avoClerk
Start free

Legal

Privacy Policy

Last updated: April 28, 2026 · Effective: April 28, 2026

This Privacy Policy explains how Avo LLC, a Wyoming limited liability company, doing business as avoClerk (“avoClerk,” “we,” “us,” “our”), collects, uses, shares, and protects personal information in connection with our website and the avoClerk AI voice receptionist service (the “Service”).

The Service is offered to United States–licensed law firms for handling inbound telephone calls from their callers. We do not target the Service to consumers, to non-U.S. customers, or to children.

Quick summary

  • We process two main groups of personal information: firm-account information (we are the controller) and caller information (we are a processor on the firm’s instructions; the firm is the controller).
  • We do not sell personal information.
  • We do not use call audio or transcripts to train AI models for ourselves or any third party. Period.
  • California, Virginia, Colorado, Connecticut, Utah, Texas, and other state-privacy-law residents have specific rights described below.
  • Callers in two-party-consent states are notified of recording and AI use through the in-call disclosure described in our Recording & AI Disclosure Policy.

Roles: controller vs. processor

  • Firm-account info (firm name, billing, authorized users, dashboard activity) — we are the controller.
  • Website visitors / prospects (cookies, form fills, marketing) — we are the controller.
  • Caller Data (audio, transcripts, IVR inputs, caller-supplied info) — we are a processor acting on the firm’s instructions; the firm is the controller.

Where we are the processor, the firm (as controller) is responsible for the legality of collection (including obtaining caller consent in two-party-consent states), responding to caller rights requests, and configuring retention. We make tools available and assist on reasonable terms.

Information we collect

From law firms

  • Account info: firm name, principal address, attorney names, bar numbers, jurisdictions, signing authority, account email, phone.
  • Billing info: handled by Stripe — we do not store full card numbers.
  • Configuration data: system-prompt customizations, knowledge-base content you upload, consent-mode setting, business hours, routing rules.
  • Usage data: login times, dashboard actions, API requests, error and audit logs.

From callers

  • Call media: audio of inbound calls when recording is enabled per the firm’s consent-mode configuration.
  • Transcripts: speech-to-text transcriptions of call audio.
  • IVR / DTMF inputs: keypad presses, consent confirmations.
  • Caller-supplied content: anything the caller says, including names, contact details, descriptions of incidents, and information they choose to share.
  • Telephony metadata: caller-ID (where the carrier provides it), call start/end/duration, route information, codec, the DID called.
  • Voice characteristics: inherent in audio. We do not generate or persist voiceprints, biometric templates, or identifiers derived from voice characteristics for identification purposes.

From website visitors

  • Device/usage info: IP address, browser type, OS, referring URL, pages viewed, time on page.
  • Cookies and similar.
  • Form submissions: name, email, firm size, message content.

How we use information

  • Deliver the Service: answer calls, transcribe audio, generate responses, send transcripts to your dashboard.
  • Operate the platform: authenticate users, prevent abuse, secure infrastructure, debug, monitor performance.
  • Bill: charge subscriptions, send invoices, handle disputes.
  • Communicate: respond to support, send service-availability notices and material legal updates.
  • Comply with law: respond to lawful requests, enforce these terms, defend ourselves.
  • Aggregate and de-identify: generate non-identifying statistics for capacity planning and product improvement.

We do not use call audio, transcripts, or other Caller Data for our own marketing, lead generation, or model training. We do not rent or sell personal information.

AI processing and model training

The Service uses third-party AI providers for speech-to-text, large-language-model reasoning, and text-to-speech. Audio and transcripts are sent to those providers solely to deliver the conversational response. We have configured those providers, by contract, to not retain call data beyond what is operationally necessary, and not to use call data for their own model training.

We do not train, fine-tune, or build models on Caller Data. We may use your firm’s configuration data (prompts, knowledge-base content) to improve the Service for you; we will not pool that data across firms for training.

Sharing and subprocessors

We share personal information with subprocessors that help us deliver the Service. The current list lives at /subprocessors. We will give the firm thirty (30) days’ notice before adding or replacing a subprocessor that handles Caller Data.

We also share with professional advisors under confidentiality; with law enforcement and regulators in response to valid legal process (with notice to the firm unless legally prohibited); and in connection with a business transfer on continuing privacy commitments at least as protective as this Policy.

We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising as those terms are defined under California law.

Recording and sensitive personal information

Some Caller Data is sensitive personal information under California, Connecticut, Texas, and other state laws — particularly call audio and transcripts that may reveal health, legal-matter, or other sensitive content. We handle Caller Data with elevated controls: encryption in transit (TLS) and at rest, restricted internal access, audit logging, and time-limited retention.

We process audio and transcripts only to deliver the Service and only for the purposes described above. We do not use sensitive personal information to infer characteristics about callers, to profile them, or for advertising.

State privacy rights

  • Right to know / access.
  • Right to delete.
  • Right to correct.
  • Right to opt out of “sale” or “sharing.” We do not sell or share, but we honor opt-out preference signals (e.g., Global Privacy Control) for our website.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination.
  • Right to appeal a denied request, where state law (Virginia, Colorado, Connecticut, Texas) provides one.

For Caller Data, the firm is the controller. Direct caller rights requests to the firm. For firm-account data and website data, email [email protected]. We respond within forty-five (45) days, with a one-time extension where permitted.

Retention

  • Firm-account info: for the life of the account, plus reasonable archival period (typically up to seven years).
  • Caller audio recordings: firm-configurable, default 30 days.
  • Caller transcripts and structured intake: firm-configurable, default 90 days.
  • Service logs: typically 30–180 days depending on log type.
  • Backups: rolling encrypted backups, purged on a defined schedule.

Security

We use industry-standard technical and organizational measures including encryption in transit, encryption at rest for sensitive Caller Data stores, role-based access controls, audit logging, infrastructure hardening, and least-privilege engineering practices. No system is perfectly secure. If we discover an incident affecting your information we will notify the firm without undue delay and comply with applicable breach-notification laws.

Children

The Service is not intended for children under thirteen, and we do not knowingly collect their personal information.

International users and Illinois

The Service is intended for use within the United States. We do not represent that the Service complies with the GDPR, UK GDPR, LGPD, PIPEDA, or other non-U.S. privacy frameworks.

The Service additionally does not currently serve callers with Illinois area codes; inbound calls from those area codes are declined at our network edge before any audio is processed, recorded, or stored. See the Recording & AI Disclosure Policy for the rationale.

Contact

Privacy questions, requests, complaints, and security-incident reports: [email protected].

Avo LLC, Attn: Legal, 30 N Gould Street, STE R, Sheridan, WY 82801.

Changes

We may update this Privacy Policy. Material changes will be announced at least thirty (30) days before the effective date via email to firm-account contacts and via the dashboard.