Privacy Policy & GDPR Notice

This Privacy Policy explains how Critical AI LLC (“LyrAI,” “we,” “us”) collects, uses, discloses, and protects personal data when you visit lyrai.ai, submit an application, or use our AI voice agent and CRM services. It applies to data subjects worldwide, including residents of the European Economic Area (EEA), United Kingdom, Switzerland, California, and other jurisdictions with comprehensive privacy laws.

• Identification & contact data: name, business email, phone number, company, role, country.
• Application & communication data: messages, form submissions, support correspondence.
• Voice & call data: audio recordings, transcripts, caller numbers, call metadata, derived analytics.
• Technical data: IP address, browser, device, language, timestamps, referring URLs.
• Usage data: pages viewed, features used, session duration, clickstream events.
• Cookies & similar technologies: see Section 09.

• Provide, operate, and improve the Service.
• Respond to applications, requests, and support inquiries.
• Place, transcribe, summarize, and analyze voice calls on behalf of customers.
• Secure the Service, prevent fraud, and enforce our Terms.
• Comply with legal, regulatory, and contractual obligations.
• Send service notices and, where permitted, marketing communications you may opt out of at any time.

Where the GDPR or UK GDPR applies, we rely on the following legal bases under Article 6:

• Contract (Art. 6(1)(b)) – to provide services you have requested.
• Legitimate interests (Art. 6(1)(f)) – to secure, improve, and market our Service in a balanced way.
• Consent (Art. 6(1)(a)) – for non-essential cookies, marketing emails, and call recording where required by law.
• Legal obligation (Art. 6(1)(c)) – to comply with applicable law.

You may withdraw consent at any time without affecting the lawfulness of prior processing.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”).
• Restrict or object to processing, including profiling and direct marketing.
• Data portability in a structured, machine-readable format.
• Withdraw consent at any time.
• Lodge a complaint with your local supervisory authority (e.g. CNIL, ICO, your national DPA).
• For California residents: rights to know, delete, correct, opt out of “sale” or “sharing,” and limit use of sensitive personal information under the CCPA/CPRA. We do not sell personal information.

To exercise any right, email contact@lyrai.ai. We respond within 30 days (GDPR) or 45 days (CCPA), extendable as permitted by law.

We share personal data only with vetted sub-processors under written agreements at least as protective as this Policy, including cloud hosting providers, AI model providers, telephony carriers, analytics, email delivery, and payment processors. We may also disclose data to comply with law, enforce our Terms, or protect rights, property, and safety. We do not sell personal data.

Personal data may be transferred to, and processed in, the United States and other countries where we or our sub-processors operate. Where data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses (2021/914), the UK Addendum, and supplementary safeguards as appropriate.

We retain personal data only for as long as necessary to fulfil the purposes described, including any legal, accounting, or reporting requirements. Voice recordings and transcripts are retained according to the customer’s configured retention period and are deleted within 30 days of account termination, except where retention is required by law.

We use strictly necessary cookies to operate the site and, with your consent, analytics cookies to understand usage and improve the Service. You can manage preferences through your browser settings. We honor Global Privacy Control (GPC) signals as a valid opt-out of “sale”/“sharing” under the CCPA/CPRA.

We implement administrative, technical, and physical safeguards including encryption in transit (TLS 1.2+) and at rest (AES-256), strict access controls, audit logging, and regular security reviews. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

The Service is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact contact@lyrai.ai and we will delete it.

The Service uses AI for transcription, summarization, and analytics. We do not use these outputs to make legal or similarly significant decisions about individuals without human review. Outputs may be inaccurate; customers must review material outputs before relying on them.

We may update this Policy from time to time. The “Effective Date” above indicates the latest revision. Material changes will be communicated via the Service or by email where appropriate.

Privacy inquiries, data subject requests, and complaints: contact@lyrai.ai. Postal: Critical AI LLC, Sheridan, Wyoming, United States. EEA/UK representatives can be appointed on request for relevant customers.