Privacy Policy
01Who We Are
Asvelo is a done-for-you AI speed-to-lead system operated by Emilio Blanco ("Asvelo," "we," "us," or "our"). We provide AI-powered voice call, email, and SMS automation services to online coaches, consultants, course creators, and agencies ("Clients") who run paid advertising campaigns and collect leads via digital forms.
Our system receives lead contact information from our Clients' advertising campaigns and web forms, initiates outbound AI voice calls on behalf of those Clients, and sends follow-up communications to help book sales calls. In this process, we act as a data processor on behalf of our Clients (the data controllers) with respect to the personal information of their end-user leads ("Leads").
This Privacy Policy explains what information we and our Clients collect, how it is used, who it is shared with, and what rights individuals have over their data.
02Information We Collect
2.1 Information Provided Directly by Leads
When a Lead submits a form (including a Meta lead ad form, website form, quiz, or diagnostic) associated with one of our Clients, we may receive the following categories of personal information:
- Identity data: First name, last name
- Contact data: Phone number, email address
- Consent records: TCPA/SMS consent status, timestamp of consent, and the specific consent language presented at the time of form submission
- Diagnostic or qualification data: Answers to quiz questions, survey responses, business information, budget indicators, or other pre-qualification data submitted voluntarily
2.2 Information Generated Through Our Service
When we initiate and conduct AI voice calls or send follow-up communications on behalf of our Clients, we generate and process the following:
- Call recordings: Audio recordings of outbound AI voice calls. Calls are disclosed as recorded at the outset of every call.
- Call transcripts: Text transcriptions of call audio, generated automatically by our voice AI provider (Vapi).
- AI-generated call summaries: Automated summaries of call outcomes, key points, and qualification results, generated by large language models.
- Call metadata: Call duration, timestamps, phone numbers, call status (answered, voicemail, no answer), and call outcome.
- Booking data: Calendar appointment details, confirmation status, and show/no-show outcomes.
- SMS and email engagement data: Delivery status, open rates, click-through data, and opt-out/unsubscribe actions.
2.3 Information Collected Automatically
When Leads or visitors interact with our Clients' pages connected to Asvelo's system, we may automatically collect:
- UTM parameters and ad attribution data: Campaign source, medium, campaign name, term, and content identifiers passed via URL parameters from paid ad platforms.
- Device and browser information: IP address, browser type, operating system, and referring URL, collected via our analytics platform (PostHog).
- Session and behavioral data: Page views, button clicks, form interactions, and time-on-page, collected via PostHog for system performance and funnel analytics.
03AI Voice Calls & Call Recordings
Important Disclosure: Asvelo uses artificial intelligence (AI) to conduct outbound voice calls on behalf of our Clients. Every call placed by our system uses an AI-generated voice. At the start of every call, Leads are notified that they are speaking with an AI and that the call may be recorded.
3.1 AI-Generated Voice Disclosure
Pursuant to the Federal Communications Commission's (FCC) February 2024 Declaratory Ruling (FCC 24-17), calls made using AI-generated or artificially synthesized voices are classified as calls using an "artificial or prerecorded voice" under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227. These calls require prior express written consent from the recipient before being placed for telemarketing or promotional purposes.
Every outbound call placed by Asvelo's system:
- Discloses at the start of the call that the caller is an AI voice agent
- Identifies the business on whose behalf the call is being made
- Is initiated only after the Lead has provided prior express written consent via a form submission that included a TCPA-compliant consent disclosure
- Provides an in-call opt-out mechanism — Leads may say "stop," "remove me," or "do not call" at any time to be placed on a do-not-contact list
3.2 Call Recording Consent
All calls placed by Asvelo's system are recorded. Recording is disclosed verbally at the beginning of each call before any substantive conversation begins, in compliance with federal law and the all-party consent requirements of applicable state laws including California (California Invasion of Privacy Act, Penal Code § 632), Florida (Fla. Stat. § 934.03), Illinois (720 ILCS 5/14-2), Pennsylvania (18 Pa. C.S. § 5703), and Washington (RCW 9.73.030).
By remaining on the call after the recording disclosure, the Lead provides implied consent to the recording in jurisdictions that accept implied consent, and explicit verbal consent in two-party consent states through their continued participation.
Call recordings and transcripts are stored securely and used solely for service delivery, quality assurance, compliance documentation, and to enable our Clients to review call outcomes.
3.3 No Voicemail Recordings Without Consent
Our system may leave pre-recorded voicemails. All voicemail messages comply with TCPA requirements and identify the calling entity, the purpose of the call, and a callback number, as required by 47 C.F.R. § 64.1200(b).
