Legal · Privacy
Your Calls, Your Data.
Last updated · May 29, 2026
The TL;DR — we collect what's needed to make Diala answer your phone and show you the result. We don't sell it, we don't train models on it, and we delete it when you ask.
What we collect
- Account info. Email, name, organization, and a Cognito user ID.
- Phone number. The Diala number we provision for you, and the forwarding number you tell us is yours.
- Calls and transcripts. Audio and text of conversations the AI has on your behalf, plus metadata (start time, duration, caller number, status).
- Contacts. If you grant the mobile app permission, we sync the contacts you've stored on your device so the AI can recognize callers by name. Contact data stays scoped to your tenant.
- Usage telemetry. Aggregated, non-identifying counts of API calls and dashboard pageviews so we know what's slow.
What we don't collect
- We don't read your existing voicemails, SMS, or call history from outside Diala.
- We don't track you across other sites or apps.
- We don't sell or share personal data with advertisers. Diala has no advertising business.
How we use it
- To route and answer your calls. This is the whole point.
- To show you transcripts and summaries in the dashboard and mobile app.
- To improve reliability — debugging crashes, investigating dropped calls. Engineers see redacted call metadata, not transcript bodies, unless you explicitly share a call for support.
- We do not train foundation models on your transcripts. Bedrock invocations run inference only; nothing is fed back into training.
Who can see it
| Audience | What they see | When |
|---|---|---|
| You | Everything in your tenant | Always |
| Your organization admins | Everything in the org tenant | When you're part of an org |
| Diala on-call engineers | Metadata + opted-in support shares | Only for incidents you opened |
| Subprocessors (AWS, Twilio) | Encrypted call audio in transit | At the moment of the call |
| Law enforcement | Only what a valid subpoena compels | Never voluntarily |
How long we keep it
- Account data: while your account is active, plus 30 days after deletion (so you can undo).
- Calls and transcripts: 90 days by default. Configurable per tenant down to 24 hours or up to 1 year.
- Telemetry: 13 months, then aggregated.
Your rights
You can:
- Export every call, transcript, and contact we hold for you — available as JSON from the dashboard at any time.
- Delete any individual call, your contacts, or your entire account. Deletion is real (not flagged-as-deleted) and propagates within 24 hours.
- Object to any specific processing. Email privacy@diala.ai.
GDPR and CCPA rights apply if you're in their jurisdictions. We honor them everywhere because the alternative is unhelpful.
Subprocessors
We rely on:
- Amazon Web Services (Bedrock, Polly, DynamoDB, Cognito, Lambda, CloudFront, S3) — primary infrastructure.
- Twilio — phone number provisioning and call delivery.
We don't add subprocessors casually. The current list is the list.
Changes
If we change anything material, we'll email account owners 30 days before the change takes effect. Dated revisions live at this URL.
Contact
Privacy questions, requests, or concerns: privacy@diala.ai.