Privacy Policy
Last updated: 8 June 2026
This is a courtesy translation provided for convenience only. The Italian version is the legally binding one.
This Privacy Policy describes how DENTOKU DEV("we", the "Data Controller") processes personal data in connection with the kallmyservice, a voice assistant based on artificial intelligence ("AI") that answers phone calls for accommodation businesses and other activities, handling requests, bookings and messages. This policy is provided pursuant to Regulation (EU) 2016/679 ("GDPR"), Italian Legislative Decree 196/2003 (the "Italian Privacy Code"), Regulation (EU) 2024/1689 (the "AI Act") and Italian Law no. 132 of 23 September 2025 on artificial intelligence.
1. Data Controller
The Data Controller is DENTOKU DEV, Via Bullona 8, 20154 Milano, IT, VAT no. 13625480960. For any request concerning data protection you can write to info@kallmy.com.
2. Who this policy is addressed to
kallmy is intended for both business customers (companies and professionals) and consumers. This policy covers the Customers who subscribe to the service and configure the assistant (and their employees/collaborators), the visitors of the website, and the callers (guests, end customers, third parties) whose phone calls are handled by the AI assistant.
Privacy roles (business Customer). When a business Customer uses kallmy to handle calls from its own guests/customers, the Customer is the independent Data Controllerof the callers' data, while DENTOKU DEV acts as a Data Processor(Art. 28 GDPR) on behalf of the Customer, under a specific data processing agreement (DPA) available on request. With regard to the Customer's account, billing and browsing data, DENTOKU DEV is instead an independent Data Controller.
3. Personal data processed
- Registration and account data (name, email, credentials in encrypted form, company role).
- Business/property data (contact details, opening hours, FAQs, transfer rules, assistant configuration and instructions).
- Data relating to the phone calls handled by the AI assistant: audio recordings, transcripts, caller's number, date/time and duration, summaries and booking data (leads).
- Messaging data (content and metadata of WhatsApp messages).
- Billing and payment data, handled through the payment provider (full card details do not pass through our systems).
- Technical and browsing data (IP address, device, browser, logs, technical cookies).
Special categories of data. The assistant is not designed to collect special-category data (Art. 9 GDPR). We ask Customers not to configure it to solicit such data and callers not to disclose it; where it is disclosed spontaneously, processing takes place on the basis of necessity and/or consent.
4. Processing purposes and legal bases
- Provision of the service and account management: performance of the contract (Art. 6(1)(b) GDPR).
- Handling of phone calls by the AI, including recording and transcription to follow up on the request and for service quality: performance of the contract and/or legitimate interest (Art. 6(1)(b) / 6(1)(f)) and, where required, the caller's consent collected via a notice at the beginning of the call (Art. 6(1)(a)).
- Sending of notifications and WhatsApp messages: performance of the contract and, for messages to the guest, consent (Art. 6(1)(b) / 6(1)(a)).
- Payments, invoicing and accounting and tax obligations: legal obligation (Art. 6(1)(c)).
- Security, abuse and fraud prevention, diagnostics and improvement: legitimate interest (Art. 6(1)(f)).
Transparency about the use of AI.In accordance with Art. 50 of the AI Act and Italian Law 132/2025, the caller is clearly informed, at the beginning of the conversation, that they are interacting with an automated AI-based assistant and of any recording of the call. The AI is a support tool and does not replace the Customer's responsibility towards its own guests.
5. Call recording and transcription
The recording and transcription of phone calls serve the proper handling of the request and the improvement of service quality. At the beginning of each call a notice is given to the caller. The Customer activating the service is responsible for providing its callers with adequate information, for collecting valid consent where necessary, and for not using the recordings for further, incompatible purposes. Callers who do not wish to be recorded may request a human operator or end the call.
6. Data retention
We retain data only for as long as necessary for the purposes set out above or for the periods required by law. Account and configuration data are retained for the duration of the contractual relationship. Call recordings and transcripts are retained for the time strictly necessary to handle the request and in any case no longer than 12 months (a period configurable by the Customer), after which they are deleted or anonymised. Billing data are retained for the periods required by law (as a rule, 10 years). Technical data and logs are as a rule retained no longer than 12 months.
7. Recipients and external processors
Data may be processed, on our behalf, by the following providers (data processors, Art. 28 GDPR):
- Supabase: Database hosting and authentication (EU/USA).
- Retell AI: Voice call handling and transcriptions (USA).
- Twilio: WhatsApp message delivery (USA).
- Stripe: Payment processing (EU/USA).
Data may also be disclosed to advisors (e.g. accountants, lawyers), to competent authorities upon legitimate request, and to parties involved in possible corporate transactions. We do not sell personal data to third parties. An up-to-date list of processors is available by writing to info@kallmy.com.
8. Transfers of data outside the EU
Some providers may process data outside the European Union. In such cases, transfers take place in compliance with Chapter V of the GDPR, on the basis of adequacy decisions (where applicable, including the EU-US Data Privacy Framework for providers certified in the USA) or of Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented by additional measures where necessary.
9. Data subjects' rights
Data subjects may exercise their rights of access, rectification, erasure, restriction, portability and objection, and withdraw consent at any time (Arts. 15-22 GDPR), by writing to info@kallmy.com. If the data are processed on behalf of a business Customer (acting as Data Controller), we will forward the request to the relevant Customer. It is also possible to lodge a complaint with the Garante per la protezione dei dati personali, the Italian data protection authority (garanteprivacy.it), or with the competent supervisory authority.
10. Cookies
The website uses technical cookies necessary for its operation (authentication, session, security), for which no consent is required. Any non-essential cookies are installed only with prior consent given through the dedicated banner, which can be withdrawn at any time.
11. Security
We adopt appropriate technical and organisational measures to protect data against unauthorised access, loss, destruction or misuse, including encryption in transit and at rest where possible, access controls and pseudonymisation.
12. Changes to this policy
We may update this policy from time to time. Changes will be published on this page with an indication of the update date; in the event of substantial changes we will provide appropriate notice.