04How We Use Your Information
We use the information described in Section 2 for the following purposes:
| Purpose | Legal Basis / Authority |
|---|---|
| Initiating outbound AI voice calls to qualify Leads and book sales appointments | Prior express written consent (TCPA); Client contractual obligation |
| Sending SMS follow-up messages for nurture sequences and appointment reminders | Prior express written consent (TCPA/CTIA); explicit opt-in |
| Sending email sequences for lead nurture, booking reminders, and pre-call preparation | CAN-SPAM Act compliance; prior consent via form submission |
| Generating and storing call transcripts and summaries for Client review and quality assurance | Legitimate business purpose; disclosed at call initiation |
| Scheduling and managing calendar appointments via Cal.com | Service delivery; Lead-initiated booking |
| Tracking KPIs such as speed to contact, booked call rate, and show rate for Client reporting | Legitimate business interest; system performance analytics |
| Attribution analysis via UTM parameters to understand which ad campaigns produce qualified leads | Legitimate business interest; Client reporting |
| Compliance and legal obligations including maintaining consent records, call logs, and opt-out histories | Legal obligation (TCPA, FCC regulations) |
| Fraud prevention and system security | Legitimate business interest |
We do not sell personal information to third parties. We do not use Lead data to train AI models beyond what is strictly necessary for service delivery. We do not use Lead data for cross-Client advertising or data brokering purposes.
05TCPA, SMS & Call Consent
5.1 Federal TCPA Requirements
The Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, regulates the use of automated telephone equipment, prerecorded messages, and artificial voices in outbound communications. Under TCPA and the FCC's implementing regulations at 47 C.F.R. § 64.1200, calls placed using AI-generated voice technology require:
- Prior express written consent for telemarketing or promotional calls
- Consent that clearly and conspicuously discloses that the signer agrees to receive calls using an automatic telephone dialing system or an artificial or prerecorded voice
- Consent that is not a condition of purchase of any goods or services
- A signature (electronic or written) from the consumer
5.2 How We Obtain and Document Consent
Consent is obtained at the point of Lead form submission. Every form associated with Asvelo's system includes TCPA-compliant disclosure language that informs the Lead that by submitting the form, they consent to be contacted by the applicable business via AI-powered voice calls, SMS messages, and email. The disclosure specifies that AI-generated voice technology may be used and that message and data rates may apply.
We record and store the following for every consent event:
- Timestamp of consent (UTC)
- The exact consent language displayed at time of submission
- IP address of the submitting device (where available)
- Source of the form submission (ad platform, form URL, UTM parameters)
5.3 SMS Messaging (A2P 10DLC)
All SMS messages sent through Asvelo's system are transmitted via Telnyx over registered Application-to-Person (A2P) 10-digit long code (10DLC) phone numbers, registered with The Campaign Registry (TCR) in compliance with CTIA Messaging Principles and Best Practices and carrier requirements effective February 2025.
Our SMS campaigns comply with the following requirements:
- Leads must have explicitly opted in to SMS before receiving any text message
- Every SMS campaign includes opt-out instructions (reply STOP to unsubscribe)
- Opt-out requests via STOP, UNSUBSCRIBE, CANCEL, END, or QUIT are honored immediately, no later than the next message cycle
- SMS opt-in data and consent status are never sold, rented, or shared with third parties for any marketing purpose unrelated to the service for which consent was granted
- Message and data rates may apply, and this is disclosed at opt-in
10DLC Compliance Notice: SMS originator opt-in data and consent information collected through Asvelo's system will not be shared with any third parties for advertising, marketing, or data brokerage purposes.
5.4 Do-Not-Call Compliance
We maintain internal do-not-call lists and honor National Do-Not-Call Registry requests. If a Lead is on the National DNC Registry and has not provided prior express written consent as described above, no marketing calls will be placed to that number. Our system processes revocation requests as soon as practicable and no later than 10 business days from receipt, consistent with FCC regulations effective April 11, 2025 (47 C.F.R. § 64.1200(d)(3)).
5.5 Calling Hours
Outbound calls and SMS messages are placed only between 8:00 AM and 9:00 PM in the Lead's local time zone, as required by 47 C.F.R. § 64.1200(c)(1).
06Email Marketing (CAN-SPAM Act)
All commercial email sent through Asvelo's system on behalf of our Clients complies with the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), 15 U.S.C. § 7701 et seq. Our email practices include:
- Accurate sender identification: All emails accurately identify the sending entity in the "From," "To," and "Reply-To" fields. Routing information is never falsified or misleading.
