Last updated: June 23, 2026
Last updated: June 23, 2026
This Privacy Policy (the "Policy") describes how CallRank.AI LLC ("CallRank," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information in connection with the CallRank service, including the website located at callrank.ai (or any successor domain), the associated APIs, mobile applications, email communications, and any related services (collectively, the "Service").
Where the UK GDPR applies, references to "personal information" should be read as "personal data" within the meaning of Article 4(1) UK GDPR. Where the CCPA and CPRA apply, "personal information" has the meaning given in California Civil Code Section 1798.140.
This Policy is incorporated into the Terms of Service by reference and forms part of the agreement between you and CallRank. Where this Policy and the Terms address the processing of personal information, this Policy controls.
This Policy applies:
To Subscribers and Visitors. Individuals who access the Service, create an account, subscribe to a paid plan, or otherwise interact with the Service.
To Scored Individuals. Natural persons whose Public Posts have been ingested and evaluated by the Service, regardless of whether they have ever visited the Service. Scored Individuals are addressed primarily in Sections 4, 6, and 13.
Capitalized terms not defined in this Policy have the meanings given to them in the Terms of Service. The Terms define "Scored Individual," "Public Post," "CallRank Score," "Scored Output," "Stat Card," "Watchlist," "Insights," "AI Chat," "Elite Subscriber," and "Subscriber."
CallRank is operated by CallRank.AI LLC, a New Jersey limited liability company with its principal place of business at 971 US Highway 202N, Suite R, Branchburg, New Jersey 08876. For the purposes of the UK GDPR, CallRank.AI LLC is the data controller of the personal data described in this Policy and determines the purposes and means of processing. The subprocessors listed in Appendix C act as data processors on CallRank's behalf under written contract within the meaning of Article 28 UK GDPR.
We collect the following categories of personal information from Subscribers and Visitors.
Account information. Email address; password (stored only as a salted hash); display name (optional); X / Twitter handle (if you elect to link your account or sign in with X).
Billing information. Name on payment instrument, billing address, last four digits of payment card, and a payment-method token. Full payment card numbers are collected and processed solely by Stripe, Inc., our payment processor; we never receive or store full card details.
Communications. The content of messages you send to us through support, contact, or methodology channels, and any attachments.
Watchlist and preferences. Forecasters you elect to follow, alert preferences, default timeframes, and similar in-product configuration. Watchlist contents are stored on the Subscriber's account and are visible only to the Subscriber and to CallRank personnel under the access controls set out in Section 11; Watchlist contents are not displayed on any public Service page.
Device and connection data. IP address, user-agent string, device type, operating system, browser, language, and approximate location derived from IP (country and region only).
Usage data. Pages visited, links clicked, features used, and timestamps. We use Plausible Analytics (cookieless by default) for aggregate traffic analysis. We use PostHog for product analytics and, on an opt-in basis only, session replay.
Email engagement. If you have opted in to newsletters or alerts, whether you opened a given message and which links you clicked.
X / Twitter. If you sign in with X or link your X handle, we receive your handle, profile name, profile image URL, and any public profile metadata returned by the X API. We do not receive your X password and we do not access your direct messages.
Payment processor. We receive subscription status, billing event history, and payment-method metadata from Stripe, Inc. in order to administer your subscription.
We do not collect: precise geolocation, government-issued identifiers, biometric data, or special-category personal data within the meaning of Article 9 UK GDPR. We do not knowingly collect information from persons under 18.
Independently of any account relationship, the Service ingests and evaluates public statements authored by Scored Individuals and publishes editorial commentary derived from that evaluation. The categories of personal data processed about Scored Individuals are:
Public identifiers. X handle, public display name, public profile image URL, and any other publicly displayed profile metadata.
Public Post content. The text, media, and metadata of posts that the Scored Individual has elected to make publicly available, together with the post timestamp and any reply or quote relationships visible at the time of ingestion.
