Privacy Policy - QualiFIAI

Who We Are

QualiFI AI is an AI Voice Solution Agency specializing in providing advanced conversational AI solutions for the financial industry. We are based in South Africa and serve clients globally, including the United States, Canada, and the European Union.

Business Details:

Website: https://Qualifiai.org
Address: 21 Topaz Road, Hillshaven, Westonaria 1779, South Africa

Our Services:

AI Voice Solutions
Financial Industry Automation
Call Management Systems
Appointment Setting Solutions

What Personal Data We Collect and Why We Collect It

Personal Information

We collect the following personal information to provide our AI voice solutions:

Email addresses
Full names
Phone numbers
Business addresses

Business registration numbers
State/Province information
Company details
Professional credentials

Voice Data and Recordings

We collect and process voice data for AI training and service delivery purposes:

Call recordings for quality assurance and AI training
Voice patterns and speech analytics
Call duration and timing data
Conversation metrics and performance data

Financial Industry Data

For financial services integration, we may access:

CRM system data and client records
Calendar and appointment scheduling information
Client interaction history
Business transaction records (as authorized)

Comments

When visitors leave comments on our website or interact with our AI voice systems, we collect the data shown in the comments form, plus the visitor’s IP address and browser user agent string for spam detection purposes.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Note: Comments containing sensitive financial information are automatically flagged and require manual review before publication.

Media

If you upload images, videos, or audio files to our website, you should avoid uploading files with embedded location data (EXIF GPS) or sensitive information. Visitors to the website can download and extract any location data or sensitive information from these files.

Security Measures:

Automatic metadata stripping
File type verification
Virus scanning
Size limitations

Retention:

Media files: Up to 7 years
Backup copies: 30 days
Temporary files: 24 hours
Deleted on request

Contact Forms

When you submit information through our contact forms, we collect and store the information you provide, including:

Personal Details

Name and title
Email address
Phone number
Company name

Message Content

Inquiry details
Service requirements
Project specifications
Business needs

Technical Data

IP address
Browser information
Timestamp
Referrer URL

Purpose: Contact form data is used solely for responding to your inquiries and providing requested services. We do not use this information for marketing unless explicitly requested.

Cookies

We use cookies and similar tracking technologies to enhance your experience on our website and to analyze usage patterns. Here are the types of cookies we use:

Essential Cookies (Required)

These cookies are necessary for the website to function properly:

Session management
Security authentication
Load balancing
Basic functionality

Analytics Cookies (Optional)

Help us understand how visitors interact with our website:

Page views and user behavior
Traffic sources and demographics
Performance optimization
Error tracking and debugging

Preference Cookies (Optional)

Remember your settings and preferences:

Language preferences
Theme settings
Form field memory
Accessibility options

Your Control: You can control cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect website functionality.

Analytics

We use various analytics services to understand website usage, improve our services, and enhance user experience. These services may collect and process the following data:

Website Analytics

Page views and unique visitors
Session duration and bounce rate
Traffic sources and referrers
Device and browser information
Geographic location (country/city level)

Voice Service Analytics

Call duration and frequency
Service quality metrics
Error rates and issue tracking
User satisfaction scores
Performance optimization data

Data Protection Measures

All analytics data is processed with the following protections:

• IP address anonymization
• Data aggregation and anonymization
• Limited data retention periods
• Secure data transmission and storage

Who We Share Your Data With

We may share your personal data with trusted third-party service providers who assist us in delivering our services. All data sharing is governed by strict data processing agreements:

AI Voice Processing Partners

Retell AI: Voice AI platform for call processing and analysis
Purpose: Voice data processing, AI model training, call analytics
Data Shared: Voice recordings, call metadata, performance metrics
Location: United States

Automation and Integration Services

Make.com: Workflow automation and system integration
Purpose: Data synchronization, automated workflows, system connections
Data Shared: Contact information, business data, integration logs
Location: European Union

Communication Services

Twilio: Cloud communications platform
Purpose: Voice calls, SMS, phone number provisioning
Data Shared: Phone numbers, call logs, communication records
Location: United States

Payment Processing

Stripe: Payment processing and billing
Purpose: Processing payments, managing subscriptions, invoice generation
Data Shared: Billing information, payment history, transaction data
Location: United States

Customer Support Services

Chatdash/VoiceConnect360: Customer support and communication management
Purpose: Customer service, support ticket management, communication tracking
Data Shared: Support inquiries, contact information, service history
Location: Various (as per service requirements)

Legal and Regulatory Sharing

We may also share personal data when required by law, court order, or regulatory authority, or to protect our rights, property, or safety, or that of others.

