GDPR
Our Commitment
SwiftCall is fully compliant with the General Data Protection Regulation (GDPR) and Romanian Law 190/2018. We process personal data lawfully, transparently, and for specified purposes only.
Data Protection Officer
Email: dpo@swiftcall.ro
Response time: 30 days for formal requests
Authority: ANSPDCP (dataprotection.ro)
Your Rights Under GDPR
- Access: Request a copy of all data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restrict Processing: Limit how we use your data
- Data Portability: Export your data in machine-readable format
- Object: Object to processing based on legitimate interest
- Automated Decisions: Request human review of AI-only decisions
- Complain: File a complaint with ANSPDCP at no cost
Data Processing
SwiftCall acts as a data processor on behalf of our clients (data controllers). A Data Processing Agreement (DPA) is available for all customers upon request, in compliance with GDPR Article 28.
Sub-Processors
| Provider | Purpose | Location |
|---|---|---|
| AWS | Cloud infrastructure | Frankfurt, EU |
| OpenAI | AI model (GPT-4) | EU via SCCs |
| Anthropic | AI model (Claude) | EU via SCCs |
| Stripe | Payment processing | EU DPF certified |
| Twilio | SMS, Voice, WhatsApp | EU via SCCs |
| LiveKit | Real-time voice | EU via SCCs |
Data Retention
- Conversations & recordings: 90 days (configurable)
- Account data: until account deletion + 30 days
- Payment records: 7 years (EU financial regulations)
Data Breach Notification
In the event of a personal data breach, SwiftCall notifies ANSPDCP within 72 hours and affected individuals without undue delay if the breach poses a high risk to their rights.
EU AI Act Compliance
SwiftCall complies with EU AI Act Article 50: all AI agents clearly disclose they are artificial intelligence. We do not use emotion recognition, social scoring, or biometric identification systems.