Derived editorial output. CallRank Scores, rankings, classifications, summaries, and other Scored Outputs computed from Public Post content. These outputs are CallRank's editorial assessment of the directional outcome of public forecasts, derived from a disclosed analytical methodology applied to publicly observable data. They are statements of opinion subject to interpretive judgment and inferential error; see the Terms and the Methodology Page.
We do not ingest content from accounts that have made their posts non-public, and we do not attempt to circumvent platform-level privacy controls. If a Public Post is deleted at its source platform after ingestion, we delete the raw text from active storage within twenty-four (24) hours of receiving notice of the deletion, while retaining derived analytical metadata (CallRank Score, post identifier, timestamp, deletion marker) as part of the published audit trail.
Processing of personal data about Scored Individuals is conducted as editorial analytical journalism on public-figure conduct, within the meaning of the journalism exemption at UK GDPR Article 85 and the UK Data Protection Act 2018, Schedule 2, Part 5. The lawful-basis architecture is set out in Section 6, and the rights mechanism specific to Scored Individuals as data subjects is set out in Section 13.
Special-category data within the meaning of Article 9 UK GDPR are not collected as scoring inputs and are not systematically processed by the Service. Public Posts may incidentally contain content that touches on a special category (for example, a forecaster's reference to a political event). The analytical pipeline does not classify, extract, infer, or score on Article 9 attributes; references of that kind are not used to characterize the Scored Individual.
Even where the journalism exemption at UK GDPR Article 85 and the UK Data Protection Act 2018, Schedule 2, Part 5 would permit derogation from a specific obligation, CallRank voluntarily implements the safeguards set out in this Policy, including the editorial standards described in Section 13.3, the Data Protection Impact Assessment, and the published inquiry process. The exemption availability does not displace these safeguards in practice.
We use personal information for the following purposes:
To provide and operate the Service. Authenticate users, deliver the Leaderboard, methodology pages, and any premium features associated with a Subscriber's plan; deliver the Watchlist feature, which is a Subscriber-curated filter over the editorial commentary the Service publishes to every visitor about the same Scored Individuals.
To produce editorial output. Ingest Public Posts, run them through the analytical pipeline, anchor claims to market data, and publish the resulting CallRank Scores, rankings, and summaries.
To publish the Insights tabs. Surface the Insights tabs (Sharp Activity, Sharp-Crowd Sentiment, Asset Deep-Dive) as aggregated editorial commentary on Public Posts by Scored Individuals the Service tracks. The Insights tabs render identically to every Elite Subscriber and do not surface personalized recommendations.
To administer subscriptions. Process payments via Stripe, Inc., manage renewals and cancellations, issue receipts, and prevent payment fraud.
To communicate with you. Respond to support inquiries, send transactional notices (security, billing, material policy changes), and, where you have opted in, send product updates, watchlist alerts, and similar communications.
To maintain and improve the Service. Measure aggregate usage, debug errors, evaluate editorial output quality, and refine the methodology.
To protect the Service and its users. Detect and prevent abuse, scraping, account takeover, and other security incidents.
To comply with law. Respond to lawful requests from public authorities, enforce the Terms, and protect the rights, property, and safety of CallRank, our users, and others.
We do not sell personal information for monetary consideration, and we do not engage in cross-context behavioral advertising. We do not use personal information to train third-party large-language models. See Section 8 regarding our use of third-party model-inference providers.
AI Chat feature data path. When an Elite Subscriber uses the AI Chat feature, the Subscriber's prompt text is sent to Anthropic, Inc. via the Claude API for response generation. The prompt is combined with a CallRank system prompt that bounds the response to descriptive output about CallRank's historical scored dataset. Anthropic processes the combined payload as a data processor from data centers located in the United States; the transfer is conducted under the international-transfer mechanism described in Section 8. Anthropic returns the response to CallRank for rendering to the Subscriber. CallRank does not provide the Subscriber's account information to Anthropic in the API payload. Under Anthropic's commercial API terms, Anthropic does not use AI Chat inputs or outputs to train its general-purpose Claude models. CallRank logs each AI Chat prompt and the model response for refusal-rate measurement, dataset-gap identification, and Subscriber-flagged-event review under the residual-risk allocation in the Terms; the log entries are stored under the retention period set out in Section 10.