How Long We Retain Your Data

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. Our retention periods vary based on data type and legal requirements:

Personal Information

Contact Information: 7 years after last contact
Business Registration Data: 10 years (regulatory requirement)
Client Records: 7 years after contract termination

Analytics Data: 26 months maximum
Website Cookies: Up to 2 years
Marketing Preferences: Until withdrawal

Voice and Communication Data

Call Recordings: 3-7 years (based on jurisdiction)
Call Analytics: 5 years for trend analysis
Chat Logs: 3 years for quality assurance

Communication Logs: 7 years
Support Tickets: 5 years after resolution
Incident Reports: 10 years

Financial Services Data

Transaction Records: 7 years (regulatory requirement)
Appointment Data: 3 years after completion
CRM Integration Data: As per client agreement

Security Logs: 2 years minimum
Access Records: 1 year after termination
Backup Data: 30 days rolling retention

Early Deletion: You may request early deletion of your data at any time, subject to legal and contractual obligations. Some data may need to be retained for regulatory compliance even after a deletion request.

What Rights You Have Over Your Data

Depending on your location and applicable privacy laws (GDPR, CCPA, POPIA), you have various rights regarding your personal data:

Right to Access

You can request information about:

What personal data we hold about you
How we use your data
Who we share your data with
How long we retain your data
The source of your data

Right to Rectification

You can request to:

• Correct inaccurate personal data
• Complete incomplete personal data
• Update outdated information
• Modify contact preferences

Right to Erasure (“Right to be Forgotten”)

You can request deletion of your data when:

The data is no longer necessary for the original purpose
You withdraw consent (where consent was the legal basis)
The data has been unlawfully processed
You object to processing and there are no overriding legitimate grounds

Right to Restrict Processing

You can request to limit how we use your data when:

You contest the accuracy of the data
The processing is unlawful
We no longer need the data but you need it for legal claims
You’ve objected to processing pending verification

Right to Data Portability

You can request to:

Receive your data in a structured, machine-readable format
Transfer your data to another service provider
Have us directly transfer your data (where technically feasible)

Right to Object

You can object to:

Processing based on legitimate interests
Direct marketing communications
Automated decision-making and profiling
Processing for research or statistical purposes

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: official@qualifiai.org
Response Time: Within 30 days
Identity Verification: May be required for security purposes

Where Your Data Is Sent

Due to the global nature of our services and the use of international service providers, your personal data may be transferred to and processed in countries other than your country of residence:

United States

Service Providers:

Retell AI (Voice processing)
Twilio (Communications)
Stripe (Payment processing)

Protections:

Standard Contractual Clauses
Privacy Shield (where applicable)
Robust data security measures

European Union

Service Providers:

Make.com (Automation)
EU-based cloud services

Protections:

GDPR compliance
Adequacy decisions
Local data protection laws

South Africa (Primary Location)

Data Processing:

Primary business operations
Local data storage
Customer support

Protections:

POPIA compliance
Local regulatory oversight
Constitutional privacy rights

International Transfer Safeguards

We ensure appropriate safeguards for international data transfers:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all service providers
Regular compliance audits and assessments
Encryption in transit and at rest
Access controls and monitoring

Contact Information

If you have any questions about this privacy policy, need to exercise your data rights, or have concerns about how we handle your personal information, please contact us:

Business Contact

Company: QualiFI AI
Address:
21 Topaz Road
Hillshaven, Westonaria 1779
South Africa
Website: https://Qualifiai.org

Privacy Contact

Privacy Email: official@qualifiai.org
Support Email: support@qualifiai.org
Response Time: Within 30 days

Professional Updates

Twitter

How We Protect Your Data

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Security Measures

Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
Access Controls: Multi-factor authentication and role-based permissions
Infrastructure: Secure cloud hosting with regular security updates

Vulnerability Management: Regular security assessments and penetration testing
Monitoring: 24/7 security monitoring and incident detection
Backup & Recovery: Secure, encrypted backups with tested recovery procedures

Organizational Security Measures

Staff Training: Regular privacy and security awareness training
Confidentiality: All staff sign confidentiality and data protection agreements
Policies: Comprehensive data protection and security policies

Audits: Regular internal and external security audits
Vendor Management: Due diligence and security assessments of all service providers
Incident Response: Documented procedures for security incidents

