1. About This Policy
This policy explains what GoToCalls does with your data. It covers our website at gotocalls.com, our services, and any data you share when you become a client, hire us for appointment setting or Executive Assistant work, or have us assist with your operations.
We wrote this to be specific, not vague. If something here is unclear, email us at privacy@gotocalls.com and we will answer plainly.
In this policy, “we,” “us,” and “GoToCalls” refer to GoToCalls. “You” means anyone whose data we hold, including visitors, prospects, clients, the people inside our clients’ businesses, and the contacts our clients ask us to work with on their behalf.
2. What We Collect
We collect different categories of data depending on how you interact with us.
When you visit the website
- IP address, browser type, device type, and operating system.
- Pages you visit, time on each page, and referring URL.
- Cookie identifiers, as explained in Section 11.
When you submit a form, book a call, or email us
- Name, email address, and phone number.
- Business name, role, and website.
- Anything you write in the message field or booking form.
When you become a client
- Billing details, such as company name, billing address, and payment method. Card numbers are handled by Stripe. We do not see or store full card numbers.
- Signed agreements, onboarding answers, and approved scope information.
- Access credentials, delegated access, or tokens you grant so we can do the work, such as Gmail or Google Calendar delegation, CRM access, Slack guest access, or approved system logins.
- Files, recordings, transcripts, notes, SOPs, reports, and other materials you share during the engagement.
When we support your operations
If you hire GoToCalls for Executive Assistant, Appointment Setter EA, Social Media Manager EA, AI Architect, or other approved support work, we may handle data about people inside your business and people you do business with, including prospects, leads, customers, employees, contractors, and referral partners. This may include names, contact information, conversation history, calendar data, deal notes, CRM records, and relationship context.
That data belongs to you. We process it on your behalf under the terms of the engagement and any signed Data Processing Agreement that applies.
From third parties
- Public business information from sources such as LinkedIn or your company website when researching a prospect, partner, or business contact.
- Referral information when someone introduces you to us.
- Fraud-prevention and identity-verification signals from our payment processor or security providers.
3. What We Do Not Do
A privacy policy should be clear about what does not happen.
- We do not sell your data to data brokers, advertisers, or third parties.
- We do not share your data with advertisers or ad networks.
- We do not use your business data, client lists, or operational content to train AI models.
- We do not intentionally collect biometric data, government identification numbers, or health information through this website.
- We do not track you across other websites for third-party advertising.
4. Why We Collect It
Each category of data has a specific reason behind it. We collect what we need to do the job, not more.
| What we collect | Why we collect it |
|---|---|
| Contact information from forms | To respond to your inquiry, book a call, and send what you asked for. |
| Billing details | To charge you correctly, send invoices, and meet tax requirements. |
| Access credentials or delegated access | To perform the work you hired us to do. |
| Operational data, such as CRM, inbox, calendar, files, and notes | To run the engagement and support approved client operations. |
| Website analytics | To understand which pages are useful and where the website needs to be improved. |
| Email and marketing data | To send updates you opted into. You can unsubscribe at any time. |
| Records of agreements and communication | To meet legal, tax, accounting, security, and dispute-resolution obligations. |
5. Legal Basis for Processing
Where GDPR, UK GDPR, or similar laws apply, we rely on one of the following legal bases for processing.
- Contract. When you hire GoToCalls, we process data to deliver the services in our agreement.
- Legitimate interest. Running our business, securing our website, preventing fraud, managing inquiries, and reaching out about relevant services when there is an existing relationship.
- Consent. Marketing emails to people who are not active clients and optional analytics cookies where required.
- Legal obligation. Tax records, fraud investigations, accounting, court orders, and required compliance records.
When we act as a data processor, such as handling a client’s customers, employees, prospects, or business contacts on the client’s behalf, the client is the controller. GoToCalls processes that data under the client’s instructions and the applicable agreement. If you need a Data Processing Agreement, email privacy@gotocalls.com.
6. How We Use AI Tools
GoToCalls is direct about AI use. We may use AI tools to draft messages, summarize meetings, organize data, generate research, support SOPs, develop prompts, create reporting structures, and build internal workflows. Tools may include Claude by Anthropic, ChatGPT by OpenAI, and other approved platforms used for client-supported work.
Our commitments
- No model training on client data. We use plans and settings designed to prevent client content from being used to train public models. We do not opt into “improve the model with my data” settings for client work.
- Human review stays in place. AI does not make final decisions about you, your business, your prospects, or your contacts on its own. A human remains responsible for judgment, tone, accuracy, and execution.
- You can ask us not to use AI on your account. If you prefer manual-only handling, tell us and we will document it in your engagement notes.
7. Who We Share Data With
We share data with a limited set of service providers that help us run the business and deliver approved services. Categories may include:
- Payments: Stripe.
- Email and calendar: Google Workspace, or Microsoft 365 when used by a client engagement.
- CRM and contact management: HubSpot, GoHighLevel, or other client-approved CRM systems.
- Scheduling: Calendly, GoHighLevel calendars, or other approved booking tools.
- Communication: Slack, Loom, email, and other approved communication systems.
- File storage: Google Drive, Notion, or other approved document systems.
- AI tools: Anthropic, OpenAI, and similar approved providers under account settings appropriate for client work.
- Accounting, tax, and legal support: our accountants, tax filing providers, and lawyers when needed.
We will share data with law enforcement, regulators, or courts only when required by valid legal process, and only the specific data the order covers.
If GoToCalls ever goes through a sale, merger, or restructuring, your data may transfer to the acquiring party. Where required, we will notify affected clients before that transfer occurs.
8. International Data Transfers
GoToCalls serves clients across Canada, the United States, and other regions. Some service providers may store or process data in Canada, the United States, the European Union, or other countries.