Editorial pipeline data path. Public Post content ingested for editorial scoring is sent to Anthropic, Inc. for analytical processing, including natural-language interpretation, chart interpretation, and forecast classification. Subscriber personal information is not included in any payload sent to these providers. The data sent comprise the Public Post content and the post identifiers required to associate the analytical output back to the source post in the audit trail. Under their applicable API terms, these providers do not use the Public Post content sent to them to train their general-purpose models. Transfers to providers located outside the United Kingdom are conducted under the international-transfer mechanism described in Section 8.
Stat Cards. When a Subscriber or Scored Individual generates a Stat Card image through the Service, CallRank records the generation event, the Stat Card identifier, the requesting account if the request originates from a Subscriber account, and the issue date. The Stat Card image itself does not embed any Subscriber personal information. Stat Cards shared by Subscribers or Scored Individuals on public social platforms travel with the embedded methodology disclaimer required by the Terms; CallRank does not track downstream sharing or reshares of Stat Cards on public platforms.
Where the UK GDPR applies, we rely on the following lawful bases under Article 6(1).
| Processing activity | Lawful basis |
|---|---|
| Account creation, authentication, subscription administration | Performance of a contract (Article 6(1)(b)). |
| Transactional emails (security, billing, material policy changes) | Performance of a contract and legal obligation (Article 6(1)(b), (c)). |
| Marketing emails, optional newsletters, watchlist alerts | Consent (Article 6(1)(a)). The data subject may withdraw consent at any time in Settings. |
| Cookieless aggregate analytics (Plausible); opt-in product analytics and session replay (PostHog) | Legitimate interests (Article 6(1)(f)) for cookieless aggregate analytics; consent (Article 6(1)(a)) for opt-in product analytics and session replay. |
| Ingestion and editorial scoring of Public Posts authored by Scored Individuals | Legitimate interests (Article 6(1)(f)), pursued through editorial analytical journalism on public-figure conduct under UK GDPR Article 85 and the UK Data Protection Act 2018, Schedule 2, Part 5. |
| AI Chat feature operation (Elite-tier) | Performance of a contract (Article 6(1)(b)). Anthropic processes the combined payload as a data processor as set out in Section 5 and Appendix C. |
| Fraud prevention, security, abuse detection | Legitimate interests (Article 6(1)(f)) and legal obligation (Article 6(1)(c)). |
| Compliance with legal requests | Legal obligation (Article 6(1)(c)). |
Where we rely on legitimate interests under Article 6(1)(f) to process personal data about Scored Individuals, we have conducted a Legitimate Interests Assessment ("LIA") that records the following.
Interest pursued. CallRank's legitimate interest is the publication of editorial analytical commentary on the directional outcome of public market forecasts made by public-figure forecasters who have voluntarily entered public discourse on cryptocurrency markets. This editorial analytical processing is journalism within the meaning of UK GDPR Article 85 and the UK Data Protection Act 2018, Schedule 2, Part 5.
Necessity. The processing is necessary because the editorial output cannot be produced without ingesting the Public Posts that are the subject of the editorial assessment, identifying the Scored Individual who authored each post, and retaining a published audit trail tying each Scored Output to the source post and the methodology version applied.
