Security Policy Overview

Carolla maintains rigorous security protocols across the organization. Every team member receives ongoing training to stay informed about the latest security measures. We conduct regular assessments, training sessions, and audits to ensure our practices and policies are effective and up to date.

Organizational Security

All employees undergo background checks and security awareness training before accessing production systems. Access is granted on a least-privilege basis and reviewed quarterly.

• —Role-based access control across all internal systems
• —Multi-factor authentication required for all team members
• —Annual third-party penetration testing
• —24/7 infrastructure monitoring and alerting

Data Encryption

All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with regular rotation.

Incident Response

Carolla maintains a formal incident response plan. In the event of a security incident, affected customers will be notified within 72 hours in accordance with applicable regulations.

Privacy Policy

We take your privacy seriously. All personal data collected through Carolla is handled with strict confidentiality and in compliance with applicable data protection laws including GDPR and CCPA.

What We Collect

We collect only what is necessary to provide our services:

• —Account information such as name and email address
• —Call metadata including duration, participants, and timestamps
• —Conversation transcripts and AI-generated summaries
• —Usage data to improve platform performance
• —Device and browser information for security purposes

How We Use Your Data

Your data is used exclusively to provide, improve, and secure the Carolla platform. We do not sell, rent, or trade your personal information to any third parties.

Your Rights

Depending on your jurisdiction, you may have the following rights:

• —Right to access your personal data
• —Right to correct inaccurate information
• —Right to deletion of your data
• —Right to data portability
• —Right to withdraw consent at any time

To exercise any of these rights, contact our privacy team at privacy@carolla.ai.

Cookie Policy

Carolla uses cookies and similar tracking technologies to enhance your experience on our platform. This policy explains what cookies we use and why.

Types of Cookies We Use

• —Essential cookies — required for the platform to function correctly
• —Preference cookies — remember your settings and language preferences
• —Analytics cookies — help us understand how the platform is used
• —Security cookies — protect against fraud and unauthorized access

Managing Cookies

You may disable non-essential cookies through your browser settings or our cookie preference center. Disabling essential cookies may impact your ability to use certain features of the platform.

Third-Party Cookies

Some features of Carolla may load content from third-party services that set their own cookies. We do not control these cookies and recommend reviewing the privacy policies of those services.

Terms of Service

Welcome to Carolla

These Terms of Service outline the comprehensive guidelines for using the Carolla communication platform. By creating an account or engaging with the Service, you are agreeing to comply with these Terms in their entirety.

Eligibility Requirements

To utilize the Service, you must be at least 18 years of age. By using the Service, you confirm that:

• —You have the legal capacity to enter into binding agreements.
• —You adhere to local laws regarding call recording.
• —You have obtained consent from all call participants when required.

Account Creation & Authentication

Authentication is conducted through one-time email verification codes. You are responsible for ensuring the security of your email account and all activities that occur through your account. We do not offer password recovery; access is strictly tied to your email ownership.

Overview of the Service

• —A user-friendly browser-based calling interface
• —Links for scheduling calls
• —Real-time AI assistance to enhance your conversations
• —Detailed transcripts of calls
• —Summaries of discussions
• —A searchable history of conversations
• —A collaborative workspace designed for teams

AI Assistant Functionality

The AI assistant listens during calls, generates suggestions, identifies key topics, and produces summaries. Outputs may not always be accurate. You are responsible for any decisions made based on the AI's suggestions.

Call Features & Recordings

• —You may record calls, but must ensure compliance with local laws.
• —Carolla serves as a processing tool and is not the legal controller of your communications.
• —We do not monitor calls unless necessary for security or abuse prevention.

User Responsibilities

You agree not to use the Service for harassment, fraud, impersonation, illegal surveillance, or unauthorized recording. You are solely responsible for any communications conducted through the platform.

Acceptable Use Policy

• —No reverse engineering the system
• —No scraping conversations for data
• —No probing for system vulnerabilities
• —No overloading the infrastructure
• —No generating unsolicited spam calls

Payment Information

Paid subscription plans unlock a range of additional features. Billing terms include:

• —Recurring subscription fees
• —The ability to cancel at any time
• —No partial refunds will be issued during the active billing period.