- Honest subject lines: Subject lines are not deceptive or misleading about the content of the email.
- Clear commercial identification: Promotional emails are clearly identified as commercial communications.
- Physical mailing address: Every commercial email includes a valid physical postal address for the sending entity.
- Unsubscribe mechanism: Every marketing email includes a clear, functioning, one-click unsubscribe link. Unsubscribe requests are processed within 10 business days of receipt.
- No post-unsubscribe marketing: Once a Lead unsubscribes, they will not receive further marketing emails. Transactional communications (e.g., appointment confirmations, direct replies to inquiries) may still be sent as permitted by law.
Email delivery is handled by Resend (resend.com). Resend processes email send events and engagement data (opens, clicks, bounces, unsubscribes) on our behalf as a data processor under contract.
07Third-Party Data Processors
We engage the following third-party service providers to deliver our system. Each acts as a data processor under contract with Asvelo and is prohibited from using data for purposes outside of providing services to us:
| Provider | Role | Data Processed | Privacy Information |
|---|---|---|---|
| Vapi (vapi.ai) | AI voice agent infrastructure | Phone numbers, call audio, transcripts, call metadata, AI summaries | vapi.ai/privacy |
| Telnyx (telnyx.com) | Outbound phone calls & SMS delivery (carrier) | Phone numbers, call metadata, SMS message content and delivery status | telnyx.com/privacy-policy |
| n8n Cloud (n8n.io) | Workflow automation & orchestration | Lead data in transit (name, email, phone), workflow execution logs | n8n.io/legal/privacy |
| Cal.com (cal.com) | Calendar booking & appointment scheduling | Name, email, phone number, appointment time and details | cal.com/privacy |
| Resend (resend.com) | Transactional & marketing email delivery | Email address, name, email content, delivery and engagement events | resend.com/privacy |
| PostHog (posthog.com) | Product analytics & funnel tracking | Session data, page events, UTM parameters, anonymized behavioral data | posthog.com/privacy |
| Meta Platforms (meta.com) | Lead form data source (Facebook/Instagram Ads) | Lead contact data submitted via Meta Lead Ads | facebook.com/privacy |
We do not authorize any of these providers to sell Lead data, use it for their own advertising purposes, or share it with parties outside of what is necessary to fulfill their service obligations to us.
All API keys and credentials used to communicate with third-party services are stored using encrypted credential management and are never exposed in plain text in our system configuration or exports.
08Meta Lead Form Data
When our Clients use Facebook or Instagram Lead Ads to capture leads, lead contact data is transmitted to our system via Meta's Lead Ads API and webhook infrastructure. This transmission is governed by Meta's Lead Ads Terms of Service, which we and our Clients agree to and operate under.
Our use of Meta Lead Ads data complies with the following restrictions:
- No resale: Lead Generation Data received from Meta is never sold under any circumstances, as prohibited by Meta's Lead Ads Terms.
- Purpose limitation: Lead data is used solely to contact and qualify the Lead for the specific offer described in the ad and form at the time of submission, and to book a sales call with the applicable Client.
- No unauthorized augmentation: We do not combine Meta lead data with data from third-party data brokers or other advertisers' data sets.
- Third-party obligations: Any sub-processor receiving Meta lead data (e.g., Vapi, Telnyx) is contractually required to use the data only for the specific service purpose and in accordance with Meta's terms and applicable law.
- Meta HMAC Verification: All webhook payloads received from Meta's Lead Ads are verified using HMAC-SHA256 signature validation (X-Hub-Signature-256) before processing, to ensure authenticity and prevent injection of fraudulent data.
09Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, satisfy legal obligations, resolve disputes, and enforce our agreements. The following retention schedules apply by default:
| Data Category | Retention Period | Reason |
|---|---|---|
| Call recordings (audio) | 90 days from call date | Quality assurance; Client review; dispute resolution |
| Call transcripts | 12 months from call date | Compliance documentation; Lead qualification records |
| AI-generated call summaries | 12 months from call date | Client CRM records; pipeline management |
| TCPA consent records | 4 years from consent date | TCPA statute of limitations compliance (28 U.S.C. § 1658) |
| Lead contact data (name, email, phone) | 24 months from last contact or booking event, or until deletion requested | Service delivery; re-engagement eligibility; Client CRM |
| Email engagement data | 24 months from last event | Campaign performance; list hygiene |
| SMS delivery records | 24 months | TCPA compliance; carrier dispute resolution |
| Opt-out and do-not-contact records | Indefinitely | Legal obligation to honor opt-outs permanently |
| Booking and appointment data | 24 months | Client reporting; show rate KPI tracking |
| Analytics and session data (PostHog) | 12 months (rolling) | Funnel analytics; system performance |
At the end of each retention period, data is either deleted or permanently anonymized so that it can no longer be associated with an individual. Do-not-contact and opt-out records are retained indefinitely to ensure that opted-out individuals are never re-added to active contact lists.
