Call0 is an AI-powered voice agent platform that answers your business phone calls 24/7. It handles customer questions, books appointments, and speaks naturally in over 30 languages.

How much does Call0 cost?

Call0 uses a pay-per-use credit system with no monthly subscription. You only pay for the calls your AI agent handles, making it 75-90% cheaper than human operators.

What languages does Call0 support?

Call0 supports over 30 languages including English, German, Spanish, French, Italian, Portuguese, Japanese, Korean, and Chinese.

Can Call0 book appointments?

Yes, Call0 integrates with Google Calendar and other scheduling tools to automatically book appointments during phone calls.

Can I transfer to a human agent?

Yes, Call0 supports human handoff. When the AI detects a complex issue or the caller requests a human, it seamlessly transfers the call.

Data Processing Agreement (DPA)

Auftragsverarbeitungsvertrag gemäß Art. 28 DSGVO

Last updated: March 2026

§1 Parties & Scope

Data Processor: Call0 Inc., 447 Broadway, 2nd Floor Suite #3389, New York, NY 10013, United States ("Processor")

Data Controller: The business customer using the Call0 platform ("Controller")

This DPA governs the processing of personal data by the Processor on behalf of the Controller pursuant to Art. 28 GDPR / DSGVO. It applies for the duration of the use of the Call0 platform and terminates upon deletion of the customer account.

§2 Nature & Purpose of Processing

The Processor processes the following personal data on behalf of the Controller:

- Call data: Caller phone numbers, call times, call duration
- Transcripts: AI-generated call transcriptions
- Recordings: Call recordings (if enabled by the Controller)
- Caller information: Names, email addresses, appointment details, and other information provided by callers
- Booking data: Appointments and orders created during calls
- Sentiment data: AI-based sentiment analysis of conversations
- Channel data: WhatsApp and email messages processed through alternative channels

The purpose of processing is to provide the AI voice agent service, including call handling, transcription, booking management, customer support automation, and analytics.

§3 Data Subjects

- Callers and customers of the Controller
- WhatsApp and email contacts of the Controller
- Employees of the Controller, if mentioned in calls or messages

§4 Sub-Processors

The Controller consents to the use of the following sub-processors:

Provider	Purpose	Location
Supabase Inc.	Database & Authentication	USA (SCCs)
Twilio Inc.	Telephony & Call Routing	USA (SCCs)
Anthropic PBC	AI Language Model (Claude)	USA (SCCs)
OpenAI Inc.	AI Language Model (GPT)	USA (SCCs)
Deepgram Inc.	Speech-to-Text	USA (SCCs)
AssemblyAI Inc.	Speech-to-Text	USA (SCCs)
ElevenLabs Inc.	Text-to-Speech	USA (SCCs)
Cartesia Inc.	Text-to-Speech	USA (SCCs)
Stripe Inc.	Payment Processing	USA (SCCs)
Vercel Inc.	Hosting & CDN	USA (SCCs)

SCCs = EU Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR. The Controller will be notified of changes to sub-processors via email with 30 days notice.

§5 Technical & Organizational Measures (TOMs)

The Processor implements the following measures pursuant to Art. 32 GDPR:

- Encryption: TLS 1.3 for all data in transit, AES-256 for data at rest
- Access control: Row Level Security (RLS), role-based access control, principle of least privilege
- Pseudonymization: Caller phone numbers stored as SHA-256 hashes in customer profiles
- Availability: Redundant infrastructure, automated backups, auto-scaling
- Resilience: DDoS protection via Vercel/Cloudflare
- Recovery: Point-in-time recovery for databases
- Regular review: Security audits of infrastructure and access controls

§6 Data Subject Rights

The Processor assists the Controller in fulfilling data subject rights under Art. 12-22 GDPR:

- Access (Art. 15): Data export functionality in account settings
- Erasure (Art. 17): Account deletion with complete data removal within 30 days
- Portability (Art. 20): JSON export of all data
- Individual records: Deletion of individual customer profiles and call logs via the dashboard

Requests can be submitted via account settings or through our contact page.

§7 Processor Obligations

- Processing only on documented instructions from the Controller
- Confidentiality: All employees are bound by confidentiality obligations
- Data breach notification to the Controller within 48 hours (Art. 33 GDPR)
- Deletion of all data upon termination of the processing agreement
- Assistance with Data Protection Impact Assessments (Art. 35 GDPR)
- Provision of information to demonstrate compliance (Art. 28(3)(h) GDPR)

§8 AI Call Recording Notice

Every call automatically starts with a notice about AI-assisted processing and potential recording per Art. 13 GDPR. The caller can hang up at any time to decline processing.

The Controller is responsible for ensuring that the AI disclosure and recording notice comply with applicable local laws in their jurisdiction.

§9 Contact

For questions about data processing:

Call0 Inc.
447 Broadway, 2nd Floor Suite #3389
New York, NY 10013, United States

Or via our contact page.

This DPA is accepted by using the Call0 platform. A separately signed version can be provided upon request.