Developer Terms

Developers accessing Carolla's API must comply with our usage guidelines and these additional terms. Access to the API constitutes acceptance of these Developer Terms.

API Usage

• —API keys must not be shared or exposed publicly
• —Rate limits apply to all API endpoints and vary by plan
• —API access may be revoked for policy violations without prior notice
• —You must not use the API to build competing products

Responsibilities

Developers are responsible for ensuring their applications comply with all applicable laws, including data protection regulations. You must implement appropriate security measures to protect end-user data processed through your integration.

Versioning & Deprecation

Carolla may deprecate API versions with a minimum of 90 days notice. We recommend subscribing to our developer changelog to stay informed of upcoming changes.

Data Processing Agreement

Carolla processes personal data strictly in accordance with applicable data protection laws including GDPR Article 28. We act as a data processor on behalf of our customers, who act as data controllers.

Processing Activities

• —Processing of account and authentication data
• —Storage and retrieval of call transcripts and summaries
• —AI analysis of conversation content
• —Integration data exchange with third-party platforms
• —Analytics and platform performance monitoring

Data Transfers

Where data is transferred outside of your jurisdiction, Carolla relies on Standard Contractual Clauses or other appropriate safeguards as recognized by applicable data protection authorities.

Data Retention

Retention periods vary based on your subscription plan and applicable legal requirements. You may request deletion of your data at any time by contacting our support team. Data will be permanently deleted within 30 days of a verified deletion request.

Subprocessors

Carolla uses a limited number of trusted subprocessors to deliver our services. All subprocessors are carefully vetted and bound by data processing agreements.

Current Subprocessors

• —Cloud infrastructure provider — for hosting and data storage
• —Speech-to-text processing service — for call transcription
• —Email delivery service — for transactional notifications
• —Analytics platform — for product usage insights
• —Payment processor — for subscription billing

Notification of Changes

We will notify customers of any changes to our subprocessor list with a minimum of 30 days advance notice. Customers who object to a new subprocessor may terminate their subscription with a pro-rated refund.

Subprocessor Obligations

All subprocessors are required to maintain security standards equivalent to or exceeding those described in this policy, and are prohibited from using customer data for any purpose other than providing the contracted services.

Additional AI Features

Carolla continuously develops new AI capabilities to enhance your communication experience. The following features are available across various subscription plans.

Available AI Capabilities

• —Real-time conversation suggestions during live calls
• —Automated meeting summaries with action items
• —Sentiment analysis to gauge call tone and engagement
• —Topic classification and searchable conversation tagging
• —Pre-call preparation briefs based on contact history
• —Follow-up email drafts generated from call content

Accuracy & Limitations

AI-generated outputs are probabilistic in nature and may contain errors or omissions. Carolla does not warrant the accuracy of AI outputs. Users are responsible for reviewing and verifying any AI-generated content before acting on it.

Model Updates

Carolla may update the underlying AI models powering these features without prior notice. Updates are intended to improve accuracy and performance. If you observe unexpected changes in AI behavior, please contact our support team.

Integration Manager

The Integration Manager allows you to connect Carolla with your existing tools and workflows. Each integration is designed to streamline your communication stack without compromising security.

Supported Integrations

• —CRM platforms — Salesforce, HubSpot, Pipedrive
• —Calendar applications — Google Calendar, Outlook
• —Messaging tools — Slack, Microsoft Teams
• —Project management — Notion, Linear, Asana
• —Video conferencing — Zoom, Google Meet

Data Sharing

When you enable an integration, you authorize Carolla to exchange relevant data with the connected service. You can review and revoke integration access at any time from your account settings.

Third-Party Responsibility

Each third-party integration is governed by the terms and privacy policy of the respective provider. Carolla is not liable for data handling practices, outages, or policy changes of integrated services. We recommend reviewing the terms of each service before enabling an integration.