Clients may request earlier deletion of their Leads' data at any time by contacting us at contact@asvelo.com. Individual Leads may exercise their deletion rights as described in Sections 10 and 11 below.
10Your Rights & Choices
Depending on your location and applicable law, you may have the following rights with respect to your personal information held by Asvelo:
Right to Know / Access
You may request a copy of the personal information we hold about you, including what categories of data we have collected, the sources of that data, the purposes for which it was collected, and any third parties to whom it has been disclosed.
Right to Deletion
You may request that we delete the personal information we hold about you. Deletion requests are subject to certain exceptions, including data we are required to retain for legal compliance (such as TCPA consent records and opt-out records).
Right to Correction
You may request that we correct inaccurate personal information we hold about you.
Right to Opt Out of Sale or Sharing
We do not sell personal information. We do not share personal information for cross-context behavioral advertising purposes. No opt-out is required for these activities because we do not engage in them.
Right to Opt Out of Communications
You have the right to opt out of AI voice calls, SMS messages, and marketing emails at any time. See Section 11 for detailed opt-out instructions.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your privacy rights. Exercising these rights will not affect your ability to receive services from the business whose lead form you submitted, except to the extent that opting out of communications makes it impossible to deliver services that depend on those communications.
How to Submit a Request
To exercise any of the rights listed above, contact us by email at contact@asvelo.com with the subject line "Privacy Rights Request." We will respond within 45 days (or within the shorter period required by applicable law, such as 10 business days for California residents' opt-out requests). We may need to verify your identity before processing your request by confirming the email address and phone number associated with your submission.
11How to Opt Out
You may opt out of any or all communications at any time. Opting out of one channel does not automatically opt you out of others. Use the channel-specific instructions below.
Opt Out of AI Voice Calls
To stop receiving AI voice calls, you may:
- Say "stop calling me," "do not call," "remove me," or any similar phrase during an active call — our system will flag your number for immediate do-not-call status
- Email contact@asvelo.com with your phone number and the request "Do Not Call"
- Reply STOP to any SMS message — this will suppress both SMS and outbound call attempts
Opt-out requests will be honored no later than 10 business days from receipt, consistent with FCC regulations (47 C.F.R. § 64.1200(d)(3)). Your number will be added to our do-not-call list and will not be called again absent a new, separate written consent event.
Opt Out of SMS Messages
To stop receiving SMS messages, reply to any text message with the word STOP. You may also text UNSUBSCRIBE, CANCEL, END, or QUIT. Your opt-out will be confirmed by a final message and no further SMS messages will be sent. Alternatively, email contact@asvelo.com with your phone number and the request to opt out of SMS.
Opt Out of Marketing Emails
To stop receiving marketing emails, click the Unsubscribe link at the bottom of any marketing email. Unsubscribe requests are processed within 10 business days. You may also email contact@asvelo.com with your email address and the request to unsubscribe.
Note: Unsubscribing from marketing email will not prevent transactional emails such as appointment confirmations or direct responses to inquiries you initiate.
National Do-Not-Call Registry
You may register your phone number with the Federal Trade Commission's National Do-Not-Call Registry at donotcall.gov. Asvelo honors DNC Registry registrations, except where a Lead has provided prior express written consent that supersedes DNC obligations under TCPA.
12California Privacy Rights (CCPA / CPRA)
California residents are entitled to additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), Cal. Civ. Code § 1798.100 et seq.
12.1 Categories of Personal Information Collected
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers: Name, email address, phone number, IP address
- Commercial information: Information about services inquired about (high-ticket coaching, consulting offers)
- Internet or other electronic network activity: Session data, UTM parameters, page interactions collected via PostHog
- Audio, electronic, or similar information: Call recordings and transcripts
- Inferences drawn from the above: AI-generated call summaries and lead qualification scores
- Sensitive personal information: We do not intentionally collect sensitive personal information as defined by CPRA (e.g., Social Security numbers, financial account information, health data, precise geolocation). If any such information is volunteered by a Lead during a call, it is not retained in any structured form.
