Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Geogent Labs LLC ('Geogent', 'we', 'us', or 'our') collects, uses, discloses, and safeguards personal data when you visit our website, create an account, or use the Geogent Voice AI platform and related services (the 'Services').

Geogent Labs LLC is a limited liability company registered in Georgia (registered firm name: შპს ჯეოჯენტ ლაბს), identification number 445827151, registered on 25 February 2026 by the LEPL National Agency of Public Registry. Our registered office is at Petre Bagrationi Street No. 113a, Entrance 2, Floor 3, Apartment 92, Batumi, Georgia. You can reach us about any privacy matter at info@geogentlabs.com.

We act in different roles depending on the data. For data about website visitors and the account holders who subscribe to the Services ('Customers'), we are the data controller. For the personal data a Customer processes through the Services about the people they call or who call them ('End Users') — including call audio and transcripts — we generally act as a data processor on the Customer's documented instructions; in that case the Customer is the controller and is responsible for the lawful basis of the calls.

2. Definitions

The following terms are used throughout this policy:

• Personal Data — any information relating to an identified or identifiable natural person.
• Usage Data — data collected automatically about how the Services are accessed and used, such as IP address, device and browser type, pages viewed, and timestamps.
• Call Data — data generated when the Services place or receive calls, including the phone numbers of the parties, call metadata (start and end time, duration, status), call audio recordings where recording is enabled by the Customer, speech-to-text transcripts, and the conversation outcome.
• Voice Data — recordings and voice characteristics contained in Call Data. Depending on applicable law, Voice Data may qualify as biometric or special-category data.
• Customer — the organization or individual that holds an account and uses the Services.
• End User — an individual who interacts with a Customer's AI voice agent (the person on the other end of a call).
• Sub-processor — a third party we engage to process personal data in connection with the Services.

3. Personal Data We Collect

We collect the following categories of data:

• Account and contact data — name, email address, phone number, organization name, and login credentials you provide when registering and managing your account.
• Billing data — billing contact details and transaction records. Payments are processed by our payment provider, Paddle, acting as merchant of record; we do not store full payment card numbers.
• Platform configuration data — AI agent (assistant) settings, prompts, knowledge bases, assigned phone numbers, and encrypted credentials you add to connect third-party services.
• Call Data and Voice Data — as defined above, generated when you use the Services to make or receive calls. Call recording is configurable by the Customer and is off unless enabled.
• Usage, device, and log data — including IP address, browser and device information, and activity logs, collected to operate and secure the Services.
• Cookies and similar technologies — see the 'Cookies and Similar Technologies' section below.
• Communications — messages you send us, such as support requests, and your contact preferences.

4. How We Use Personal Data and Legal Bases

We use personal data to provide, maintain, secure, and improve the Services, to process payments, to communicate with you, to provide support, to prevent fraud and abuse, and to comply with legal obligations.

Where the GDPR or Georgia's Law on Personal Data Protection applies, we rely on the following legal bases: performance of our contract with you (to provide the Services); our legitimate interests (to secure, operate, and improve the Services and prevent abuse); your consent, where required (for example, for certain cookies); and compliance with a legal obligation.

For Call Data and Voice Data processed on a Customer's behalf, the legal basis for contacting or recording End Users is determined and obtained by the Customer, not by Geogent.

5. Artificial Intelligence and Your Data

We do not use Customer content — including call recordings, transcripts, prompts, or knowledge bases — to train, fine-tune, or improve our own or any third party's AI or machine-learning models.

The AI models used in the Services are operated solely to deliver the requested functionality for the duration of a call or session. Any analysis we perform to monitor and improve service performance uses aggregated or de-identified operational metrics that do not identify any Customer or End User.

6. Call Recording and Consent

Laws governing the recording of calls and the use of automated or AI-assisted calling vary by jurisdiction and can require notice to, or the consent of, the people on the call (for example, the U.S. Telephone Consumer Protection Act, 'all-party' consent rules in some U.S. states, and the GDPR in the EU/EEA).

As the controller of its calling activity, the Customer is solely responsible for determining whether recording or AI calling is permitted, for providing any required notices, and for obtaining any required consent from End Users before using the Services. Geogent provides configurable controls, such as the ability to disable recording, to help Customers meet these obligations.

