How Rhanta handles your call data

The business that subscribes to Rhanta is the data controller for the calls it receives. REWORK Digital Inc., operator of Rhanta, is the data processor that stores and transmits those calls on the business’s behalf.

If you’re a caller who wants to exercise your rights (“what do you have about me?” or “please delete it”), contact the business you called. The business can action your request via the Rhanta dashboard in real time. If you can’t reach the business, write to info@rhanta.com.

From callers (people who phone a Rhanta-powered number):

• Your phone number (from caller-ID).
• An audio recording of the call — only if you consent. If the business uses explicit consent mode, Rhanta plays a disclosure and asks you to say “yes” before any recording starts.
• A transcript of what was said, in the language detected.
• Details you volunteer: name, email, the reason for calling, and the appointment you book.
• Coarse location from the caller-ID (city, region) — never GPS.

From subscribed businesses (Rhanta users who connect Google Calendar):

• OAuth tokens (refresh + access) issued by Google, stored encrypted.
• Calendar IDs and free/busy time blocks — read on demand to check availability before offering an appointment slot. We do not read event titles, attendee lists, or descriptions.
• Event metadata for appointments Rhanta itself created (start time, end time, our generated title and notes) — so the business can see them in the dashboard alongside Google Calendar.

Rhanta never sells your data, never shares it for advertising, and never trains AI models on it.

Businesses can configure one of three consent postures on a Rhanta-powered number:

• Implied: the call starts with a recording disclosure; continuing the call is consent.
• Explicit: Rhanta asks you to say “yes” before any recording begins. Say “no” and the call continues without a recording.
• No recording: Rhanta never records, and no transcript is stored beyond the call.

When Quebec Law 25 mode is enabled, implied consent is automatically escalated to explicit, and a French-first legal addendum is played before the yes/no question.

All recordings, transcripts, and personal data are stored in Canada — specifically, Google Cloud’s northamerica-northeast1 region in Montréal. Recordings sit in a private, CMEK-encrypted bucket accessible only via signed URLs.

When a subscribed business clicks Connect Google Calendar, Rhanta asks Google for two scopes via OAuth 2.0. This section covers exactly what Google data Rhanta accesses, how we use it, and how the business owner can revoke at any time.

Scopes Rhanta requests:

• .../auth/calendar.readonly — list calendars and read free/busy time blocks so Rhanta’s AI agent can confidently offer the caller a slot that doesn’t conflict with the owner’s existing schedule.
• .../auth/calendar.events — create the appointment event in the owner’s calendar when the caller confirms a booking. Rhanta writes only the events it creates; it does not modify or delete events created elsewhere.

How we use Google data:

• Solely to provide the booking feature — checking availability and writing booked appointments. Nothing else.
• Rhanta does not read event titles, attendees, descriptions, attachments, or any data outside the free/busy windows and the events Rhanta itself created.
• Google data is never sold, never shared with advertisers, never used to build user profiles, never used to train or fine-tune any AI model, and never accessed by humans except as required for support requests the business owner explicitly initiates, or for documented security investigations.
• We do not transfer Google user data to any third party except as required to provide the booking feature (see Subprocessors below).

Storage and retention of Google data:

• OAuth refresh tokens are encrypted at rest in our database, hosted in Google Cloud’s Montréal region.
• Free/busy time blocks are fetched live on each call and not persisted beyond the duration of the call.
• Events Rhanta created are retained for as long as the corresponding appointment record exists in the dashboard (default 365 days, then purged).

Revoking access:

The business owner can disconnect Rhanta from Google Calendar at any time from two places:

• Rhanta dashboard — Settings → Calendar → Disconnect. We immediately delete the stored OAuth tokens and stop fetching new data.
• Google Account permissions — myaccount.google.com/permissions. Revoking from Google’s side has the same effect; our stored token stops working immediately.

Limited Use compliance:

Rhanta’s use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Each business sets its own retention windows. Default values:

• 90 days for call recordings.
• 365 days for transcripts.

A daily sweep permanently purges anything past those windows. Billing call rows (time, duration, outcome) are kept longer in anonymized form so the business’s usage history stays intact.

Any caller can ask for either of the following at any time, with no reason required and at no cost:

• Right of access — a copy of every recording and transcript tied to your phone number.
• Right of deletion — we permanently scrub your recordings, transcripts, and any lead record we kept. Billing rows stay but are redacted so nothing in them points to you.
• Right of rectification — correct anything we got wrong about you.
• Right to withdraw consent — we stop recording and, on request, delete past recordings.

Requests go to the business you called — they can action them from their dashboard immediately. Requests escalated to us get an answer within 30 days (PIPEDA) or 30 days (Law 25 for Quebec residents), whichever applies.

Rhanta uses a small set of named subprocessors to run the service. Each one is contractually bound to PIPEDA-equivalent terms:

• Twilio (USA) — phone numbers and audio transport.
• Deepgram (USA) — real-time speech-to-text.
• Anthropic (USA) — Claude for conversation reasoning. No training on caller data.
• ElevenLabs (USA) — text-to-speech voice synthesis.
• Google Cloud Platform (Canada, Montréal region) — hosting + storage of Rhanta application data, including encrypted OAuth refresh tokens.
• Google Calendar API (USA) — only when the business owner has connected Google Calendar via OAuth. Rhanta sends free/busy queries and event-create requests to Google’s Calendar API on the owner’s behalf. No caller data is sent to Google — only the appointment metadata (start time, end time, the title Rhanta generated from the call).
• Stripe (Canada entity) — billing for the business subscription only; no caller data.

Material changes are announced to subscribed businesses at least 30 days ahead. Minor edits (wording, clarifications) are logged in the “last updated” stamp at the top.

Privacy questions: info@rhanta.com. You may also contact the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec for unresolved complaints.