Privacy Notice

Everything you need to know about data protection and using fonio.
Privacy Notice (Landingpage)
Privacy Notice (Web-App)
Terms & Conditions

In case of discrepancies, the German version of this privacy notice shall prevail. Other language versions are provided for information purposes only.

Data protection, Controller and scope 

We respect the privacy of our customers and other interested parties and comply with applicable data protection laws. These laws include, in particular, the European Union's General Data Protection Regulation ("GDPR") and the UK Data Protection Act.

This privacy notice covers: 

  • Website(s):
    • fonio.ai
  • Service(s):
    • B2B fonio.ai web app – configuring and managing an AI telephony assistant

The following categories of data subjects are covered by this privacy notice:

  • Website visitors
  • Employees of customers

The controller responsible for processing your personal data within the scope of this privacy notice is:

fonio GmbH

Joanelligasse 5/16

1060 Vienna

Austria

info@fonio.ai

The following explains:

  • the purpose for which personal data is collected and processed.
  • which categories of personal data are affected by the collection and processing.
  • the legal basis on which we process personal data.
  • which third parties are involved in the processing of personal data as processors.
  • to which third parties personal data is transferred.
  • Further information, including storage periods, data subject rights and other information to help you understand the processing described.

Purposes of processing on our website (fonio.ai)

Website hosting

Our website was created with the online service "Webflow" and is hosted there. Webflow is a product of the US company Webflow, Inc. 

Webflow uses content delivery network (CDN) providers such as Fastly, Amazon CloudFront or Cloudflare to deliver website content quickly and securely to website visitors. 

Data collected and processed: 

  • Technical information such as an IP address
  • Device information 
  • User behaviour relevant to error analysis
  • Website visit data
  • Browser information
  • Log data
  • Cookies

Legal basis 

  • Legitimate interest pursuant to Art. 6(1)(f) GDPR
  • Consent of the data subject pursuant to Art. 6(1)(a) GDPR
  • Data Privacy Framework

Our processors

  • Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103, USA

Further information

  • Legitimate interest: Provision or use of the service offered.
  • The legal basis of consent relates to the use of CDN services.
  • Further information can be found in the Webflow Global Privacy Policy

Testing the AI telephone assistant

We offer a feature on our website that allows you to test an AI telephony assistant. After providing the necessary information, you will receive a call from our AI telephone assistant. The test call will be recorded for quality improvement purposes. When using the service, data may also be transferred to third countries.

Data collected and processed: 

  • Identification data
  • Company
  • Contact details
  • Information that you convey to the AI assistant by voice

Legal basis: 

  • Legitimate interest pursuant to Art. 6(1)(f) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • LiveKit Inc., 4285 Payne Avenue, Suite 9154, San Jose, CA 95157, United States
  • Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland
  • Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, United States
  • Deepgram, Inc., 548 Market St, Suite 25104, San Francisco, CA 94104-5401, United States
  • OpenAI, L.L.C., 3180 18th St San Francisco, CA 94110, United States
  • New Relic, Inc, 188 Spear Street, Suite 1000, San Francisco, CA 94105, United States
  • PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States
  • Microsoft Ireland Operations Limited, One Microsoft Place, D18 P521 Dublin, Ireland
  • Hetzner Online GmbH, based at Industriestr. 25, 91710 Gunzenhausen, Germany

Further information:

  • Legitimate interest: Provision and testing of the service offered.
  • We ask that you do not transmit any particularly sensitive categories of personal data when using the AI telephony assistant. These categories include, for example:
    • Ethnic origin.
    • Political opinions.
    • Religious or philosophical beliefs.
    • Trade union membership.
    • Genetic data.
    • Biometric data.
    • Health data.
    • Data concerning sex life or sexual orientation.
  • You can prevent us from collecting your data by not using the test service.

Contact by email

We publish a contact email address on our website that you can use to contact us to obtain more detailed information about our services or to provide us with feedback.

