-businesses on whose behalf AI voice agents are created and managed by an agency.
• Callers — individuals who place or receive phone calls handled by AI voice agents deployed through the Platform.

Where an agency acts as a data controller with respect to its clients and callers, Gary Club acts as a data processor on the agency’s behalf. This Privacy Policy governs data processing carried out by Gary Club in both capacities.

2.1 Account & Profile Information

When you create an account, we collect your email address, password (hashed), business/agency name, and any optional profile details you provide (industry, address, support contact information). If you sign in via Google OAuth, we receive your name and email from Google.

2.2 Billing & Payment Information

Payment is processed by Stripe. We do not store full credit card numbers on our servers. Stripe collects and processes payment method details, billing address, and transaction history on our behalf. We store your Stripe customer ID, subscription status, invoice references, and fuel credit balances.

2.3 Client & Business Data

Agencies create client profiles containing business name, contact email, phone number, address, custom fields, FAQs, business hours, greeting messages, and knowledge base documents (URLs, uploaded files, and text). This data is used to configure AI voice agents.

2.4 Voice Call Data

When calls are handled by AI voice agents, we process and store:

• Caller phone number and any caller-provided information (name, email)
• Full call audio recordings
• Call transcripts (text conversion of audio)
• AI-generated call summaries, intent classification, and sentiment analysis
• Call metadata (duration, timestamps, call quality scores)
• Extracted key information (structured data pulled from conversations)

2.5 Caller Profiles (CRM)

The Platform automatically builds caller profiles from call interactions, including names, email addresses, phone numbers, call history, and notes. These profiles are associated with specific agents and are accessible to the owning agency and client.

2.6 Calendar & Booking Data

If an agency or client connects Cal.com, Google Calendar, or Google Sheets via OAuth, we access calendar availability, event details, and booking information as authorized. OAuth tokens are encrypted at rest using AES-256-GCM.

2.7 Digital Asset Information

If you participate in the $GARY token rewards program, we provision a custodial Solana wallet on your behalf. We store your wallet public address, token balances, and transaction history. Private keys are encrypted using AES-256-GCM. Blockchain transactions on Solana are public by nature.

2.8 Uploaded Content

Files you upload (knowledge base documents, logos, training materials, support ticket attachments) are stored on Cloudflare R2 (CDN-backed object storage). Media files for documentation are stored similarly.

2.9 Usage & Analytics Data

We collect platform usage data including feature interactions, agents deployed, call volumes, page views, module completion, and event registrations. We do not use third-party analytics trackers (no Google Analytics, Mixpanel, or similar). All analytics are processed and stored internally.

2.10 Audit Logs

We maintain audit logs of significant actions (agent deployments, setting changes, member management, billing events) for security and compliance purposes.

2.11 Cookies & Session Data

We use session cookies for authentication purposes only. We do not use advertising cookies or tracking pixels.

We use collected information for the following purposes:

• Service Delivery — to provision and operate AI voice agents, process calls, generate transcripts and summaries, manage appointments, and deliver platform features.
• Billing & Payments — to process subscriptions, fuel credit purchases, usage-based charges, and revenue reporting.
• AI Processing — to generate agent system prompts, analyze call transcripts, produce summaries and sentiment analysis, and create AI-generated greetings and templates.
• Communications — to send service-related emails (portal invitations, billing alerts, call notifications, event reminders, weekly digests, dunning notices).
• Security & Fraud Prevention — to enforce access controls, detect unauthorized access, maintain audit trails, and protect against abuse.
• Platform Improvement — to analyze usage patterns, monitor service health, calculate provider cost margins, and improve features.
• Rewards & Incentives — to provision wallets, distribute $GARY token rewards for training completion, event attendance, and referrals.
• Search — to index documentation and content for full-text search functionality.

We do not sell your personal information. We share data with third-party service providers solely to operate the Platform:

• ElevenLabs — voice AI provider. Receives agent configurations, knowledge base content, and processes call audio, transcriptions, and AI analysis.
• Twilio — telephony provider. Provisions and routes phone numbers; handles call connectivity.
• Stripe — payment processor. Processes subscriptions, one-time payments, and stores payment method information.
• Anthropic (Claude AI) — AI language model. Processes call transcripts for analysis, generates agent prompts, and produces welcome call summaries.
• Supabase — database and authentication. Stores platform data with row-level security; handles user authentication.
• Mailgun — email delivery. Sends transactional and notification emails on behalf of the Platform and agencies.
• Cloudflare R2 — file storage and CDN. Hosts uploaded documents, media, logos, and recordings.
• Meilisearch — search engine. Indexes documentation content for full-text search (self-hosted, data does not leave our infrastructure).
• Helius — Solana blockchain RPC. Monitors wallet balances and processes $GARY token transactions.
• Cal.com / Google Calendar / Google Sheets — calendar and productivity integrations. Accessed only when explicitly connected by users via OAuth.
• Zoom — virtual events. Hosts webinars, processes registrations, and stores recordings.
• Slack / GoHighLevel — optional CRM and messaging integrations. Connected only when explicitly authorized by users via OAuth.

We may also disclose information when required by law, court order, or governmental authority, or when necessary to protect the rights, property, or safety of Gary Club, our users, or others.

The Platform uses artificial intelligence extensively. Specifically:

• AI voice agents conduct phone conversations with callers on behalf of clients.
• Call recordings are automatically transcribed and analyzed for intent, sentiment, and key information extraction.
• AI generates call summaries, business greetings, and agent system prompts.
• Emergency detection algorithms monitor calls for urgent situations.

AI-generated outputs are produced automatically and may contain inaccuracies. Agencies and clients are responsible for reviewing AI-generated content. AI processing is performed by ElevenLabs (voice) and Anthropic Claude (text analysis).

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• AES-256-GCM encryption for sensitive data at rest (OAuth tokens, wallet private keys)
• Row-level security (RLS) on all database tables for tenant isolation
• Role-based access controls (admin, agency owner, manager, member, client)
• HMAC webhook signature verification for inbound integrations
• Rate limiting on authentication and API endpoints
• Firewall rules (UFW), fail2ban intrusion prevention, and SSH hardening
• CORS restrictions, Content Security Policy (CSP), and security headers
• Comprehensive audit logging of security-relevant actions

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Account data is retained for as long as your account is active and for a reasonable period afterward for legal and business purposes.

Call recordings, transcripts, and caller profiles are retained according to agency account settings. Agencies may delete individual call records or request bulk deletion.

Billing records are retained as required by applicable tax and financial regulations.

Audit logs are retained for security and compliance purposes even after account deletion (with organization identifiers anonymized).

Upon account deletion, we perform cascade deletion of associated data including ElevenLabs agents, Twilio phone numbers, Stripe subscriptions, and all database records. $GARY tokens in custodial wallets are recovered prior to deletion.

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request deletion of your personal data, subject to legal retention requirements.
• Data Portability — request export of your data in a structured, machine-readable format.
• Restriction — request restriction of processing in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw Consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at gary@gary.club. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To make a CCPA request, contact us at gary@gary.club.

AI voice agents deployed through the Platform handle phone calls on behalf of agency clients. Calls may be recorded, transcribed, and analyzed by artificial intelligence. Agencies are responsible for ensuring compliance with applicable call recording consent laws in their jurisdictions (including but not limited to federal and state wiretapping statutes and TCPA regulations).

Phone numbers are provisioned through Twilio. Caller phone numbers and call metadata are processed and stored as described in Section 2.4.

For privacy-related questions, concerns, or requests, contact us at:

Gary Club LLC
Email: gary@gary.club
Website: gary.club