Document ID: LCR-POL-DPA-v1.0 · Effective Date: 29 June 2026
This Data Processing Agreement ("DPA") describes how Havio processes personal data on behalf of customers when providing AI receptionist, call handling, transcription, summary, routing, booking, and integration services.
This DPA is a public summary. Customer agreements may include additional or superseding data processing terms.
1. Roles
For customer call workflows, the customer is usually the controller or business deciding why personal data is processed. Havio usually acts as a processor or service provider when handling caller data under the customer's instructions.
Havio may act as an independent controller for website analytics, sales communications, billing, security, and support operations.
2. Processing Activities
Havio may process personal data to:
- Answer inbound calls
- Transcribe, summarize, tag, and route call outcomes
- Book appointments or create callback requests
- Update connected tools such as calendars, CRMs, ticketing systems, spreadsheets, email, SMS, Slack, or Teams
- Transfer callers to humans with context
- Monitor quality, reliability, abuse, and security
- Provide support and account administration
2.1 Workflow Processing Matrix
| Workflow step | Typical data | Typical destination |
|---|---|---|
| Phone answering | Caller number, call metadata, configured greeting, language, routing state | Havio workflow runtime and telephony provider |
| Speech and transcript processing | Call audio where configured, transcript, language, confidence signals | AI, speech, and transcription providers used for the workflow |
| Qualification and routing | Caller answers, urgency, service type, location, callback preference, transfer reason | Havio workflow records and configured handoff destination |
| Booking | Appointment type, preferred time, calendar owner, confirmation notes | Calendar or scheduling system selected by the customer |
| CRM or ticket update | Summary, tags, extracted fields, transcript link, owner, task or ticket details | CRM, ticketing, spreadsheet, chat, or webhook tools selected by the customer |
| Review and support | Failed-call details, unresolved intents, integration errors, support messages | Havio support, monitoring, and customer operations records |
Customers decide which integrations are connected and which fields are written to those systems. Customer-selected systems may retain their own copy of data under the customer's account and vendor settings.
3. Personal Data Categories
Depending on the configured workflow, processed data may include:
- Caller name, phone number, email, address, and preferred language
- Call audio, transcripts, summaries, tags, intent, urgency, and outcome
- Appointment details, service request details, lead qualification answers, and callback notes
- Connected-system identifiers such as CRM contact IDs, calendar event IDs, ticket IDs, or webhook payload IDs
- Customer user contact details and support messages
Customers should not configure Havio to collect sensitive or regulated data unless the workflow, legal basis, disclosure, retention, and human handoff rules have been reviewed.
4. Customer Instructions
Havio processes customer data according to the customer's configuration, signed agreement, documented support instructions, and approved workflows.
Customers are responsible for providing accurate approved knowledge, lawful call scripts, disclosure requirements, transfer contacts, data retention expectations, and integration permissions.
5. Security Measures
Havio uses administrative, technical, and organizational controls appropriate to the service, including:
- Access controls for administrative systems
- Encryption in transit where supported by the relevant service
- Role-based access to customer data where available
- Logging and monitoring for operational security
- Vendor review for subprocessors used in core workflows
- Incident escalation and customer notification procedures
6. Subprocessors
Havio uses subprocessors for hosting, telephony, AI model processing, transcription, analytics, email, support, and integration delivery. The current public list is available at Subprocessors.
Havio may update subprocessors as the service evolves. Material changes are handled according to the customer agreement.
7. Data Subject Requests
Customers should send access, correction, deletion, restriction, portability, or objection requests involving customer-controlled call data to Havio support with enough context to identify the relevant records.
Havio will assist customers where technically and commercially reasonable, subject to lawful retention, security, fraud-prevention, and backup limitations.
Requests should include the authorized account owner, workspace, phone number, approximate date range, and record type. If the relevant data was already sent to a CRM, calendar, ticketing tool, chat tool, spreadsheet, or webhook destination, the customer may also need to use that connected system's export or deletion process.
8. International Transfers
Havio may use providers located outside the customer's country. Where required, Havio relies on appropriate transfer mechanisms such as contractual commitments, vendor safeguards, and customer agreement terms.
Customers with strict data residency requirements should raise them before launch.
9. Retention and Deletion
Retention periods depend on the customer plan, configured workflow, legal obligations, and connected systems. Public retention summaries are included in the Privacy Policy.
Customers can request deletion or export support through the contact channel in their agreement or by emailing support.
Customers should define retention before live calls start: whether recordings are enabled, whether transcripts are retained, which users can review summaries, what must be written to connected tools, and which sensitive topics must transfer to a human instead of being stored.
10. Audit and Information Requests
Havio can provide reasonable information about controls, subprocessors, and data processing practices for procurement or compliance review. Any formal audit rights are governed by the signed customer agreement.
Policy Changelog
| Version | Date | Summary |
|---|---|---|
| v1.0 | 2026-06-29 | Initial public DPA summary for Havio SaaS workflows |