What is MCP and do I need to understand it?

MCP (Model Context Protocol) is an open standard that lets AI agents connect to external tools. Think of it as a universal adapter. You don’t need to understand it — just connect Callsy to your AI tool and it works.

Does Callsy work with OpenClaw?

Absolutely. Callsy’s MCP server integrates directly with OpenClaw agents. Add it as a skill and your autonomous agent can create voice personas, initiate calls, and check outcomes — all within the agent loop.

Do I need to be technical to use this?

Not at all. If you can type a sentence, you can use Callsy. Describe your call in plain English.

What does the AI voice sound like?

Natural and conversational — not robotic. You choose from multiple voice profiles and customize tone, pace, and personality to match your brand.

Can the AI handle objections?

Yes. You define the playbook — common objections, discount authority, escalation triggers. The agent follows your rules and can warm-transfer to a human at any point.

Is there a free trial?

Yes — the free tier includes 10 calls with no credit card. All paid plans also come with a 7-day money-back guarantee.

Back to home

Privacy Policy

How Callsy handles personal data across Shopify, API, and MCP integrations.

Last updated · April 20, 2026

1. Overview

Callsy AI OÜ (“Callsy”, “we”, “us”) provides an AI voice-calling platform for merchants. Merchants use Callsy in three ways: as a Shopify app for abandoned cart recovery, via our REST API, or via our Model Context Protocol (MCP) server, which lets AI agents such as Claude, OpenAI, Gemini, and OpenClaw trigger real phone calls, read transcripts, and manage contacts and workflows on behalf of the Merchant.

This policy explains what personal data we collect, how we use it, and what rights individuals have. It applies whenever Callsy is used, regardless of integration.

2. Information we collect

2.1 Merchant data

When a Merchant signs up or integrates Callsy, we collect:

Account and contact information (name, email, company, billing)
Shopify store information, product catalogues, discount codes (where applicable)
Agent configurations, scripts, guardrails, voice selections, and call metadata
API keys and MCP server credentials issued to the Merchant

2.2 End-User data (data subjects of the Merchant)

When Callsy places calls on the Merchant’s behalf, we process the following categories of personal data about the End User (the Merchant’s customer or prospect):

Name and contact details (phone number, email)
Order and cart information (value, items, status)
Lead status and relevant business metadata
Call metadata (duration, timestamps, call status, outcome)
Call recordings and transcripts
Voice inputs during the call (not used for biometric identification)

We do not process special categories of personal data (health, religion, political affiliation, etc.) unless the Merchant has explicitly agreed in writing.

2.3 Data collected via the MCP server

When an AI agent (e.g. Claude, GPT) invokes a Callsy MCP tool on behalf of a Merchant, we log:

The tool name invoked (e.g. make_call, get_call_stats)
The arguments passed by the agent (contact, script context, agent config)
The response returned (call IDs, transcripts, outcomes)
Timestamps and the Merchant API key that authorised the call

These logs are retained for troubleshooting, analytics, and audit. They are scoped to the Merchant that owns the API key and are never shared across Merchant accounts.

3. How we use data

To provide the Services: place, route, transcribe, and log calls; run agent workflows; surface analytics.
To operate the MCP server: authenticate tool calls, return results to the agent, enforce Merchant-configured guardrails.
To improve the Services: aggregate, de-identified analytics only. We do not use Merchant or End-User data to train general foundation models.
To comply with law: respond to lawful requests, maintain tax and accounting records, enforce our terms.

4. Data Processing Agreement

When a Merchant signs up or installs Callsy, they automatically enter into a Data Processing Agreement (DPA) with us. In this arrangement the Merchant is the Controller of End-User personal data and Callsy is the Processor, acting only on the Merchant’s documented instructions. The DPA incorporates Annex 1 (Details of Processing), Annex 2 (Technical and Organisational Measures), and Annex 3 (List of Sub-processors).

5. Third-party sub-processors

Callsy relies on a small number of carefully vetted sub-processors to deliver the Services. The current, authoritative list is maintained in Annex 3, and includes telephony providers (Twilio), audio and AI processors (Bland AI, ElevenLabs, OpenAI, Deepgram) and cloud infrastructure (AWS, EU regions). When an AI agent integrates via MCP, that agent’s own provider (Anthropic, OpenAI, Google, etc.) also processes the prompt and response data; their processing is governed by their own privacy policies, not this one.

6. AI disclosure

Callsy complies with the EU AI Act. Every AI agent configured via the Service must disclose its non-human nature to the End User at the start of the call. Merchants are responsible for not overriding or disabling this disclosure.

7. Security measures

TLS 1.2+ encryption in transit, AES-256 encryption at rest
Multi-factor authentication and role-based access for all production systems
Logical separation of Merchant data in a multi-tenant environment
Automated daily backups and documented disaster-recovery plan
Regular automated vulnerability scanning and incident-response drills
Personal data breach notification within 48 hours to the Merchant

8. Data retention

Personal data is retained only for as long as necessary to provide the Services or as required by law. After Merchant account termination, all Merchant and End-User data is deleted or anonymised within 30 days, unless legal retention obligations apply (e.g. tax records).

9. International transfers

Core data is stored in the European Union (AWS EU regions). Where sub-processors operate outside the EU, transfers are covered by Standard Contractual Clauses and, where applicable, supplementary measures.

10. Your rights

If you are an End User whose data is processed by Callsy on behalf of a Merchant, your first point of contact is that Merchant — they are the Controller. If you need help reaching them, or if you are a Merchant exercising rights over your own account, email support@callsy.ai. We will support requests to access, correct, delete, port, or restrict processing of personal data in line with GDPR.

11. Children

Callsy is not directed to children under 16, and we do not knowingly process data of anyone under 16.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be flagged in-product and/or by email to the Merchant. Continued use of the Services after changes constitutes acceptance.

13. Contact

Callsy AI OÜ — Republic of Estonia. Email support@callsy.ai for any privacy request or question.

Questions? Email support@callsy.ai.