7. How We Share Personal Data

We do not sell personal data. We share personal data only in the following circumstances:

• Sub-processors and service providers — we use vetted third parties to operate the Services, including cloud hosting and infrastructure, telephony and carrier connectivity, speech-to-text, large-language-model, and text-to-speech providers, our payment provider (Paddle), and analytics and communication tools (including Google Analytics). They may access personal data only to perform services for us and are bound by confidentiality and data-protection obligations. You may request an up-to-date list of our sub-processors at info@geogentlabs.com.
• Calling flow — Call Data is transmitted to the carriers and AI providers necessary to connect and process each call.
• Legal and safety — when required by law or legal process, or to protect the rights, property, or safety of Geogent, our Customers, or others.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
• At your direction — with third-party services you choose to connect to your account.

8. International Data Transfers

We are based in Georgia and may process and store personal data in Georgia and in other countries where we or our sub-processors operate, including the European Economic Area and the United States.

Where personal data is transferred across borders, we put appropriate safeguards in place as required by applicable law — such as the European Commission's Standard Contractual Clauses or another lawful transfer mechanism — and take steps to keep your data protected. You may request information about these safeguards by contacting info@geogentlabs.com.

9. Data Retention

We keep account and billing data for as long as your account is active and as needed to comply with our legal, accounting, and reporting obligations.

Call Data and Voice Data are retained according to the Customer's configuration and are deleted on the Customer's request and, in any event, when the Customer's account is closed, subject to any retention required by law. Where we determine retention periods for data we control, we keep personal data only for as long as necessary for the purposes described in this policy — typically for the life of your account plus any period required for our legal, accounting, or dispute-resolution obligations — after which it is deleted or anonymized.

10. Security

We use technical and organizational measures designed to protect personal data, including encryption of data in transit (TLS) and at rest, role-based access controls, and access logging. We restrict access to Call Data and Voice Data to authorized personnel and systems.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach, we will act in accordance with applicable law, including notifying the competent supervisory authority within the required time frame.

11. Your Privacy Rights

Depending on where you live, you may have rights under the GDPR, Georgia's Law on Personal Data Protection, the California Consumer Privacy Act (CCPA), and other laws. These may include the rights to:

• Access — obtain confirmation of whether we process your data and a copy of it.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data.
• Restriction and objection — limit or object to certain processing.
• Portability — receive your data in a portable format.
• Withdraw consent — where processing is based on consent, withdraw it at any time.
• Complaint — lodge a complaint with a supervisory authority.

12. Exercising Your Rights

To exercise any of these rights, contact us at info@geogentlabs.com. We will respond within the time limits set by applicable law. Where the law requires, we will verify your identity before acting on a request, and we will not discriminate against you for exercising your rights.

If you are a Customer's End User, please direct your request to that Customer, which is the controller of your call data; we will assist them as their processor.

California residents: we do not sell or share personal information as those terms are defined under the CCPA, and you may request access to or deletion of your personal information as described above.

Georgia residents: where processing is based on consent, you may withdraw it at any time, and we will stop the relevant processing within the period required by the Law of Georgia on Personal Data Protection.

13. Children's Privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal data from children under 18. If you believe a child has provided us personal data, contact us at info@geogentlabs.com and we will take appropriate steps to delete it.

14. Cookies and Similar Technologies

We use cookies and similar technologies to operate our website, keep you signed in, and remember preferences such as your language and theme. You can control non-essential cookies through your browser settings; disabling some cookies may affect how the site works. We use the following categories:

• Strictly necessary — required for the site and app to function, including authentication and storing your selected language.
• Analytics — we use Google Analytics to understand how visitors use our site so that we can improve it. Google Analytics sets cookies and collects usage data; for more information, see Google's privacy policy.
• Preferences — remember choices such as theme and language.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the 'Last updated' date above and, where required, provide additional notice. Your continued use of the Services after an update takes effect means you accept the revised policy.

16. Contact Us and Supervisory Authority

For any question or request about this policy or your personal data, contact us at info@geogentlabs.com or by mail at Geogent Labs LLC, Petre Bagrationi Street No. 113a, Entrance 2, Floor 3, Apartment 92, Batumi, Georgia.

If you are in Georgia, you may also contact the Personal Data Protection Service of Georgia. If you are in the EU/EEA or the UK, you may lodge a complaint with your local data-protection supervisory authority.