Data collected and processed: 

  • Email address
  • Information you send us by email

Legal basis 

  • Legitimate interest pursuant to Art. 6(1)(f) GDPR

Further information:

  • Legitimate interest: Asking and answering questions about products, services and other services.
  • We ask that you do not send any particularly sensitive categories of personal data when contacting us. These categories include, for example:
    • Ethnic origin.
    • Political opinions.
    • Religious or philosophical beliefs.
    • Trade union membership.
    • Genetic data.
    • Biometric data.
    • Health data.
    • Data concerning sex life or sexual orientation.

Newsletter distribution

You can subscribe to our newsletter on our website so that we can send you regular updates about us and our services.

Data collected and processed: 

  • Identification data
  • Contact details
  • Data on interaction with newsletters
  • Cookies

Legal basis 

  • Consent of the data subject pursuant to Art. 6(1)(a) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • MailerLite, Inc., 548 Market St, PMB 98174, San Francisco, California 94104-5401, United States

Further information

Online appointment scheduling

You can make an appointment with us on our website. We use the services of Cal.com for this purpose. Using the appointment scheduling function may result in data being transferred to third countries.

Data collected and processed: 

  • Identification data
  • Contact details
  • Company data
  • Information on monthly telephone usage
  • Any additional information you provide in free-text fields
  • Technical information
  • Cookies

Legal basis 

  • Consent of the data subject on the basis of Art. 6(1)(a) GDPR
  • Data Privacy Framework

Our processors

  • Cal.com Inc., San Francisco Bay Area, West Coast, USA

Further information

  • Further information can be found in the Cal.com Privacy Policy.  
  • We ask that you do not submit any particularly sensitive categories of personal data when making an appointment online. These categories include, for example:
    • Ethnic origin.
    • Political opinions.
    • Religious or philosophical beliefs.
    • Trade union membership.
    • Genetic data.
    • Biometric data.
    • Health data.
    • Data concerning sex life or sexual orientation.
  • You can prevent your data from being collected by not using the online appointment booking service.

Analysis of user behaviour

We use technologies in the form of code snippets to analyse and improve user behaviour on our website, monitor and optimise advertising campaigns, and attract new customers. This may involve the transfer of data to third countries.

The following technologies are used:

  • Google Analytics
  • Google Tag Manager
  • TikTok Pixel
  • Meta Pixel
  • LinkedIn Pixel

Data collected and processed: 

  • Technical information such as an IP address
  • Browser data
  • Data on user behaviour and interactions
  • Device information
  • Event data
  • Conversion data
  • Cookies

Legal basis 

  • Consent of the data subject pursuant to Art. 6(1)(a) GDPR
  • Data Privacy Framework

Our processors

  • TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
  • Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
  • Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland

Further information

Displaying third-party content via plug-ins and widgets for social media

We have integrated social media plug-ins and widgets into our site to display content that may be of interest to you, improve your user experience and optimise our advertisements. This may involve data being transferred to a third country.

We use Facebook plug-ins on our website. The Facebook plug-ins are marked with a Facebook logo or the addition "Facebook Social Plug-in".

We use YouTube embeds to show you YouTube videos directly on our website. When you visit a website with an embedded video, your browser automatically connects to the servers of YouTube, a subsidiary of Google. When connecting to Google servers, various personal data may be transferred depending on your settings. If you are logged into YouTube at the time of visiting the website, data that you have already provided directly to YouTube may also be transferred.

Data collected and processed: 

  • Technical information such as your IP address
  • Browser information
  • Data on website visits
  • Data on interaction with plug-ins and widgets
  • Location data
  • Cookies

Legal basis 

  • Consent of the data subject pursuant to Art. 6(1)(a) GDPR
  • Data Privacy Framework

Our processors

  • Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA 
  • Google Ireland Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland

Further information

  • At https://developers.facebook.com/docs/plugins, you can find more detailed information about which Facebook plug-ins exist and how they are used.
  • We are not responsible for the practices and policies regarding data collection, use, disclosure and data security of the third-party providers mentioned. We cannot freely determine the content of the transmitted data or the type of use of such data by these third-party providers.
  • When you visit a page on our website that contains such a plug-in, your browser establishes a direct connection to Facebook's servers. The content of the plug-in is transmitted directly from Facebook to your browser and integrated into the website.
  • If you are logged into Facebook, Facebook can assign the visit to your Facebook account. If you wish to prevent this, you must log out of Facebook before visiting our website.
  • Further information about Facebook and data protection can be found in the Facebook privacy policy.
  • You can find out more about data processing by Google services in the Google Privacy Policy.

