Privacy Policy

Account information. When you create an account, we collect your name, email address, law firm name, phone number, and billing information.

Call recordings and transcripts. When Samie handles calls on your behalf, we process and store call audio recordings, AI-generated transcripts, structured intake summaries, and caller information captured during the conversation.

Usage data. We automatically collect information about how you interact with the Service, including pages visited, features used, call volumes, and performance metrics.

Device and browser information. We collect standard technical information such as your IP address, browser type, operating system, and device identifiers for security and analytics purposes.

We use the information we collect to:

• Provide, maintain, and improve the Service, including answering calls, generating transcripts, and delivering intake summaries.
• Process your billing and manage your subscription.
• Train and improve our AI models to provide more accurate and natural conversations. Call data used for model improvement is anonymized and aggregated.
• Communicate with you about your account, service updates, and support requests.
• Detect, prevent, and address fraud, abuse, and security issues.
• Comply with legal obligations.

We do not sell your data. We never sell, rent, or trade your personal information or call data to third parties for their marketing purposes.

We share information only with the following categories of service providers, solely to operate the Service:

• AI processing: Anthropic (Claude AI) for natural language understanding and response generation.
• Telephony: Twilio for call routing, phone number provisioning, and SMS delivery.
• Voice synthesis: ElevenLabs for natural-sounding voice generation.
• Infrastructure: Supabase for database hosting, Vercel for application hosting.
• Payments: Stripe for subscription billing and payment processing.

Each service provider is contractually obligated to use your information only to provide their specific service and to maintain appropriate security measures.

We may also disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Samie AI integrates with Google Calendar and Microsoft Outlook so that our AI receptionist can check attorney availability and book consultation appointments during incoming calls. This section describes what data we access from each provider, how we use it, how we store it, and how you can disconnect at any time.

4.1 Google Calendar (Google Calendar API v3)

If you connect your Google Calendar to Samie, you authorize the following Google API scopes via OAuth 2.0:

• userinfo.email: to identify the Google account you connected and display it in your Samie dashboard.
• calendar.readonly: to read free/busy times on the calendar you authorize, so Samie can offer genuinely available consultation slots to callers during AI intake.
• calendar.events: to create new consultation events on your authorized calendar when a caller books an appointment.

What Samie reads from your Google Calendar. Samie uses the Google Calendar freeBusy API endpoint, which returns only busy/free time ranges. Samie does not read event titles, descriptions, attendees, locations, conferencing details, or any other event content. For attorney-client confidentiality, this means Samie cannot see the names of your existing clients or the subject of any meetings already on your calendar.

What Samie writes to your Google Calendar. When a caller confirms an appointment through Samie, we create a single new event on the calendar you authorized, containing the caller's name, the consultation time, and a short description noting that the event was booked by Samie. We do not modify, delete, or otherwise alter events that Samie did not create.

Limited Use disclosure. Samie AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

4.2 Microsoft Outlook (Microsoft Graph v1.0)

If you connect your Microsoft Outlook calendar to Samie, you authorize the following Microsoft Graph permissions via OAuth 2.0:

• User.Read: to identify the Microsoft account you connected and display it in your Samie dashboard.
• Calendars.ReadWrite: to read free/busy times on your calendar so Samie can offer genuinely available consultation slots to callers, and to create new consultation events when a caller books an appointment.
• offline_access: to maintain the connection across sessions so Samie can continue checking availability and booking on your behalf without repeated re-authentication.

What Samie reads from your Outlook calendar. Samie queries the Microsoft Graph calendar view endpoint only to determine your busy/free times. Samie does not read existing event content beyond what is needed to determine availability blocks, and never accesses your Outlook mail, contacts, files, or any other Microsoft 365 data.

What Samie writes to your Outlook calendar. When a caller confirms an appointment through Samie, we create a single new event containing the caller's name, the consultation time, and a short description noting that the event was booked by Samie. We do not modify or delete events that Samie did not create.

