BoltDesk AI — Operated by BoltDesk LLC
Last Updated: May 17, 2026
BoltDesk LLC ("BoltDesk AI," "we," "us," or "our") operates the website boltdesk.ai and provides AI-powered front office services including automated call answering, AI chat, lead qualification, appointment booking, follow-up automation, review management, and CRM tools (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website or use our Service.
This Privacy Policy applies to two categories of individuals:
For End User data, the subscribing Client is the data controller and BoltDesk AI acts as the data processor (or "service provider" under U.S. state privacy laws). Our processing of End User data is governed by the Client's instructions and our Data Processing Agreement, available on request to help@boltdesk.ai.
For Client account data, website visitor data, and the limited information BoltDesk collects for its own business operations (billing, marketing, support), BoltDesk AI is the data controller.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.
Mailing Address: BoltDesk LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA.
BoltDesk AI is not designed for and does not knowingly serve:
Clients warrant in our Terms of Service that they will not transmit PHI, FCRA-regulated consumer reports, FERPA-protected student records, or comparable regulated data through the Service.
If you are uncertain whether your business falls within these categories, contact help@boltdesk.ai before subscribing.
We collect: business name, contact name(s), email address, phone number, physical address, website URL, and industry; payment details processed through a third-party payment processor (we do not store full card numbers); calendar and scheduling data from connected calendar systems; Client-uploaded contact lists for review-request and follow-up purposes; and platform usage data (logins, features used, dashboard interactions, IP address, device/browser info).
When an End User interacts with an AI voice agent or AI chat agent powered by BoltDesk AI, we collect on behalf of the Client: the End User's phone number, call duration, date/time, and the number called; call recordings and transcripts, where recording is enabled (see Section 7); chat messages; any name, contact details, scheduling information, or other content voluntarily provided during the interaction; appointment information; and limited device/browser information for chat interactions.
In the course of recording and processing calls, our service providers temporarily generate or use voice-based features including transcription, speaker labeling within a single call, and voice synthesis output. Neither we nor our primary infrastructure provider extracts, generates, or stores voiceprint embeddings or biometric voice identifiers from call audio, and we do not perform cross-call speaker identification or caller matching at any layer of the Service. Our voice synthesis subprocessor generates outbound audio and does not analyze End User voice for biometric identification.
We do not knowingly extract or store standalone voiceprint embeddings, faceprints, or other biometric identifiers as defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's biometric law, or comparable laws.
Where applicable law treats voice recordings themselves as biometric information, we handle them subject to the notice and consent requirements of those laws (see Section 8).
IP address, browser type, operating system, device type, and cookie data on boltdesk.ai. See Section 10.
We use Client information to: provide and operate the Service; authenticate users and protect accounts; process payments and manage subscriptions; provide customer support and account communications; send transactional and service notifications; analyze and improve the Service (using Client-account-level usage data, not End User content); communicate with Clients about new features, training, and offerings (with the ability to opt out of marketing communications); comply with legal obligations; and prevent fraud and misuse.
We process End User information only on documented instructions from the relevant Client to: enable AI-powered call and chat handling; qualify leads and capture intake data; book appointments; send appointment confirmations, reminders, follow-up communications, and review requests on the Client's behalf; provide call recordings, transcripts, summaries, and analytics to the Client; and comply with legal obligations.
We do not use End User personal information for our own marketing, do not target advertising to End Users based on End User data, and do not sell End User personal information.
We do not train our own foundational AI models on End User personal information. Our primary infrastructure provider has confirmed that it does not use customer data to train or fine-tune any foundation models, and has contractual prohibitions with its underlying model providers against such use as well.
Our AI service providers may, in accordance with their own published terms and our agreements with them, use anonymized, deidentified, or aggregated data to maintain and improve their services. We require these providers to apply industry-standard deidentification techniques and to not attempt to re-identify individuals.
AI features within the Service are optional. Clients may decline to enable AI features for some or all of their sub-accounts. A current summary of our service-provider AI-data practices is available on request.
If we ever change this position and use identifiable Service data to train models, we will update this Privacy Policy, notify Clients in advance, and obtain consent or offer an opt-out where required by law.
We do not sell personal information for monetary consideration.
California disclosure: Some standard commercial activities on our marketing website (boltdesk.ai), including the use of analytics and advertising cookies and pixels, may be considered "sharing" of personal information for cross-context behavioral advertising under the California Consumer Privacy Act, even though no money changes hands for the data itself. We honor Global Privacy Control signals and provide an opt-out on request. Within the Service itself (call recordings, transcripts, lead data, etc.), we do not "share" or "sell" End User personal information.