Google Fonts

We use the "Google Fonts" service, a free font directory, to display fonts on our website.

     

Data collected and processed: 

  • Technical information such as the IP address
  • Browser information
  • Font usage figures
  • Data on website visits
  • Cookies

Legal basis: 

  • Consent of the data subject pursuant to Art. 6(1)(a) GDPR
  • Data Privacy Framework

Our processors:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Further information

Purposes for which personal data is processed: 

B2B fonio.ai web app – configuring and managing an AI telephony assistant

App hosting

Data collected and processed: 

  • Technical information such as an IP address
  • Device information 
  • User behaviour relevant to error analysis

Legal basis 

  • (Pre-)contractual obligations based on Art. 6(1)(b) GDPR

Our processors

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Further information

  • Location of the data centre where the service is hosted: Germany

Provision of the offered service

Through the use of our application, we provide the following service:

  • Configuration and management of an AI telephone assistant

Data collected and processed: 

  • AI prompts and other AI-related information
  • Configurations
  • Technical access data (e.g. API keys)
  • Telephone numbers

Legal basis 

  • (Pre-)contractual obligations based on Art. 6(1)(b) GDPR

Our processors

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Further information

  • Location of the data centre where the service is hosted: Germany

Maintenance of a customer database (CRM)

Data collected and processed: 

  • Identification data
  • Contact details
  • Email conversation data

Legal basis 

  • Legitimate interest based on Art. 6(1)(f) GDPR
  • Adequacy decision pursuant to Art. 45(3) GDPR

Our processors

  • Attio Limited, Exmouth House Unit 120, 3-11 Pine Street, London, EC1R 0JH, United Kingdom

Further information

  • Legitimate interest: Maintenance of customer relationship data.
  • Further information on data protection at Attio can be found in the Attio Privacy Policy.

Customer registration

Data collected and processed: 

  • Identification data
  • Contact details
  • Authentication data

Legal basis 

  • (Pre-)contractual obligations based on Art. 6(1)(b) GDPR

Our processors

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany

Further information

  • Location of the data centre where the service is hosted: Germany

Processing payments and invoicing

We use the US service provider "Stripe" to process payments via its European subsidiary.

Data collected and processed: 

  • Payment data
  • Invoice data
  • Cookies
  • Technical information

Legal basis 

  • Fulfilment of a legal obligation based on Art. 6(1)(c) GDPR
  • (Pre-)contractual obligations based on Art. 6 (1) (b) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland

Further information

  • For more detailed information on data protection relating to our payment provider Stripe, please refer to the Stripe Privacy Policy.

Error detection and correction

Data collected and processed: 

  • Error-related technical data
  • Data on user behaviour and interactions
  • Application logs

Legal basis 

  • Legitimate interest based on Art. 6(1)(f) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA
  • PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States

Further information

Analysis of user behaviour in the app

Data collected and processed: 

  • Data on user behaviour and interactions

Legal basis 

  • Legitimate interest based on Art. 6(1)(f) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, United States

Further information

  • Legal basis: Improving the user experience when using the app.
  • Further information on data protection at PostHog can be found in the PostHog Privacy Policy.

Sending product news

Data collected and processed: 

  • Identification data
  • Contact details

Legal basis 

  • Legitimate interest based on Art. 6(1)(f) GDPR
  • Data Privacy Framework
  • Standard contractual clauses

Our processors

  • Twilio Ireland Limited, 25-28 North Wall Quay, D01 H104 Dublin, Ireland

Further information

  • Legal basis: Communicating new features that improve the use of the service or expand the functionality of the service.
  • Further information on data protection at Twilio can be found in the Twilio Privacy Notice.

Further information

Transfer of data to the USA and the Data Privacy Framework

We would like to point out that on 10 July 2023, the EU Commission issued an adequacy decision on the EU-US Data Privacy Framework pursuant to Art. 45(1) GDPR. Accordingly, organisations or companies (as data importers) in the USA that are registered in a public list as part of the self-certification of the Data Privacy Framework offer an adequate level of protection for data transfers. This therefore constitutes a valid legal basis for the use of certified US services. For all purposes mentioned in this privacy notice that use services from US providers with an adequate level of protection, the legal basis "Data Privacy Framework" is noted. You can check whether a service provider is certified directly on the Data Privacy Framework website.  