Balancing. The Scored Individuals processed by the Service are persons who have voluntarily chosen to publish market commentary, predictions, or forecasts to public audiences on public-facing platforms under their own identity. The data processed are limited to the publicly displayed identifiers, the publicly available post content, and the analytical metadata derived from that content. No special-category personal data are processed; no precise geolocation is collected; no identity inference is performed beyond linking the post to the publicly displayed author identifier. The published audit trail and the inquiry process described in Section 13 allow Scored Individuals as data subjects to inspect the editorial output about them, to flag factual errors for correction, and to request cessation of further scoring. The countervailing public-interest value of editorial accountability for public market commentary, in markets where forecaster claims directly affect retail behavior, materially exceeds the residual privacy interest in publicly chosen public discourse.
The LIA is documented and in place as of the effective date of this Policy; the summary in this Section is the operative record of that assessment. A more detailed, public-facing LIA is planned as Phase 3 work and will supplement, not replace, the assessment described above. A copy of the documented LIA is available on request to callranksupport@gmail.com.
Editorial CallRank Scores do not produce legal effects or similarly significant effects on the data subject within the meaning of UK GDPR Article 22(1). The Service does not engage in automated individual decision-making, including profiling, that produces legal effects concerning the data subject or similarly significantly affects the data subject. Scored Outputs are editorial commentary published on the Service; they do not deny credit, deny employment, deny insurance, or deny any other entitlement to the Scored Individual. CallRank does not use Scored Outputs to make credit, employment, insurance, or comparable adverse decisions about Scored Individuals. The Terms of Service prohibit Subscribers from redistributing or republishing Scored Outputs as investment advice or as the output of a regulated advisory service. Article 22 is not engaged for the use case set out in this Policy.
The editorial safeguards described in Section 13.3, including manual review of contested Scored Outputs and the Data Protection Impact Assessment, are voluntary editorial standards adopted as best practice for a responsible analytical publisher. They are not Article 22 safeguards and CallRank does not invoke them as such.
We share personal information only as described below.
With data processors and subprocessors. Processors and subprocessors that process personal information on our behalf under written contract within the meaning of Article 28 UK GDPR, including for hosting, payments, email delivery, analytics, AI model inference, and customer support. See Appendix C for the current list.
With other users of the Service. Your X handle and public display name may appear on public pages of the Service if you elect to post a comment, link your handle, or otherwise make information public through the Service. Scored Output about Scored Individuals is published on the public Service.
In connection with a corporate transaction. If CallRank is involved in a merger, acquisition, financing, or sale of substantially all of its assets, personal information may be transferred as part of that transaction, subject to confidentiality obligations and the terms of this Policy.
In response to legal process. We may disclose personal information where we reasonably believe disclosure is required by law, necessary to enforce the Terms, or necessary to protect the rights, property, or safety of CallRank, our users, or others. Where lawful, we will give the affected individual notice and an opportunity to object.
With your consent. In any case not described above, we will share personal information only with your express consent.
Our subprocessors are listed in Appendix C. We update Appendix C when we add or replace a subprocessor; Subscribers may request advance notice of subprocessor changes by emailing callranksupport@gmail.com.
CallRank is operated from the United States, and our subprocessors are located in the United States. Where personal data are transferred from the United Kingdom to a country that the UK has not recognized as providing an adequate level of protection, we rely on the UK International Data Transfer Addendum ("IDTA") to the European Commission Standard Contractual Clauses ("SCCs") and supplementary technical and organizational measures appropriate to the transfer.
We use a small number of cookies and similar technologies, organized into the following categories.
Essential. Session authentication and CSRF protection. These cannot be disabled because the Service cannot function without them.
Preferences. Remember filter state on the Leaderboard, your preferred timeframe, and similar in-product configuration.
Analytics. We use Plausible Analytics, which is cookieless by default, for aggregate traffic measurement. We use PostHog for product analytics; PostHog session replay is opt-in only and is off by default.
We do not use third-party advertising cookies and we do not participate in cross-context behavioral advertising. You may manage cookie preferences at any time through the cookie banner or in Settings.
