Privacy
Privacy and data โ where does everything live?
Where your conversations live, how long we keep them, what your rights are and what your clients hear about the AI.
Last updated: 20 April 2026
Privacy and data โ where does everything live?
Short and clear: we'll lay out where your data lives, for how long, and what your rights are.
Where does your data live?
All inside the European Union.
- Your profile, opening hours, calendar connection: Frankfurt (Germany) โ with Supabase, EU region
- Call knowledge (transcripts, summaries): Frankfurt
- Audio recordings: Frankfurt, encrypted
- Call analytics (non-personal): Frankfurt, with PostHog EU
- Error logs (no content): Frankfurt, with Sentry EU
- Payment details: Ireland (Stripe EU region)
Nothing goes to the US. Full stop.
Exception: the AI voice itself
Tirza uses two technical suppliers to listen and speak:
- Retell (for phone connections) โ EU region, but a US company
- ElevenLabs (for the voice) โ EU region, but a US company
- Anthropic Claude (to understand what the client says) โ EU region, but a US company
Why that's OK:
- We have legal contracts (SCCs + TIAs) with all three
- They store no recordings themselves โ we do, in Frankfurt
- They don't use your data to train models
- Full overview at /en/subprocessors
How long do we keep your data?
| What | Retention | Why |
|---|---|---|
| Audio recording of each call | 30 days | To resolve complaints/disputes |
| Transcript (call text) | 365 days | Statistics, improvement, evidence |
| Client phone number + appointment detail | Until you delete it | You stay the owner |
| Invoice details | 7 years | Legal bookkeeping requirement |
| Account + profile | While you're a customer + 90 days after cancellation | Restore on return |
Want shorter? Email hello@tirza.ai โ you can turn off audio recordings, for example, or set retention to 7 days.
What do your clients hear?
At the start of every call Tirza says:
So:
- Your client knows immediately it's an AI (required under the EU AI Act)
- Your client can always ask to have you personally ring back
- If your client says words like "human", "call back", "colleague" or "owner"? Tirza switches straight to a callback request โ no fuss
Your rights as a Tirza customer
Under the GDPR you have:
- Right of access โ email hello@tirza.ai with "What do you have on me" โ get an overview within 30 days
- Right to export โ "Export my data" โ ZIP within 7 days
- Right to correction โ mistake in your data? Email it or change it yourself on your dashboard
- Right to erasure โ "Forget me" โ everything gone within 30 days (except what we must legally keep, like invoices)
- Right to complain โ with the ICO (ico.org.uk) if you're in the UK, or the Data Protection Commission (dataprotection.ie) in Ireland
And the clients of your clients? (the callers)
The GDPR covers them too. What they need to know:
- That they're talking to an AI (Tirza says so right at the start)
- That the call may be recorded (Tirza mentions this when recording is on)
- That they can request the recording or have it deleted (via you โ you email hello@tirza.ai)
So we're a processor; you're the controller for your client data. A DPA (data processing agreement) is at /en/dpa โ free, for B2B customers.
What we DON'T do with your data
- We sell nothing to third parties
- We don't use your calls to train AI models
- We don't "peek" in your data for fun โ access is logged and auditable
- We share nothing with marketers
Anything else?
Not covered here? Email hello@tirza.ai or call us on the number in your welcome email. We're open about everything.
Full privacy statement: /en/privacy Subprocessors list: /en/subprocessors Data processing agreement (DPA): /en/dpa
Was this helpful?
Still got questions?
Email hello@tirza.ai โ a real person replies within a few hours.