Privacy Policy
Last Updated: May 7, 2026
1. Introduction
At TOL LLC, the operator of the Isabel voice assistant service ("TOL LLC," "we," "us," or "our"), we respect your privacy and are committed to protecting it. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Isabel AI voice assistant services, website, and related applications (collectively, the "Service").
Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.
2. Information We Collect
2.1 Personal Data
We may collect personal information that you voluntarily provide to us when you register for the Service, express an interest in obtaining information about us or our products and services, or otherwise contact us. This may include:
- Name and Contact Information (Email, Phone Number)
- Account Credentials (Usernames, Passwords)
- Billing Information (handled by our payment processors)
2.2 Call Data and Transcripts
As part of the Service, we process audio recordings and transcripts of calls made to or from your account. This data is necessary to provide the AI voice assistant functionality. We may store these recordings and transcripts for quality assurance, training our AI models, and improving the Service.
2.3 Usage Data
We may automatically collect certain information when you visit, use, or navigate the Service. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Service, and other technical information.
2.4 Website Analytics
We use Ahrefs Web Analytics, Google Tag Manager, and Google Analytics on our marketing website to understand aggregate traffic patterns (page views, referrers, approximate country). Ahrefs Web Analytics is cookieless and does not set any identifiers on your device. Google Analytics is controlled through Google Consent Mode and our consent banner where required.
Legal Basis: Our Legitimate Interest (Art. 6(1)(f) GDPR) in measuring aggregate website performance and improving our content, and your Consent (Art. 6(1)(a) GDPR) for non-essential analytics cookies where consent is required.
2.5 Security and Fraud Prevention Identifiers
To maintain the integrity of our platform and prevent unauthorized access or fraudulent account creation, we process technical identifiers including your IP address and browser characteristics (fingerprinting).
Pseudonymization: To protect your privacy, these identifiers are immediately transformed into cryptographic hashes using a secure salt. We do not store your raw IP address or hardware identifiers in our security database.
Legal Basis: This processing is conducted based on our Legitimate Interest (Art. 6(1)(f) GDPR / LGPD / APPI / CCPA) in ensuring the security of our Service and preventing abuse.
2.6 SMS and Mobile Messaging Information
If you provide a mobile phone number to TOL LLC, Isabel, or a business using Isabel and consent to receive text messages, we may process your mobile number, SMS consent status, opt-in and opt-out records, message delivery data, and message content as needed to provide messaging features. These messages may include appointment confirmations and reminders, booking links, payment checkout links, missed-call follow-ups, service request updates, and customer care communications.
Message frequency varies based on your interactions with the relevant business, appointment activity, checkout activity, and customer support requests. Message and data rates may apply. You can reply STOP to opt out of SMS messages and HELP for help.
3. How We Use Your Information
We use personal information collected via our Service for a variety of business purposes described below:
- To provide and maintain our Service (e.g., routing calls, generating AI responses).
- To manage your account and subscriptions.
- To communicate with you regarding security, privacy, and administrative issues.
- To send SMS messages when you have requested them or consented to receive them.
- To improve our AI models and the overall quality of the Service.
- To enforce our terms, conditions, and policies.
- To respond to legal requests and prevent harm.
4. Data Processing Addendum
Where TOL LLC processes personal data on your behalf as a processor (or "service provider" under the CCPA) in connection with your use of the Service, our Data Processing Addendum ("DPA") applies and is incorporated into our Terms of Service by reference. The DPA addresses our obligations under the GDPR, UK GDPR, CCPA/CPRA, and other applicable data protection laws, including sub-processor use, international data transfers (via Standard Contractual Clauses where applicable), security measures, and assistance with data subject requests. The current DPA is published at callisabel.com/dpa; a countersigned copy is available on request through our support channels.
5. Sharing Your Information
We may process or share your data that we hold based on the following legal bases:
Vendors, Consultants, and Other Third-Party Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include:
- Payment processing (e.g., Stripe)
- Telephony services (e.g., Twilio, Vapi)
- Cloud hosting (e.g., Google Cloud)
- Data analysis and AI model providers
- Website analytics and tag delivery (Ahrefs Web Analytics, Google Tag Manager, and Google Analytics)
Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Legal Requirements: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.
Mobile Messaging Non-Sharing: We do not sell, rent, or share mobile phone numbers, SMS consent records, SMS opt-in data, or SMS message content with third parties or affiliates for their marketing or promotional purposes. We may share mobile messaging information with service providers only as needed to provide the Service, deliver SMS messages, maintain security, comply with law, or honor your messaging preferences.
6. SMS Communications
By opting in to SMS communications from a business using Isabel, you agree to receive customer care messages from or on behalf of that business. These messages may include appointment confirmations, appointment reminders, booking links, payment checkout links, missed-call follow-ups, service request updates, and related customer support communications.
Message frequency varies. Message and data rates may apply. Reply STOP to opt out of SMS messages and HELP for help. Your consent to receive SMS messages is not a condition of purchasing goods or services. For additional terms that apply to SMS messaging, please see our Terms of Service.
7. Cookies and Similar Technologies
We use a small number of cookies and browser storage items. Strictly-necessary items are used without consent; non-essential cookies are only set after you accept our consent banner (which we present to visitors from the EU, EEA, UK, and Switzerland).
| Name / Purpose | Set by | Type | Duration |
|---|---|---|---|
isabel-theme-preference — remembers light/dark mode | Our marketing site (localStorage) | Strictly necessary / functional | Until you clear site data |
isabel-cookie-consent — records your consent choice | Our marketing site (localStorage) | Strictly necessary | Until you clear site data |
Google Analytics cookies (for example, _gaand related measurement cookies) — website measurement | Google Analytics (third party) | Analytics — consent required in EU/UK | Varies by cookie, up to 2 years |
Tawk.to live chat cookies (e.g. __tawkuuid, TawkConnectionTime, ss) — chat session, visitor recognition | tawk.to (third party) | Functional — consent required in EU/UK | Session to ~6 months |
dashboard_session— authenticated session indicator | Our dashboard (first-party cookie, after login) | Strictly necessary | 7 days |
dashboard_language_preference— remembers UI language | Our dashboard (first-party cookie, after login) | Functional | 1 year |
You can change your choice for our marketing site at any time by clearing the isabel-cookie-consententry in your browser's site data, which will cause the banner to reappear on your next visit. You can also disable or delete cookies through your browser settings; doing so may affect parts of the Service.
Our Ahrefs Web Analytics implementation is cookieless, and Google Analytics storage is controlled by Google Consent Mode and our consent banner (see Section 2.4).
8. Data Retention
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information.
9. Security of Your Information
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.
10. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information, such as the right to access, correct, or delete your data. If you would like to make a request to exercise these rights, please contact us. We will consider and act upon any request in accordance with applicable data protection laws.
11. Policy for Children
We do not knowingly solicit information from or market to children under the age of 13. If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible.
12. Updates to This Policy
We may update this privacy policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
13. Contact Us
If you have questions or comments about this policy, you may contact TOL LLC through our support channels available on our website.