Compliance and Certifications

POPIA Compliance: South African data protection standards
GDPR Compliance: European Union privacy regulations
CCPA Compliance: California consumer privacy standards

Industry Standards: Following ISO 27001 security principles
Legal Compliance: Adherence to all applicable privacy laws
Continuous Improvement: Regular review and update of security measures

Data Breach Procedures

In the unlikely event of a data breach that may affect your personal information, we have established comprehensive procedures to respond quickly and effectively:

Immediate Response (0-24 hours)

Detection and Assessment: Identify and assess the scope of the breach
Containment: Immediately contain the breach to prevent further data exposure
Documentation: Record all details of the incident for investigation
Team Assembly: Activate our incident response team
Initial Analysis: Determine what data may have been affected

Investigation Phase (1-72 hours)

Forensic Analysis: Conduct detailed investigation of the breach
Risk Assessment: Evaluate potential impact on affected individuals
Data Mapping: Identify exactly which personal data was compromised
Regulatory Assessment: Determine notification requirements under applicable laws
Remediation Planning: Develop plan to fix vulnerabilities

Notification Procedures (Within 72 hours)

Regulatory Notifications:

Information Regulator (South Africa) – POPIA
Relevant EU Data Protection Authorities – GDPR
California Attorney General – CCPA
Other applicable regulatory bodies

Individual Notifications:

Direct notification to affected individuals
Clear, plain language explanation
Steps taken to address the breach
Recommendations for protective actions

Remediation and Recovery

Security Improvements: Implement additional security measures to prevent similar breaches
System Updates: Apply necessary patches and security updates
Process Review: Review and update data protection procedures
Staff Training: Provide additional training if human error was involved
Ongoing Monitoring: Enhanced monitoring for signs of further compromise

Post-Incident Analysis

Lessons Learned: Comprehensive review of incident response
Policy Updates: Update security policies and procedures based on findings
Training Enhancement: Improve staff training programs
Technology Assessment: Evaluate need for additional security technologies
Compliance Review: Ensure all regulatory requirements were met

If You’re Affected by a Breach

If we determine that a breach may have affected your personal data, we will:

Contact you directly within 72 hours of discovering the breach
Explain what happened and what data may have been involved
Provide clear guidance on steps you can take to protect yourself
Offer credit monitoring or identity protection services if appropriate
Keep you updated throughout our investigation and remediation process

Third Parties We Receive Data From

We may receive personal data about you from various third-party sources as part of our business operations and service delivery:

Client Organizations

Data Sources:

Client CRM systems
Customer databases
Contact lists and directories
Appointment scheduling systems

Data Types:

Contact information
Client interaction history
Account preferences
Communication records

Business Partners and Referrals

Sources:

Business referral partners
Technology integration partners
Industry associations
Professional networks

Information Received:

Business contact details
Company information
Service requirements
Professional credentials

Public and Commercial Data Sources

Public Sources:

Business registries
Professional licensing boards
Public financial filings
Industry publications

Commercial Sources:

Data verification services
Industry databases
Lead generation platforms
Market research providers

Technology Integration Sources

API Integrations:

CRM system APIs
Calendar applications
Communication platforms
Financial service APIs

Webhook Data:

System event notifications
Status updates
Error reports
Performance metrics

Data Quality and Legal Compliance

For all third-party data sources, we ensure:

Verification that data was lawfully collected and can be legally shared
Appropriate consent or legal basis exists for the data processing
Data accuracy and quality checks upon receipt
Compliance with applicable privacy laws in the source jurisdiction
Proper data processing agreements with all data sources

Automated Decision Making and Profiling

As an AI-powered service provider, we use automated decision-making and profiling technologies to deliver our voice AI solutions. Here’s how we use these technologies and what rights you have:

Voice AI Processing

Automated Processes:

Speech recognition and transcription
Natural language understanding
Intent classification
Response generation
Call routing and escalation

Purpose:

Provide voice-based services
Improve call handling efficiency
Personalize user interactions
Quality assurance
Service optimization

Customer Analytics and Profiling

Profiling Activities:

Communication preference analysis
Service usage pattern recognition
Customer satisfaction scoring
Behavioral trend analysis
Risk assessment for financial services

Benefits:

Personalized service delivery
Improved response times
Enhanced customer experience
Fraud prevention
Service quality improvements

Safeguards and Human Oversight

Technical Safeguards:

Regular algorithm auditing
Bias testing and correction
Accuracy monitoring
Performance benchmarking
Error detection and correction

Human Oversight:

Human review of critical decisions
Escalation procedures
Manual override capabilities
Quality assurance reviews
Customer feedback integration

Your Rights Regarding Automated Processing

Right to Information:

Explanation of automated decision logic
Significance and consequences
Data sources used
Processing methods

Right to Intervention:

Request human review
Contest automated decisions
Express your point of view
Request decision reconsideration

Opt-Out Options

You can opt out of certain automated processing:

Marketing-related profiling (while maintaining service functionality)
Non-essential analytics and scoring
Optional personalization features
Research and development data usage

Note: Some automated processing is essential for our core services and cannot be opted out of while using our services.