We retain personal information only for as long as necessary for the purposes for which it was collected, subject to legal, accounting, and reporting requirements. Default retention periods are set out below.
| Category | Default retention period |
|---|---|
| Account information | For the life of the account, plus thirty (30) days after deletion to allow recovery and to satisfy audit logs. |
| Billing records | Seven (7) years from the date of the transaction. |
| Support communications | Three (3) years from the last interaction. |
| Cookieless aggregate analytics (Plausible) | Indefinitely in aggregate, non-identifying form. |
| Product analytics (PostHog) tied to a Subscriber | Twelve (12) months. |
| PostHog session replay (opt-in) | Thirty (30) days, then automatically deleted. |
| AI Chat prompt and response logs (Subscriber-anonymous) | Twelve (12) months from log entry. Logs are Subscriber-anonymous and used for refusal-rate measurement, dataset-gap identification, and Subscriber-flagged-event review. |
| Stat Card generation events | Three (3) years from event date, for editorial-record and methodology-versioning purposes. |
| Public Post content and Scored Output | Indefinitely while the underlying post remains public, subject to the rights described in Section 13. Where a Public Post is deleted at its source platform, the raw text is deleted from active storage within twenty-four (24) hours of receiving notice; derived analytical metadata is retained as part of the published audit trail. |
| Server access logs | Ninety (90) days. |
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include encryption in transit (TLS 1.2 or higher), encryption at rest for production databases, role-based access controls, audit logging, vulnerability scanning, and a documented incident response process. Internal access to Subscriber and Scored Individual personal information is restricted under least-privilege principles to the smallest engineering and editorial team necessary to operate the Service; access to production data systems is logged.
No system is perfectly secure. If we become aware of a personal data breach within the meaning of Article 4(12) UK GDPR that is likely to result in a risk to the rights and freedoms of data subjects, we will notify the Information Commissioner's Office ("ICO") within 72 hours of becoming aware, where required by law, and notify affected data subjects without undue delay where the breach is likely to result in a high risk.
Subject to applicable law, as a data subject you have the following rights with respect to personal information we process about you.
Access. Request a copy of the personal information we process about you (Article 15 UK GDPR).
Rectification. Request that inaccurate or incomplete information be corrected (Article 16 UK GDPR).
Erasure. Request that we delete personal information, subject to the exceptions described in this Policy and applicable law (Article 17 UK GDPR).
Data portability. Receive a machine-readable export of personal information you have provided to us (Article 20 UK GDPR).
Objection. Object to processing carried out on the basis of legitimate interests (Article 21 UK GDPR).
Restriction. Request that we restrict processing in certain circumstances (Article 18 UK GDPR).
Withdraw consent. Where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing (Article 7(3) UK GDPR).
Lodge a complaint. UK data subjects may complain to the ICO at the supervisory authority in their country of residence (ico.org.uk).
Subscribers can exercise the rights of access, rectification, portability, and erasure directly in Settings. Other rights may be exercised by emailing callranksupport@gmail.com. We will respond to verified requests within the timeframes required by applicable law (generally 30 days under the UK GDPR; 45 days under the CCPA, extendable as permitted).
California residents have additional rights under the CCPA and CPRA, including the right to know the categories of personal information collected, the right to opt out of sale or sharing for cross-context behavioral advertising (we do not engage in either), the right to limit the use of sensitive personal information (we do not collect sensitive personal information as that term is defined under the CPRA), and the right not to be discriminated against for exercising these rights. See Appendix D for the CCPA and CPRA categories disclosure.
Because CallRank does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are defined in the CPRA, CallRank does not provide "Do Not Sell or Share My Personal Information" links. Because CallRank does not collect or process sensitive personal information as that term is defined under the CPRA, CallRank does not offer a "Limit the Use of My Sensitive Personal Information" control.
Scored Individuals have the statutory rights of a data subject set out in Section 12 with respect to personal data processed about them, including the right of access, the right to request rectification of factual errors, the right to object to processing carried out on the basis of legitimate interests under Article 21 UK GDPR, and the right to request erasure under Article 17 UK GDPR.
