Document ID: LCR-POL-PRIV-v1.2 - Effective Date: 19 February 2026
This Privacy Policy explains how Havio collects, uses, protects, and shares personal data when you visit our website, request a demo, contact us, or use Havio AI receptionist services.
1. Who We Are
Havio is the trading name of Leenops LLC. We provide AI receptionist software for business phone workflows, including missed-call answering, appointment booking, lead qualification, call summaries, integrations, and human handoff.
For privacy questions, contact us at privacy@havio.com. Registered details, billing information, and regional notices are provided in signed customer agreements, invoices, or the applicable legal notice.
2. Data We Collect
We may collect:
| Category | Examples |
|---|---|
| Website data | IP address, device/browser information, pages visited, referral source, analytics events |
| Contact data | Name, email address, phone number, company, role, message content |
| Demo and sales data | Call volume, use case, industry, tools used, scheduling details, demo notes |
| Service configuration | Approved scripts, business hours, service areas, routing rules, fallback contacts, FAQ content |
| Call data | Caller phone number, call metadata, recordings, transcripts, summaries, tags, booking outcomes, escalation notes |
| Integration data | CRM records, calendar availability, ticket data, webhook payloads, and connected-tool metadata as configured by the customer |
| Billing data | Invoice details, plan information, usage, payment status, and tax information |
3. How We Use Data
We use personal data to:
- Provide, operate, secure, and improve Havio services
- Answer demo and support requests
- Configure AI receptionist workflows for customers
- Route, summarize, book, transfer, and log calls according to customer settings
- Send service, billing, security, and product notices
- Monitor reliability, abuse, fraud, and policy violations
- Meet legal, accounting, tax, and compliance obligations
4. Legal Bases
Where GDPR or similar law applies, our legal bases may include:
- Contract - to provide the service requested by a customer
- Legitimate interests - to operate, secure, improve, and market our services in a proportionate way
- Consent - where required for marketing, call recording, cookies, or specific voice-processing features
- Legal obligation - for tax, accounting, security, and compliance requirements
Customers are responsible for providing lawful notices and obtaining required consents from their callers and end users when they configure Havio for their own phone workflows.
5. Voice, Recordings, and AI Disclosure
Havio may process call recordings, transcripts, and summaries when configured by a customer. Voice recordings can be sensitive and may be regulated differently by jurisdiction. Customers should configure disclosure and consent language appropriate to where they operate and where callers are located.
Havio is not intended to identify a person uniquely from their voice unless that feature is explicitly enabled under a written agreement and an appropriate lawful basis has been established.
6. Subprocessors and Service Providers
We use service providers for hosting, telephony, AI models, analytics, payments, email, support, CRM, calendar, and security operations. These providers process data only as needed to deliver the service and are governed by their own contractual and technical controls.
Specific subprocessors may vary by customer configuration, region, integration, and plan. A customer-specific subprocessor list or data processing addendum is available where applicable.
7. International Transfers
Havio may process data in the United States, European Union, and other locations where our providers operate. Where required, we use appropriate transfer mechanisms such as data processing agreements, standard contractual clauses, regional hosting options, or equivalent safeguards.
8. Retention
Retention depends on the data type, customer settings, legal obligations, and the applicable agreement. The table below gives Havio's public baseline for standard SMB workflows unless a customer agreement, plan, legal hold, or connected-tool setting says otherwise.
| Data Type | Public Baseline |
|---|---|
| Website analytics | Up to 24 months, or shorter where analytics settings require it |
| Contact and demo records | While there is an active sales/support need, then up to 3 years for business records |
| Call recordings | Disabled unless enabled. When enabled for standard SMB workflows, default retention is 30 days unless the customer selects a shorter or longer approved period |
| Transcripts and summaries | Up to 12 months for workflow review, dispute handling, handoff quality, and support unless configured differently |
| Extracted call fields | While needed for booking, CRM, ticketing, callbacks, reporting, or support review; usually tied to the account lifecycle |
| Service configuration | While the account or agreement is active, then up to 90 days after cancellation for export, rollback, or reactivation support unless deletion is requested earlier |
| Connected-tool records | Controlled by the customer's CRM, calendar, ticketing, spreadsheet, chat, or webhook destination after data is sent there |
| Billing and tax records | Up to 7 years where needed for accounting, tax, dispute, and legal obligations |
| Security logs | Up to 12 months for security, audit, abuse prevention, and incident investigation unless longer retention is required |
| Backups | Usually overwritten or expired within 30 to 90 days, depending on provider and system configuration |
Customers may request shorter retention where supported by the service and applicable law.
Export or deletion requests should identify the account, authorized requester, phone number or workspace, approximate date range, and record type: recording, transcript, summary, extracted fields, configuration, support ticket, billing record, or connected-tool record. Havio aims to acknowledge privacy requests within 10 business days and complete routine export or deletion requests within 30 days where the requester is authorized and no exception applies.
Deleting data in Havio may not delete records already written to customer-selected tools, which usually have their own export, retention, and deletion controls.
Customers should not configure Havio to collect payment card numbers, passwords, government identifiers, medical diagnosis details, legal advice facts beyond approved intake, or other sensitive data unless the workflow, legal basis, access model, and retention rules have been reviewed.
9. Security
We use administrative, technical, and organizational safeguards designed to protect personal data, including access controls, encryption where appropriate, least-privilege access, logging, vendor review, and incident response procedures. No system is perfectly secure, and customers should configure workflows, integrations, and user access carefully.
10. Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, portability, or withdraw consent. To exercise rights, contact privacy@havio.com. If your data was processed on behalf of a Havio customer, we may direct the request to that customer because they control the underlying call workflow.
11. Cookies and Analytics
We use cookies and similar technologies for site functionality, analytics, security, and marketing measurement. See our Cookie Policy for more detail.
12. Children's Privacy
Havio is intended for business use and is not directed to children. Customers should not configure Havio to collect children's data unless they have a lawful basis and appropriate safeguards.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted on this page or communicated through another appropriate channel.
14. Contact
For privacy questions, contact:
Email: privacy@havio.com
Policy Changelog
| Version | Date | Summary |
|---|---|---|
| v1.2 | 2026-06-30 | Added public baseline retention periods and export/deletion request timing |
| v1.1 | 2026-06-29 | Updated SaaS privacy wording |
| v1.0 | 2026-02-19 | Initial publication |