Industry Regulatory Disclosure Requirements

As a provider of AI voice solutions to the financial industry, we comply with various regulatory requirements that may affect how we handle your personal data:

Financial Services Regulations

South African Regulations:

Financial Intelligence Centre Act (FICA)
Financial Sector Conduct Authority (FSCA) requirements
South African Reserve Bank (SARB) directives
Treating Customers Fairly (TCF) principles

International Standards:

Anti-Money Laundering (AML) requirements
Know Your Customer (KYC) obligations
FATCA compliance (US clients)
Common Reporting Standard (CRS)

Data Retention for Regulatory Purposes

Required Retention Periods:

Client identification records: 5 years after relationship ends
Transaction records: 5-7 years depending on jurisdiction
Communication records: 7 years for financial advice
Compliance records: 5 years minimum

Audit and Inspection Rights:

• Regulatory authorities may request access
• Court orders may require disclosure
• Law enforcement investigations
• Tax authority inquiries

Voice Recording and Communication Regulations

Recording Requirements:

Financial advice conversations
Transaction authorization calls
Customer service interactions
Complaint handling procedures

Quality and Compliance:

Call monitoring for compliance
Staff training and assessment
Customer protection verification
Dispute resolution evidence

Mandatory Reporting Obligations

Suspicious Activity Reporting:

Money laundering suspicions
Fraud detection and reporting
Terrorist financing indicators
Unusual transaction patterns

Regulatory Notifications:

Data breach notifications
System outage reports
Significant incident reporting
Compliance violation disclosures

Cross-Border Data Transfer Compliance

International Compliance:

GDPR for EU client data
CCPA for California residents
PIPEDA for Canadian clients
Local financial regulations

Transfer Mechanisms:

Standard Contractual Clauses
Adequacy decisions
Binding Corporate Rules
Derogations for specific situations

Impact on Your Privacy Rights

Regulatory requirements may affect your privacy rights in the following ways:

Some data may need to be retained longer than you would prefer for regulatory compliance
Certain data may need to be disclosed to regulatory authorities despite privacy preferences
Deletion requests may be limited by legal retention requirements
Cross-border transfers may be necessary for regulatory reporting
We will always inform you when regulatory requirements override your privacy preferences

Additional Information

Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at official@qualifiai.org.

Policy Updates and Changes

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

Update the “Last Updated” date at the top of this policy
Post a notice on our website highlighting the changes
Provide a summary of key changes in our notification

Your continued use of our services after any changes constitutes acceptance of the updated policy.

Language and Translation

This privacy policy is written in English. If we provide translations in other languages, the English version will prevail in case of any discrepancies. We strive to make our privacy practices clear and accessible to all users regardless of language preferences.

For questions about this policy in other languages, please contact us at official@qualifiai.org.

Legal Jurisdiction and Dispute Resolution

This privacy policy is governed by the laws of South Africa. Any disputes relating to this policy or our privacy practices will be resolved through:

First: Direct negotiation and good faith discussions
Second: Mediation through a mutually agreed mediator
Finally: Courts of competent jurisdiction in South Africa

However, you retain the right to lodge complaints with relevant data protection authorities in your jurisdiction.

Limitation of Liability

While we implement comprehensive security measures and comply with applicable privacy laws, we cannot guarantee absolute security of your personal information. Our liability for privacy-related issues is limited to:

• Direct costs incurred due to our negligence
• Reasonable mitigation measures (such as credit monitoring)
• Compliance with regulatory penalties and fines

This limitation does not affect your statutory rights under applicable consumer protection laws.

Our Commitment to Privacy

Privacy is not just a legal requirement for us—it’s a core value that guides how we design our services and interact with our clients. We are committed to:

• Going beyond minimum compliance requirements

• Transparency in all our data practices

• Continuous improvement of our privacy protections

• Proactive communication about privacy matters

• Respecting your privacy choices and preferences