What is MCP and do I need to understand it?

MCP (Model Context Protocol) is an open standard that lets AI agents connect to external tools. Think of it as a universal adapter. You don’t need to understand it — just connect Callsy to your AI tool and it works.

Does Callsy work with OpenClaw?

Absolutely. Callsy’s MCP server integrates directly with OpenClaw agents. Add it as a skill and your autonomous agent can create voice personas, initiate calls, and check outcomes — all within the agent loop.

Do I need to be technical to use this?

Not at all. If you can type a sentence, you can use Callsy. Describe your call in plain English.

What does the AI voice sound like?

Natural and conversational — not robotic. You choose from multiple voice profiles and customize tone, pace, and personality to match your brand.

Can the AI handle objections?

Yes. You define the playbook — common objections, discount authority, escalation triggers. The agent follows your rules and can warm-transfer to a human at any point.

Is there a free trial?

Yes — the free tier includes 10 calls with no credit card. All paid plans also come with a 7-day money-back guarantee.

Back to home

Annexes to the DPA

Details of Processing, Technical & Organisational Measures, and Sub-processors.

Last updated · April 20, 2026

The following annexes form an integral part of the Data Processing Agreement between Callsy AI OÜ (Processor) and the Merchant (Controller).

Annex 1 — Details of Processing

A. List of parties

1. Controller

Name: Merchant — the party using Callsy via Shopify, API, or MCP
Address: as set out in the Main Agreement or invoice
Contact: as set out in the Merchant’s account
Role: Controller

2. Processor

Name: Callsy AI OÜ
Address: Republic of Estonia — as set out in the Main Agreement
Role: Processor

B. Description of transfer

1. Categories of data subjects

Customers of the Controller
Leads and prospects of the Controller

2. Categories of Personal Data

Name and contact details (phone number, email)
Order and cart information (value, items, status)
Relevant business metadata (lead status)
Call metadata (duration, timestamps, call status)
Call recordings and transcripts
Voice inputs (biometric data not processed for identification purposes)

3. Special categories of data

None. The Controller shall not submit special categories unless explicitly agreed in writing.

4. Nature of processing

Storage, hosting, and transmission of data
Text-to-Speech (TTS) and Speech-to-Text (STT) conversion
AI-driven conversation management and workflow automation
Telephony connection, call routing, and SMS transmission
MCP tool-call routing between the Merchant’s AI agent and Callsy

5. Purposes of data transfer

Providing Callsy Services (automated outbound calling)
Recovering abandoned carts via outbound calls
Customer-support and booking automation
Lead qualification and meeting booking triggered by AI agents via MCP
Analytics, logging, and service improvement

6. Duration of processing

Processing continues for the duration of the Main Agreement
Personal Data is retained only as necessary for service provision or legal requirements

Annex 2 — Technical and Organisational Measures (TOMs)

Processor implements the following measures to ensure an appropriate level of security.

1. Confidentiality

Access control: production servers and customer data are restricted to authorised personnel using unique IDs and Multi-Factor Authentication.
Encryption: data is encrypted in transit using TLS 1.2+ and at rest using AES-256 standards.
Logical separation: customer data is logically separated in a multi-tenant database environment.

2. Integrity

Change management: code changes undergo testing and code review before production deployment.
Input validation: application inputs are validated to prevent SQL injection, XSS, and similar vulnerabilities.

3. Availability and resilience

Cloud infrastructure: the Service is hosted on top-tier cloud providers with high availability and redundancy across multiple zones.
Backups: automated daily database backups enable data restoration.
Disaster recovery: a documented business-continuity strategy is in place for critical-service recovery.

4. Testing and evaluation

Security scans: regular automated vulnerability scanning is performed on infrastructure.
Incident response: a documented incident-response plan governs breach handling and GDPR-compliant notifications.

Annex 3 — List of Sub-processors

Controller authorises the following sub-processors.

Sub-processor	Location	Activity
Amazon Web Services, Inc. (AWS)	EMEA SARL — Frankfurt / Ireland, EU	Cloud infrastructure — application hosting, database, compute. Compliance
Bland AI Inc.	USA	AI telephony — audio processing, STT, TTS. Compliance
Twilio Inc.	USA	Telephony & SMS — PSTN, call routing, numbers, SMS. Compliance
ElevenLabs	USA / EU	Neural TTS voice synthesis for premium voices.
OpenAI	USA	LLM inference for conversational AI components.
Deepgram	USA	Real-time speech-to-text transcription.
UAB Callsy	Lithuania, EU	Technical support & platform development.

When a Merchant’s AI agent invokes Callsy via MCP, the agent’s own provider(e.g. Anthropic, OpenAI, Google) also processes the prompt and response data in its own capacity. Those providers are not Callsy sub-processors; their processing is governed by the Merchant’s agreement with them and their own privacy policies.

Questions? Email support@callsy.ai.