We disclose information only as follows:
The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required by law, we rely on appropriate transfer mechanisms (such as the EU-U.S. Data Privacy Framework certification of our service providers, Standard Contractual Clauses, or your consent) for international transfers.
Calls handled by our AI voice agents may be recorded and transcribed for quality assurance, service delivery, and the Client's lawful business purposes. Our system includes a default-on call recording disclosure message that plays at the beginning of each call. Clients may not disable this disclosure without contacting BoltDesk AI and providing written confirmation that an alternative compliant disclosure is in place.
Federal law and the laws of the following U.S. states currently require all parties to a call to consent to recording: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington. State law definitions and exceptions vary; some states (including Connecticut and Massachusetts) treat in-person and telephonic recordings differently. Clients are responsible for ensuring their use of recording features complies with all applicable federal, state, and local laws in every jurisdiction where calls may originate or terminate. BoltDesk AI does not provide legal advice on jurisdiction-specific recording requirements.
We provide this notice in light of biometric privacy laws including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington's biometric law:
By providing a phone number or email address to a Client through the Service, an End User may receive appointment confirmations, reminders, follow-ups, and review requests via SMS and/or email from the Client. Each automated message includes opt-out instructions: reply STOP to any SMS to opt out of further SMS, or click the unsubscribe link in any email. Opt-out requests are honored promptly across the Client's account and propagated across all messaging channels for that Client.
Clients are responsible for compliance with the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, the Florida Telephone Solicitation Act, and other applicable federal and state communications laws, including obtaining all required prior express written consent before initiating automated calls or texts, and registering for Application-to-Person (A2P) 10DLC where required.
We use cookies and similar technologies on boltdesk.ai for authentication and session management (essential), to remember preferences (functional), to understand site usage (analytics), and to support our marketing on our own site (advertising). Where required by law, we display a cookie consent banner and honor browser-level signals such as the Global Privacy Control (GPC) as a valid opt-out of "sale" or "sharing" of personal information. We do not use cookies or pixels within the Service itself (call recordings, transcripts, etc.).
Expedited deletion requests. Where Clients request expedited deletion (for example, to comply with state privacy law response deadlines), we will delete the categories of data within our direct control (account information, contact records, transcripts, chat logs) within 30 days. Call recordings stored by our telephony subprocessor are subject to the wind-down timeline described above and cannot be deleted more quickly without changes to upstream provider behavior. We will use commercially reasonable efforts to initiate the telephony wind-down promptly on request.
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest where supported by our service providers, access controls and least-privilege provisioning, multi-factor authentication for our administrative accounts, periodic security reviews, and contractual security requirements with subprocessors. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
If we become aware of a security incident affecting Client or End User personal information, we will notify the affected Client without undue delay and in any event within 72 hours of confirmation, with the information reasonably available at that time, and will cooperate with the Client to meet the Client's legal notification obligations to End Users and regulators. Where an upstream provider notifies us later than 72 hours, we will notify Clients as soon as we are notified.
Clients agree to provide accurate and current contact information for incident notifications.
The Service is not directed to children. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly. Clients agree not to use the Service in connection with services directed to children.
Subject to verification and applicable law, you may have the right to access, correct, delete, restrict or object to processing of, and obtain a portable copy of, the personal information we hold about you, and the right not to be discriminated against for exercising your rights. To exercise rights, contact help@boltdesk.ai or use any in-product mechanism we provide. We will respond within the timeframe required by applicable law (generally 30 to 45 days). If you are an End User, please contact the relevant Client first; we will assist the Client in responding.
California residents have the rights described in this section, plus:
We honor opt-out preference signals (including GPC) where required by law.
Residents of states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, Tennessee, Minnesota, Maryland, New Hampshire, Nebraska, Indiana, Kentucky, Rhode Island, and any others as those laws come into force — have rights similar to those described above, as well as the right to appeal any denial of a request. Appeals may be submitted to help@boltdesk.ai.
Where the GDPR or comparable laws apply, the lawful bases for our processing are: performance of a contract; legitimate interests (operating and securing the Service); compliance with legal obligations; and, where required, consent. You have the right to lodge a complaint with your local supervisory authority.
If you are a Client in a regulated industry, additional limitations apply:
Our Service and website may contain links to third-party sites. We are not responsible for the privacy practices of third parties.
We may update this Privacy Policy. We will post the revised policy with a new "Last Updated" date and, for material changes affecting Clients, notify Clients by email at least 30 days before the changes take effect. Continued use after the effective date constitutes acceptance.
BoltDesk LLC
Mailing Address: 30 N Gould St, STE R, Sheridan, WY 82801, USA
Email: help@boltdesk.ai
Website: boltdesk.ai