Legal

Privacy Policy

Callweave is voice AI for regulated call workflows. This policy explains how Fractal Signals LLC, the company behind Callweave, handles personal data on its website and in its dealings with prospects and business contacts. It also draws the line, clearly and up front, between that activity and the customer call data we process strictly on our customers' behalf.

Last updated 29 May 2026

Who we are

Callweave is a product of Fractal Signals LLC, a Delaware limited liability company (Delaware file no. 10258703). In this policy, "Callweave", "we", "us" and "our" all refer to Fractal Signals LLC.

For anything to do with personal data or this policy, write to us at privacy@callweave.ai. For everything else, hello@callweave.ai reaches us.

Two roles: when we are a controller and when we are a processor

This is the most important thing to understand about how we handle data, so we put it first. We process personal data in two very different capacities, and only one of them is governed by this policy.

1. Our website, prospects and business contacts — we are the controller

When you visit callweave.ai, book a call review, send us a call sample for evaluation, email us, or negotiate an MNDA or DPA with us, we decide why and how that personal data is processed. For that activity we are the data controller under the UK GDPR and the EU GDPR. This policy governs that processing.

2. Customer call data on the Callweave platform — we are the processor

When a business customer runs calls, recordings, transcripts and case data through the Callweave platform, the personal data of that customer's end users (their callers) is processed by us only on the customer's documented instructions. For that activity we are a data processor acting on behalf of the customer, who is the controller.

That processing is not governed by this consumer-facing policy. It is governed by the Data Processing Addendum we enter into with each customer under Article 28 of the UK and EU GDPR. If you are an end user whose call was handled through Callweave and you have a question about your data, please contact the business you called, since they are the controller and decide how that data is used. See our sample DPA and our list of subprocessors for the detail.

We do not blur these roles. Customer call recordings, transcripts and case data are used only to run the workflows that customer has configured. We never use them to train shared models or to build benchmarks.

What personal data we collect as a controller

We keep this modest. We are a small company and we collect only what we need to talk to prospective and current customers and run our site.

Data you give us

Data collected automatically

When you load the site, our hosting and the third-party services the page calls receive technical data such as your IP address, browser type and the pages you view. We describe exactly which third parties this involves in the Cookies and tracking section below.

Legal bases for processing

Under Article 6 of the UK and EU GDPR we rely on the bases set out below. Each purpose maps to one basis.

PurposeDataLawful basis
Responding to your enquiry or call-review request Contact details, message contents, any call sample you send Legitimate interests (Art. 6(1)(f)) — running and growing our business by answering people who approach us
Evaluating a call sample you upload and returning findings to you Uploaded audio or transcript and its contents Legitimate interests (Art. 6(1)(f)), and, where the sample contains third-party personal data, performed under your instructions as the controller of that sample
Limited B2B marketing to businesses we believe are relevant Business contact details Legitimate interests (Art. 6(1)(f)), subject to your right to object at any time
Negotiating and performing a contract, MNDA or DPA Signatory and negotiator contact details, agreement contents Contract (Art. 6(1)(b)) or legitimate interests where you act through a company
Setting non-essential cookies or similar technologies Cookie and device identifiers Consent (Art. 6(1)(a))
Meeting our legal, tax and accounting obligations Transaction and correspondence records Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You can ask us for the detail of that assessment, and you can object to processing based on legitimate interests at any time.

How long we keep it

Who we share data with

We do not sell personal data. As a controller we share it only with the service providers that help us run the business, for example our email, hosting, scheduling and document-signing providers, each acting on our instructions under appropriate contractual terms. The third-party services our website itself calls are listed in the Cookies and tracking section. Our current providers are listed and kept up to date on our subprocessors page. We may also disclose data where we are legally required to, or to protect our rights, property or safety.

International transfers

Fractal Signals LLC is established in the United States. If you are in the UK or the EEA, the personal data we process about you as a controller may be transferred to and stored in the US, and may be accessed by our service providers there. Where it is, we put appropriate safeguards in place, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, together with any supplementary measures needed.

For platform data processed on behalf of customers, EU hosting is available on request, so that customer call data can be kept within the EU. Talk to us if your deployment requires it.

Your rights

If we hold personal data about you as a controller, you have the following rights under the UK and EU GDPR:

To exercise any of these, email privacy@callweave.ai. We respond within the timeframes the law sets. If you are an end user whose call was handled through the platform, please direct your request to the business you contacted, as they are the controller of that data.

You also have the right to complain to a supervisory authority. In the UK that is the Information Commissioner's Office (ICO); in the EEA it is the data protection authority in your country. We would appreciate the chance to address your concern first.

Security

We protect personal data with measures that include encryption in transit and at rest, role-based access control, PII redaction options, and audit logging of reviewer actions. No system is perfectly secure, but we work to keep our controls proportionate to the sensitivity of the data we handle. There is more detail on our Trust and Security page.

Cookies and tracking

We try to be specific about what the site actually loads, rather than copying a long generic cookie list. The callweave.ai pages call three third-party services, and your browser makes requests to them when a page loads. Those requests can result in cookies being set by the third party or your IP address being logged by them:

These are functional requests. We do not currently use advertising cookies, and we do not use analytics cookies that profile or track visitors across sites. On your first visit a cookie notice records your preference, and you can change or withdraw it any time by clearing this site's data in your browser. If we add analytics in future, we will place it behind a consent mechanism before any non-essential cookie is set.

CategoryWhat it coversSet by
Strictly necessary Requests required to serve and render the page securely Us and our hosting provider
Third-party / functional Fonts, icons and integration favicons loaded from external services, which may set cookies or log your IP address Google (Fonts, favicons) and unpkg.com (Lucide)

You can block or delete cookies through your browser settings. Blocking third-party requests may affect how fonts or icons display.

Children's data

Callweave is a business-to-business service. Our website and our platform are not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact privacy@callweave.ai and we will delete it.

Changes to this policy

We may update this policy as our business or the law changes. When we do, we will revise the date at the top of the page, and for material changes we will take reasonable steps to bring them to your attention.

How to contact us

For any privacy question, request or complaint, email privacy@callweave.ai. For general enquiries, use hello@callweave.ai.