A security product has to be paranoid about itself.
Call G listens to your most sensitive calls so you don't have to. That only works if our data practices are stricter than anyone would think to ask for. Here they are.
Hosted in the EU, end to end
All call processing, transcripts and recordings live on EU infrastructure (Hetzner, Germany/Finland). Data processing agreements are in place with every sub-processor, and call data never leaves the EU for storage.
Encrypted recordings, audited access
Recordings are encrypted with per-recording keys (AES-256-GCM envelope encryption) before they touch storage. Every single access to a recording — including by our own staff — is written to an immutable audit log you can request.
Transcript-first, delete by default
Transcripts are the product; audio is the backup. Recordings auto-delete on your plan's retention schedule (7–365 days), and you can shorten retention, export everything, or delete your account and all data at any time, in the dashboard, without emailing anyone.
The AI always discloses itself
Every screening opens with 'this is an AI assistant' and 'this call is recorded and analyzed' — meeting EU AI Act Art. 50 and recording-consent rules in one sentence. The assistant will never claim to be human, and we never voice-clone you.
No biometrics, ever
We do not build voice-prints or do speaker identification — that's GDPR Art. 9 biometric data and a line we don't cross. Scam detection works on what is said, not on who is speaking.
Your contacts stay on your phone
For contact-aware features, numbers are hashed on your device before anything is sent to us. We can check 'is this caller a saved contact?' without ever holding your address book.
GDPR, specifically
- Lawful basis
- Legitimate interest (fraud prevention) with a documented assessment; consent where required per country.
- Data residency
- EU only — Hetzner (DE/FI) for compute and object storage.
- Sub-processors
- Telnyx, Deepgram, Cartesia, Anthropic, Stripe and Hetzner, each under DPAs/SCCs. The full list is on the privacy policy.
- Retention
- Per-plan defaults (7–365 days), user-adjustable downwards. Automatic deletion jobs, verified.
- Your rights
- Export (machine-readable) and full erasure are self-service in the dashboard — no support ticket needed.
- Recording consent
- Disclosed in the first sentence of every screened call, localized per market. Stricter markets (e.g. Germany) launch only after country-specific legal review.
- Security posture
- Independently security-reviewed before launch; SOC 2 Type I in progress. We state what is done and what is in progress — never a badge we have not earned.
- Data requests
- Our Data Protection contact answers access, export and erasure requests at privacy@callg.eu, typically within 30 days.