Privacy Policy

Account Information: When you register, we collect your name, email address, and password (stored as a secure hash). We never store your password in plain text.

Business Information: Store name, phone number, address, zip code, business hours, and other information you provide to configure Bella.

Call Data: When Bella handles calls on your behalf, we store call metadata (caller phone number, call duration, timestamp, call status) and call transcripts. Call recordings may be stored temporarily by our telephony provider (Twilio) per their data retention policies.

Booking Data: Customer names, phone numbers, addresses, and pickup/delivery information entered by you or captured by Bella during calls.

Knowledge Base Content: Documents and information you upload to train Bella, such as your store FAQ, pricing, and policies.

Payment Information: We use Stripe to process payments. We do not store your full credit card number, CVV, or expiration date on our servers. Stripe stores payment data under their own privacy policy and PCI-DSS compliance.

Usage Data: Log data including IP addresses, browser type, pages visited, and timestamps, collected automatically when you use the Service.

• To provide, operate, and improve the Service
• To configure and operate Bella on your behalf
• To process payments and manage your subscription
• To send transactional emails (receipts, password resets, booking reminders)
• To send SMS reminders to your customers on your behalf (using your Twilio configuration)
• To respond to support requests and communicate with you about the Service
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell your personal data or your customers' data to third parties. We do not use your data for advertising purposes.

We share your information only in the following circumstances:

• Service Providers: We share data with trusted third-party providers who help us operate the Service, including:
  • Retell AI — voice AI processing for call handling
  • Twilio — telephony infrastructure and SMS delivery
  • Stripe — payment processing
  • Brevo (Sendinblue) — transactional email delivery
  • TiDB Cloud — database hosting
• Legal Requirements: We may disclose information if required by law, court order, or government authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
• With Your Consent: We may share information for any other purpose with your explicit consent.

Bella records and transcribes calls handled on your behalf. These transcripts are stored in your account and are accessible only to you (and your authorized team members). You are responsible for complying with applicable laws regarding call recording disclosure in your jurisdiction. Many states require that all parties to a call be informed that the call is being recorded. You must ensure that callers are appropriately notified.

When Bella interacts with your customers (callers, booking clients), we collect and store their information (name, phone number, address) on your behalf. You are the data controller for this customer data. We process it only as your service provider. You are responsible for having appropriate legal basis to collect and process your customers' personal data.

• Account data: Retained while your account is active and for 30 days after deletion
• Call transcripts and recordings: Retained for 12 months, then automatically deleted
• Booking data: Retained while your account is active
• Payment records: Retained for 7 years as required by financial regulations

We implement industry-standard security measures including encrypted data transmission (TLS/HTTPS), bcrypt password hashing, JWT-based session management, and access controls. However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and encourage you to use a strong, unique password for your account.

We use session cookies to maintain your login state. We do not use third-party advertising cookies or tracking pixels. We may use basic analytics to understand how the Service is used (page views, feature usage) using privacy-respecting analytics tools that do not track individuals across sites.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated data
• Portability: Request an export of your data in a machine-readable format
• Opt-out: Opt out of non-essential communications at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at the email below.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the Service at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: