Our policies, in plain text.

RestCall AI collects information you provide when requesting a demo (restaurant name, phone number, location) and call metadata from calls handled on your behalf (caller number, call duration, transcripts, order contents). We use this information to operate the service, improve accuracy, and provide analytics to your team.

We do not sell personal data. We do not use your call transcripts to train models for other customers. We share data only with sub-processors required to deliver the service (telephony, cloud hosting) and when required by law.

You can request a copy of your data or ask us to delete it at any time by emailing [email protected].

By using RestCall AI you agree to these terms. The service is provided on a subscription basis per the plan you select. You remain responsible for the accuracy of the menu and hours data you provide, for compliance with local laws governing automated calling and call recording, and for any orders placed through the service.

We may update these terms; material changes will be notified at least 30 days in advance. Either party may terminate with 30 days’ notice; monthly subscriptions will not be pro-rated on early termination but your data will be exportable for 30 days after.

RestCall AI answers, records, and transcribes inbound calls on your behalf. US state law varies: some states require single-party consent (you, as the restaurant), others require all-party consent (you and the caller).

By default, RestCall AI plays a brief notice at the start of every call (“Calls may be recorded for quality”) so that your business is compliant in all 50 states. You can customize the wording of this notice in your dashboard, but it cannot be disabled. If your jurisdiction has stricter requirements, contact us and we will configure call handling accordingly.

Recordings are stored encrypted at rest and are retained for 90 days by default. You can shorten retention or request immediate deletion of a specific recording from the dashboard.

RestCall AI is hosted on infrastructure that meets SOC 2 Type II and ISO 27001 standards. All data in transit is encrypted with TLS 1.2+. Data at rest is encrypted with AES-256.

Access to production systems is restricted to a small number of engineers, gated by hardware keys and audited on every access. Sub-processors are reviewed annually. Incident response targets a 4-hour initial acknowledgment for any security report.

Report a vulnerability: [email protected]. We respond within one business day and operate a safe-harbor policy for good-faith research.