Where a Scored Individual exercises the right of erasure, we evaluate the request under Article 17 UK GDPR and the journalism exemption at UK GDPR Article 85 and the UK Data Protection Act 2018, Schedule 2, Part 5. Where the underlying Public Post has been deleted at its source platform, we treat the deletion as a request to update the corresponding record under Section 4. Where the underlying Public Post remains public, erasure of the Scored Output may be refused under Article 17(3) UK GDPR, as implemented in the United Kingdom by Schedule 2, Part 5 of the Data Protection Act 2018, which permits the processing of personal data for the special purposes of journalism in connection with editorial commentary on matters of public interest.
Where a Scored Individual exercises the right to object under Article 21, we reassess the legitimate-interest balancing exercise recorded in Section 6.2 in light of the data subject's specific situation. We will either continue processing on the basis of compelling legitimate grounds (which we will explain in writing) or cease processing.
Independently of the statutory rights set out in Section 13.1, CallRank maintains a published inquiry process as a standard of responsible analytical journalism. The inquiry process is the recommended channel for the substantive concerns Scored Individuals raise most often: misclassification of forecast type or direction, incorrect evaluation-window selection, errors in component values, factual errors in the underlying market data, misquotation of the source Public Post, and misattribution of a post. Inquiries are accepted from any Scored Individual, regardless of whether the Scored Individual has created an account, subscribed to the Service, or asserted a statutory data-subject right.
Scored Individuals may submit inquiries through the channel published in the separate Scored Individual Policy at callrank.ai/scored-individual-policy. The Scored Individual Policy describes the intake channel, the response timelines, the identity-verification step, and the triage between factual-error correction and methodology-disagreement inquiries. CallRank acknowledges receipt of inquiries within the published timeline and responds substantively within the published timeline.
Inquiries are routed to disputes@callrank.ai. The inquiry process is editorial; it operates alongside the statutory rights described in Section 13.1 and does not condition, suspend, or replace any statutory right.
These safeguards are voluntary editorial standards, not safeguards adopted to satisfy a specific statutory requirement; they apply to the production of editorial commentary and operate alongside the statutory rights set out in Section 13.1.
Manual review of high-impact Scored Outputs. Scored Outputs identified by internal triage as high-impact, including those flagged by Scored Individuals through the inquiry process, are reviewed by an editor before further publication. The reviewer evaluates the underlying Public Post, the methodology version applied, and the component values; where a factual error is identified, the Scored Output is corrected and the audit trail is updated.
Documented audit trail. Each Scored Output is associated with the source Public Post, the methodology version applied at the time of scoring, the component values, and any subsequent corrections. The audit trail is publicly accessible on the Scored Individual's profile page.
Identity-verification step. Inquiries asserting ownership of the underlying account are subject to an identity-verification step before account-claim or per-inquiry resolution. The verification step is published in the Scored Individual Policy.
Logged record of inquiries. CallRank maintains an internal log of inquiries received, the disposition of each inquiry, and the time-to-response. The log informs editorial review and methodology refinement.
Data Protection Impact Assessment ("DPIA"). CallRank maintains a DPIA for the editorial-scoring pipeline, reviewed at least annually and on any material methodology change. The DPIA documents the residual privacy risk, the editorial measures adopted to mitigate that risk, and the inquiry process available to affected Scored Individuals.
Public methodology disclosure. The current and prior versions of the methodology are published on the Methodology Page and are publicly accessible at all times. The methodology disclosure describes the analytical framework, the components used to produce Scored Outputs, the rules for evaluation windows, and the known limitations of the pipeline.
CallRank's editorial safeguards described in Section 13.3, including manual review of contested Scored Outputs and the DPIA, are voluntary editorial standards adopted as best practice for a responsible analytical publisher. They are not Article 22 safeguards and CallRank does not invoke them as such.