12.2 Your California Rights
California residents have the right to:
- Know what personal information we have collected, used, disclosed, and sold (we do not sell)
- Delete personal information we have collected, subject to exceptions
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information (we do not sell or share for advertising)
- Limit the use of sensitive personal information
- Non-discrimination for exercising these rights
12.3 No Sale of Personal Information
We do not sell personal information as defined under the CCPA. We do not share personal information with third parties for cross-context behavioral advertising. There is no "Do Not Sell or Share My Personal Information" opt-out required because we do not engage in these activities.
12.4 Automated Decision-Making Disclosure
Asvelo uses automated decision-making technology, including AI voice agents and AI-generated call summaries, to evaluate whether a Lead qualifies for a Client's sales call. These automated processes do not make final decisions about providing or denying services — they facilitate booking, and Clients make final commercial decisions. California residents may request information about automated decision-making processes that significantly affect them by contacting us at contact@asvelo.com.
12.5 Submitting California Requests
To submit a CCPA rights request, contact us at contact@asvelo.com with the subject line "California Privacy Request." We will respond within 45 days of receipt (extendable by an additional 45 days with notice). We will not charge a fee for your first request in any 12-month period. We will need to verify your identity, typically by confirming the email address and phone number you submitted.
California residents may also designate an authorized agent to make requests on their behalf. Authorized agents must provide written authorization or a power of attorney, and we may verify the agent's identity and the consumer's identity independently.
13International Visitors (GDPR Notice)
Asvelo's services are designed for and directed exclusively at businesses and consumers located in the United States. We do not knowingly solicit, collect, or process personal data from individuals located in the European Union (EU), European Economic Area (EEA), or United Kingdom (UK).
If you are located in the EU, EEA, or UK and your personal data has been received by our system (e.g., through a US-based Client's advertising campaign that inadvertently captured a European lead), you may be entitled to rights under the General Data Protection Regulation (GDPR) or the UK GDPR. These rights include access, rectification, erasure, restriction, portability, and the right to object to processing.
To exercise these rights or to report that your data has been collected in error, please contact us at contact@asvelo.com. We will respond within 30 days and will delete any data belonging to EU/EEA/UK residents that was collected without a valid legal basis under GDPR.
Our legal basis for processing under GDPR, where applicable, would be legitimate interests (service delivery on behalf of the data controller) or consent (where the individual provided explicit opt-in). We do not rely on these bases intentionally for EU data collection, as our system is not directed at EU residents.
14Data Security
We implement technical and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security practices include:
- Encryption in transit: All data transmitted between our systems and third-party providers uses TLS 1.2 or higher
- Encryption at rest: Call recordings and sensitive data stored by our service providers are encrypted at rest using AES-256 or equivalent standards
- Credential management: All API keys and access credentials are stored in encrypted credential vaults — never in plain text in workflow configurations, exports, or backups
- Webhook authentication: All inbound webhook payloads from Meta are verified using HMAC-SHA256 signature validation; Vapi callback webhooks are authenticated using shared secret verification
- Access controls: System access is limited to personnel who need access to fulfill their role, with multi-factor authentication enforced on all administrative accounts
- Audit logging: System access events and workflow executions are logged for security and compliance review
Despite these measures, no data transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify affected individuals and applicable regulatory authorities as required by law.
15Children's Privacy
Asvelo's services are intended exclusively for adults (18 years of age or older) who are potential clients of businesses offering high-ticket coaching, consulting, and related services. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal information from a child under 18, we will delete that information promptly.
If you believe a minor's information has been submitted to our system, please contact us immediately at contact@asvelo.com.
16Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory guidance. When we make material changes, we will update the "Effective Date" at the top of this policy and post the revised policy at asvelo.com/privacy.
For material changes affecting how we use personal information that was previously collected, we will provide notice by email (to the address on file for applicable Clients) or through other reasonable means before the changes take effect.
Your continued use of our services, or the continued participation of your Leads in our system following a policy update, constitutes acceptance of the updated policy. We encourage you to review this policy periodically.
This Privacy Policy supersedes all prior versions. Previous versions are available upon request by emailing contact@asvelo.com.
17Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal information, please contact us:
Asvelo Privacy Contact
Operator: Emilio Blanco, operating as Asvelo
Email: contact@asvelo.com
Website: asvelo.com
Subject line for privacy requests: "Privacy Rights Request" or "California Privacy Request"
Response time: We aim to respond to all privacy inquiries within 10 business days and all formal rights requests within 45 days (or the shorter period required by applicable law).
If you are a California resident and believe we have not adequately responded to your CCPA rights request, you may file a complaint with the California Privacy Protection Agency (CPPA) at cppa.ca.gov or with the California Attorney General at oag.ca.gov.
If you are located in the EU or EEA and believe your GDPR rights have not been respected, you may lodge a complaint with your local data protection authority.