When data moves across borders, we rely on appropriate safeguards where required, which may include Standard Contractual Clauses, adequacy decisions, provider-specific data-transfer frameworks, and contractual privacy commitments from our processors.
If you want details on where data for a specific engagement is stored or processed, email privacy@gotocalls.com.
9. How Long We Keep Data
We do not keep data indefinitely. Each category has a defined retention period unless a legal hold, audit, security issue, or active dispute requires longer retention.
| Data type | Retention period |
|---|---|
| Website analytics and server logs | Typically 90 days, unless security review requires longer. |
| Contact form submissions with no follow-up engagement | 24 months. |
| Prospect data with no client relationship | 24 months from last contact. |
| Marketing email list | Until you unsubscribe or ask us to remove you. |
| Active client records | For the duration of the engagement. |
| Closed client records tied to financial or tax obligations | 7 years after the engagement ends. |
| Closed client records not tied to financial obligations | 2 years after the engagement ends, unless another lawful basis applies. |
| Data processed on a client’s behalf | Returned or deleted within 30 days of contract end, unless the client asks us to keep it longer or the agreement says otherwise. |
| Backups | Overwritten on a rolling cycle, usually within 90 days. |
10. Your Rights
You may have the following rights regarding the data we hold about you. Some depend on jurisdiction, but GoToCalls aims to handle reasonable requests plainly and promptly.
- Access. Request a copy of the data we hold about you.
- Correction. Fix inaccurate information.
- Deletion. Ask us to delete your data, with limits where law requires retention.
- Portability. Receive your data in a usable, machine-readable format where applicable.
- Objection. Object to specific uses of your data, including marketing.
- Restriction. Ask us to pause processing while we resolve a question or correction.
- Withdraw consent. Withdraw consent at any time for activities that rely on it.
- Opt out of marketing. Click unsubscribe in an email, or contact us directly.
- Complain to a regulator. In Canada, this may include the Office of the Privacy Commissioner of Canada. In Quebec, this may include the Commission d’accès à l’information. In the European Union, this may include your local data-protection authority.
How to exercise your rights
Email privacy@gotocalls.com with what you want done. We aim to respond within 30 days. If we need to verify your identity, we will ask for limited information that matches what we already have on file. We do not charge a fee for reasonable requests, and we do not retaliate against anyone for exercising privacy rights.
11. Cookies and Tracking
We may use a small number of cookies and similar tools. Each one has a purpose.
- Essential cookies. Required for the site to work. These cannot be turned off without affecting core functionality.
- Analytics cookies. Used to understand which pages are useful and where the website needs improvement. These may include Google Analytics 4 or similar analytics tools when enabled.
- Marketing cookies. Used only if enabled and allowed by your consent settings. These help measure whether ads or campaigns sent people to us.
You can block cookies through your browser settings. If you block essential cookies, some parts of the site may not work properly.
We do not sell tracking data. We do not use third-party advertising trackers to follow you across the web.
We do not currently respond to “Do Not Track” browser signals because there is no consistent industry standard for how websites should interpret them.
12. Security
GoToCalls takes specific steps to keep data safe.
- Encryption in transit. Traffic to and from gotocalls.com uses TLS.
- Encryption at rest. Client data stored in primary systems is encrypted at rest by the underlying provider where supported.
- Access controls. Team members receive access only to the accounts and data needed for their role.
- Offboarding. Access is revoked when a team member leaves GoToCalls or rolls off an engagement.
- Multi-factor authentication. Required on accounts that hold client data.
- Vendor review. We review tools before placing client data into them.
- Confidentiality agreements. Team members sign confidentiality agreements before working with client information.
No system is fully immune to a breach. If a breach happens and your data is affected, we will notify affected clients as required by law, explain what happened, identify the data involved where possible, and describe what we are doing about it.
If you spot something that looks like a security issue, email security@gotocalls.com.
13. Children’s Privacy
Our services are for businesses and the people running them. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted information to us, email privacy@gotocalls.com and we will delete it where appropriate.
14. Third-Party Links
Our website and content may link to other sites. Once you click away from gotocalls.com, you are on another organization’s website under that organization’s privacy policy. We do not control how they handle data. Review their policies before sharing information.
15. Region-Specific Disclosures
Canada
GoToCalls aims to handle personal information in a way that is consistent with applicable Canadian privacy law, including PIPEDA where it applies. Privacy questions can be sent to privacy@gotocalls.com. You may also contact the Office of the Privacy Commissioner of Canada.
Quebec
If you reside in Quebec, additional rights may apply, including rights connected to automated decision-making and restrictions on processing. Contact us at privacy@gotocalls.com for a Quebec privacy request. Complaints may be filed with the Commission d’accès à l’information.
California
If you reside in California, you may have the right to know what personal information we collect, request deletion, request correction, opt out of any sale or sharing of personal information, and limit certain uses of sensitive personal information where applicable. GoToCalls does not sell personal information. Email privacy@gotocalls.com to make a California privacy request.
European Union and United Kingdom
If you are in the European Union or United Kingdom, see Section 5 for legal bases and Section 10 for your rights. You may lodge a complaint with your local supervisory authority.
16. Changes to This Policy
When we update this policy, we will change the “Last Updated” date at the top. If a change materially affects how we use client data, we will notify active clients where required and may post a notice on the website before the change takes effect.
17. Contact
For any privacy question, request, or complaint, contact GoToCalls using the details below.
Email: privacy@gotocalls.com
Security issues: security@gotocalls.com
Mailing address: To be confirmed by GoToCalls before final legal publication.
Privacy Officer: Privacy Officer, GoToCalls.
We respond to privacy requests. If you do not hear back within 30 days, email us again. Messages get missed sometimes, and we would rather hear from you twice than not at all.