The Service is not directed to and may not be used by persons under 18 years of age (or the age of legal majority in your jurisdiction, whichever is greater). We do not knowingly collect personal information from persons under that age. If we learn that we have collected personal information from a person under that age, we will delete it promptly. If you believe a child has provided personal information to us, please contact callranksupport@gmail.com.
We may update this Policy from time to time. Where the changes are material, for example a new category of personal information collected, a new purpose of use, or a new category of recipients, we will give Subscribers at least 30 days' advance notice by email and through a prominent in-product notice, and the change will take effect at the end of that notice period. Non-material changes, for example clarifications of existing language or updates to the subprocessor list within an existing category, will take effect when posted, and the "Last updated" date at the top of this Policy will be revised.
Questions, requests, and complaints relating to this Policy should be directed to:
CallRank.AI LLC
971 US Highway 202N, Suite R, Branchburg, New Jersey 08876
Email: callranksupport@gmail.com
Scored Individual inquiries: disputes@callrank.ai
CallRank has not designated a Data Protection Officer under Article 37 UK GDPR; data-protection queries may be directed to callranksupport@gmail.com.
The following data processors and subprocessors process personal information on our behalf as of the effective date of this Policy, under written contracts within the meaning of Article 28 UK GDPR. We update this list when we add or replace a subprocessor; Subscribers may request advance notice of subprocessor changes by emailing callranksupport@gmail.com.
| Subprocessor | Purpose | Location | Categories of data |
|---|---|---|---|
| Stripe, Inc. | Payment processing | United States | Subscriber billing data. |
| Google LLC (Google Cloud Platform) | Hosting and storage | United States; data stored in the US Central region (us-central1) | All personal information processed by the Service. |
| Anthropic, Inc. | AI Chat response generation via the Claude API | United States | AI Chat prompt text combined with CallRank system prompt; no Subscriber account information is sent in the API payload. Under Anthropic's commercial API terms, inputs and outputs are not used to train Claude models. See Section 5. |
| Anthropic, Inc. for the editorial-scoring pipeline | AI inference for the editorial-scoring pipeline | United States | Public Post content and post identifiers; no Subscriber personal information is sent to the inference provider. Under applicable API terms, providers do not use the data sent to them to train their general-purpose models. |
The table below sets out the categories of personal information defined in California Civil Code Section 1798.140, indicates whether CallRank has collected each category in the preceding 12 months, and identifies the categories of sources, business or commercial purposes, and recipients.
| Category | Collected? | Sources | Purposes | Recipients |
|---|---|---|---|---|
| A. Identifiers (name, email, IP address, X handle) | Yes | Subscriber direct; X API; automatic collection | Service provision, billing, analytics, security | Subprocessors in Appendix C. |
| B. Customer records (billing address, payment-method token) | Yes | Subscriber direct via Stripe, Inc. | Subscription administration | Stripe, Inc.; tax authorities where required. |
| C. Protected classifications | No | |||
| D. Commercial information (subscription tier, Watchlist) | Yes | Subscriber direct; automatic collection | Service provision | Subprocessors in Appendix C. |
| E. Biometric information | No | |||
| F. Internet / network activity (usage data, device data) | Yes | Automatic collection | Service provision, analytics, security, and AI Chat feature operation under the system-prompt scope restriction set out in the Terms | Subprocessors in Appendix C. |
| G. Geolocation (approximate, country / region only) | Yes | Derived from IP | Security, fraud prevention, geographic compliance | Subprocessors in Appendix C. |
| H. Sensory data | No | |||
| I. Professional or employment information | No | |||
| J. Education information | No | |||
| K. Inferences (Scored Output for Scored Individuals who are California residents) | Yes | Derived from Public Posts | Editorial analytical journalism on public-figure conduct | Public display on the Service. |
| L. Sensitive personal information (CPRA) | No |
CallRank has not sold personal information for monetary consideration in the preceding 12 months and does not share personal information for cross-context behavioral advertising. CallRank does not knowingly collect personal information from persons under 18.
End of Privacy Policy.