allozia.ai

Privacy Policy

Compliant with Regulation (EU) 2016/679 (GDPR), the French Data Protection Act as amended (Law No. 78-17 of 6 January 1978) and Regulation (EU) 2024/1689 on artificial intelligence (AI Act).

Last updated: mai 2026

1. Data Controller

allozia.ai is a service operated by Edouard PORCHERON, sole proprietor trading as Epsiio, registered with the Bernay Trade Register (SIREN 104 925 433), the data controller within the meaning of Regulation (EU) 2016/679 (GDPR).

  • Data controller: Edouard PORCHERON — Epsiio (entrepreneur individuel)
  • Postal address: 340 Rue des Forges, 27210 Boulleville, France
  • SIRET (French company ID): 104 925 433 00013
  • Website: https://epsiio.fr
  • DPO / GDPR contact email: hello@allozia.ai

2. Definitions

  • Professional: Natural or legal person who subscribes to the allozia.ai service for their professional activity.
  • Caller: Person who calls the Professional's phone number and interacts with the AI voice assistant.
  • AI Voice Assistant: Conversational agent powered by artificial intelligence that answers phone calls on behalf of the Professional.

3. Personal Data Collected

3.1. Professional's Data

DataPurposeLegal basis
Last name, first nameAccount identification, communicationPerformance of the contract
Email addressLogin, notifications, billingPerformance of the contract
Phone number(s)Call transfers, SMS notificationsPerformance of the contract
Company name, address, industryVoice assistant configuration, response contextualizationPerformance of the contract
Payment data (via Stripe)Subscription billingPerformance of the contract

3.2. Caller's Data

DataPurposeLegal basis
Caller's phone numberIdentification, callback by the ProfessionalLegitimate interest of the Professional
Text transcript of the conversationRequest follow-up by the ProfessionalLegitimate interest of the Professional
Name, contact details shared during the callContact by the ProfessionalLegitimate interest of the Professional
AI-generated request summaryNotification to the Professional, follow-upLegitimate interest of the Professional

4. No Audio Recording

allozia.ai NEVER stores raw audio recordings of phone conversations. Voice processing works as follows:

  • Audio is transmitted in real-time to the transcription service (Gladia, Paris) via an encrypted streaming connection.
  • Only the text transcript is retained. Audio is deleted immediately after processing.
  • No audio file is recorded, stored or archived, neither on our servers nor at our sub-processors.

5. Artificial Intelligence — AI Act Compliance

In accordance with the European Artificial Intelligence Regulation (AI Act, Regulation (EU) 2024/1689), and in particular Article 50 on transparency obligations:

  • Each caller is informed at the beginning of the conversation that they are interacting with a virtual assistant powered by artificial intelligence, not a human being.
  • The voice assistant never pretends to be human. If asked, it confirms its AI nature.
  • AI-generated content (summaries, intent analysis) is clearly identified as such in the Professional's dashboard.
  • The AI does not make any automated decisions with legal or significant effects on individuals. It collects information and forwards it to the Professional who decides on next steps.

6. Artificial Intelligence Processing

Three AI processes are performed during each call:

ProcessProviderData processedStorage
Speech Recognition (STT)Gladia (Paris, France)Real-time audio streamNo storage — real-time processing only
Understanding and Response (LLM)Mistral AI (Paris, France)Text transcript of the conversationNo storage — real-time processing only
Speech Synthesis (TTS)Cartesia (USA)Text of the assistant's responses (no caller personal data)No storage — real-time processing only

After the call, an additional AI process extracts the summary, caller intent and contact details provided, from the text transcript only.

7. Data Hosting

All personal data is stored in France:

  • Server: OVH VPS, datacenter in France (Gravelines or Strasbourg)
  • Database: PostgreSQL hosted on the same French server
  • Cache: Redis hosted on the same French server
  • Backups: OVH Object Storage, France

8. Sub-processors

ProviderRoleLocationGuarantees
OVHServer hostingFranceFrench company, data in France
GladiaSpeech recognition (STT)France (Paris)French company, Paris servers, no audio storage
Mistral AILanguage model (LLM)France (Paris)French company, Paris servers, no data retention via API
CartesiaSpeech synthesis (TTS)USADPA + SCCs — text processing only, no caller personal data
TwilioTelephony + SMSEU (Ireland)DPA + SCCs, EU data residency (Ireland), ISO 27001 certified
StripePaymentEUDPA + SCCs, PCI DSS certified, GDPR compliant
ResendEmail deliveryUSADPA + SCCs — notifications only (call summary)

9. International Data Transfers

Some sub-processors are established outside the European Union. For each transfer, appropriate safeguards are implemented in accordance with Articles 44 to 49 of the GDPR:

  • Cartesia (USA): European Commission Standard Contractual Clauses (SCCs). Only the AI response text is transmitted — no caller personal data.
  • Resend (USA): DPA + Standard Contractual Clauses. Data transmitted: Professional's email address and call summary.
  • Twilio: Data residency configured in EU (Ireland). DPA + SCCs for residual processing.

10. Data Retention Periods

Call data is subject to three independent retention periods, configurable by the Professional:

Data typeDefault durationConfigurable range
Full transcripts6 months1 to 6 months
AI summaries12 months1 to 12 months
Caller contact details (name, email, number)36 months after last contact12 to 36 months

Upon expiration, transcripts are deleted, summaries erased, and contact details anonymized (phone number truncated). An automatic purge runs daily.

11. Your Rights

Under the GDPR (Articles 15 to 22), you have the following rights:

  • Right of access: Obtain a copy of all personal data concerning you.
  • Right to rectification: Have inaccurate or incomplete data corrected.
  • Right to erasure: Request the deletion of your personal data.
  • Right to data portability: Receive your data in a structured, machine-readable format (JSON).
  • Right to object: Object to the processing of your data on legitimate grounds.
  • Right to restriction: Request the restriction of processing of your data.

To exercise your rights, contact us at: hello@allozia.ai. We will respond within a maximum of 30 days.

You also have the right to lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr.

12. Self-Service Tools for Professionals

allozia.ai provides Professionals with self-service tools in their dashboard to manage data independently:

  • Configurable retention periods (GDPR page in the dashboard)
  • Search and delete a caller's data by phone number
  • Export a caller's data in JSON format (right to data portability)

13. Data Security

  • HTTPS/TLS encryption for all web and API communications
  • Audio stream encryption via SIP/SRTP protocols
  • Secure authentication with hashed passwords (bcrypt)
  • Database access restricted to internal Docker network only
  • Daily encrypted backups to separate object storage

14. Cookies

allozia.ai only uses cookies strictly necessary for the service to function (authentication session). No advertising, tracking or analytics cookies are used. No cookie consent is required (CNIL exemption for technical cookies).

15. Changes to This Policy

We reserve the right to modify this privacy policy. In the event of a substantial modification, Professionals will be notified by email. The date of last update is indicated at the top of this page.

16. Contact

For any questions regarding the protection of your personal data or to exercise your rights, contact us at: hello@allozia.ai