If a provider is not certified by the Data Privacy Framework, this is explicitly mentioned in the respective purpose and a valid alternative legal basis is provided.

Standard contractual clauses

In order to enable data transfers to countries without an adequacy decision, the EU Commission has drawn up model contracts (standard contractual clauses). These standard contractual clauses oblige contractual partners to maintain a level of data protection comparable to that in the EU. These contract texts are made available on the European Union website. Standard contractual clauses are referred to in English as "Standard Contractual Clauses" and abbreviated as "SCC".

Cookies and local storage

This website stores personal data and information in cookies, session storage and local storage. Processing is carried out on the legal basis specified for the respective service.


You can specify how your web browser handles cookies and local storage, which storage processes are permitted or rejected, and for how long data processing takes place in your web browser settings.

Storage period

We only store your personal data for as long as is necessary to fulfil the above-mentioned purposes or for as long as contractual or statutory retention periods exist.

Data transfer

We only pass on your personal data to third parties if this is required by law, if it is necessary for the provision of our services, or if you have consented to the transfer. We will never sell your data to third parties without your express consent.

Data may be transferred to the following categories of recipients, where necessary:

  • Processors named in this privacy policy
  • Banks and payment service providers (payment processing)
  • Shipping service providers (shipping of goods and invoices)
  • Tax advisors (accounting and annual financial statements)
  • Debt collection agencies (collection of debts)
  • Lawyers (assertion of legal claims)

Protection of personal data

We protect personal data using appropriate technical and organisational measures that comply with current industry practices. Where possible, this includes, in particular, pseudonymisation and encryption of personal data during transmission and storage.

Revocation of consent

If you have given your consent to the processing of your personal data for a specific purpose on the basis of Art. 6 (1) (a) GDPR, you can withdraw this consent at any time (revocation). The revocation does not affect the lawfulness of the processing of personal data until the revocation.

Mandatory provision of data and consequences of non-provision when visiting the website

The provision of personal data for visiting our website is neither legally nor contractually required. It is possible to refrain from providing your personal data by not visiting this website. For certain functions on our website, failure to provide data means that these functions cannot be used.

Mandatory provision of data and consequences of non-provision when using services

There is no legal or contractual obligation to provide personal data. Failure to provide data means that no offer can be made or contract concluded and the services offered cannot therefore be provided.

The provision of personal data for the use of our services is in some cases required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). 

In the case of consent to the processing of personal data, there is no legal or contractual obligation to provide this data. Depending on the consent, failure to give consent may result in either no contract being concluded or the service not being able to be used in full.

Rights of data subjects

Right to information

You have the right to request information about your personal data stored by us at any time and to receive a copy of this information. Furthermore, you have the right to request confirmation as to whether the personal data in question is being processed.

Right to rectification

If your data is incorrect or incomplete, we will correct it upon request.

Right to data portability

If we process your personal data automatically with your consent or on the basis of a corresponding agreement, you have the right to request a copy of your data in a structured, commonly used and machine-readable format, which will be sent to you or another party. This only applies to personal data that you have provided to us.

Right to restriction of processing

You have the right to request that we restrict the processing of your personal data under certain circumstances.

Right to erasure

You have the right to have personal data processed by us deleted, provided this is legally permissible. 

Right to object

You can object to the processing of your personal data, for example by contacting us or by not using certain services. If you object to the processing of your personal data for specific purposes, this may mean that the services concerned cannot be used.

Right to complain

If you believe that we are not processing your personal data correctly, you can contact us. You also have the right to lodge a complaint with a supervisory authority. More information about the supervisory authorities in the European Union can be found here. 

All rights can be exercised by emailing the contact email address given at the beginning of this privacy policy.

Changes to this privacy notice

We will update this privacy notice from time to time. All changes will be published on this page with an updated date of change.

Date of publication of the current version: 14th January 2026

This privacy notice was generated and provided by the Metasoul Privacy Policy Generator.