4.3 Universal calendar data handling

The following commitments apply to data accessed through both the Google and Microsoft integrations described above.

Storage. OAuth access tokens and refresh tokens are encrypted at rest in our database and are never exposed in client-side code or in our application logs. Calendar data (busy/free blocks and the events Samie creates) is fetched on demand from each provider's API and is not persistently cached beyond short-lived server-side request cycles. The infrastructure security controls described in Section 5 apply to all stored OAuth credentials.

No secondary use. We do not use your calendar data, or any data obtained from Google or Microsoft APIs, to train or improve generalized AI/ML models. We do not sell, rent, or transfer your calendar data to third parties for advertising, marketing, or any other purpose. We do not use your calendar data for any purpose other than the availability-checking and appointment-booking features described in this section.

No human access (with limited exceptions). No employee or contractor at Samie reads your calendar data, except (a) with your explicit consent, (b) where required to comply with applicable law or legal process, (c) for security investigations such as suspected abuse, fraud, or technical failure, or (d) where data has been aggregated or anonymized in a way that cannot identify any individual user.

Data sources and providers. When you connect a calendar, Google LLC (for Google Calendar) and Microsoft Corporation (for Microsoft Outlook) act as the source of the data and apply their own privacy terms in addition to ours. Calendar data accessed through these APIs is processed by Samie's infrastructure subprocessors listed in Section 3.

Deletion on disconnect. When you disconnect a calendar integration from your Samie dashboard, we delete the associated OAuth access and refresh tokens from our database within 24 hours. Any cached calendar data is cleared within 7 days. Booking records (appointments Samie has created on your behalf) are retained per the schedule in Section 7 so that your appointment history remains available to you.

4.4 How to revoke access

You can disconnect Samie's access to your calendar at any time:

• From Samie: open the Integrations page in your Samie dashboard and click “Disconnect” next to the relevant provider.
• From your Google Account: visit myaccount.google.com/permissions and revoke access to “Samie AI.”
• From your Microsoft Account: visit myaccount.microsoft.com, navigate to Privacy → Apps and services, and revoke access to “Samie AI.”

In all cases, Samie will stop being able to read or write to your calendar immediately, and the deletion procedures described above will apply. Questions about how Samie handles data from Google or Microsoft APIs can be sent to privacy@samie.ai.

We take the security of your data seriously and implement industry-standard measures to protect it:

• All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We follow SOC 2 security practices and conduct regular security assessments.
• Our infrastructure providers (Supabase, Vercel) maintain their own SOC 2 Type II certifications.

Samie AI is a technology service provider. We are not a law firm, and our Service does not create an attorney-client relationship between your firm and your callers. Calls handled by Samie are processed by artificial intelligence and are not privileged communications.

We recommend that law firms using our Service inform their callers that initial intake calls are handled by an AI assistant and that attorney-client privilege attaches only upon formal engagement by the firm. You are responsible for complying with your jurisdiction's rules of professional conduct regarding the use of AI in client communications.

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

• Call recordings: Retained for 90 days by default. You can configure shorter or longer retention periods from your dashboard settings.
• Transcripts and intake summaries: Retained for the duration of your subscription and for 30 days after account cancellation.
• Account information: Retained for the duration of your subscription and for 90 days after cancellation to allow for reactivation.
• Billing records: Retained as required by applicable tax and financial regulations.

You can request early deletion of specific data at any time by contacting us.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Export: Request a machine-readable export of your data, including call records, transcripts, and contact information.
• Restriction: Request that we restrict processing of your information in certain circumstances.

To exercise any of these rights, contact us at privacy@samie.ai. We will respond to your request within 30 days.

We use essential cookies to maintain your authenticated session and remember your preferences. We may use analytics cookies to understand how visitors interact with our website. We do not use third-party advertising trackers or sell browsing data.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on our dashboard. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at:

privacy@samie.ai

Samie AI
Attention: Privacy Team