Features Pricing Support Get It on the App Store
Privacy

Privacy Policy

Last updated: April 2026

Merchant Protocol LLC

App Store Privacy Nutrition Labels

When you download Sulla from the App Store, you'll see our privacy nutrition labels. Here's exactly what they mean and why we collect each piece of data.

Data We Collect (Privacy Nutrition Labels)

The following tables map directly to the privacy nutrition labels displayed on the Apple App Store listing for Sulla Mobile.

Data Linked to You

Phone Number Authentication & call forwarding
Name AI greeting personalization
Email Account recovery & notifications
Business Name AI call handling
Business Address Service area configuration

Data Used for App Functionality

Call Recordings & Transcripts AI processes calls in real-time, transcripts stored for your review
Push Notification Tokens Send you call summaries
Device Information App functionality & debugging

Data NOT Collected

We do NOT track your location
We do NOT sell your data to advertisers
We do NOT share your data with third parties for marketing
We do NOT use your call recordings for AI training

1. How We Use Your Data

Sulla ("we", "our", or "us") operates the Sulla mobile application (the "App"). We use the data described above for the following purposes:

  • To provision and operate your AI phone assistant, including answering calls, generating transcripts, and delivering lead summaries.
  • To personalize your AI greeting using your business name and trade information.
  • To send push notifications about incoming calls, lead summaries, and urgent caller alerts.
  • To process and transcribe phone calls using AI voice synthesis and speech-to-text.
  • To provide customer support and troubleshoot technical issues.
  • To improve app functionality and fix bugs (using anonymized, aggregated data only).

2. Third-Party Services

We use the following third-party services to operate the App. Each processes data according to their own privacy policies:

  • Twilio — Telephony services for phone number provisioning, call routing, and SMS delivery.
  • ElevenLabs — AI voice synthesis for your virtual receptionist. Call audio is processed in real-time and not retained by ElevenLabs.
  • Cloudflare — Data storage (Cloudflare D1 database), hosting, and edge computing. All data is encrypted at rest.
  • Apple — Authentication (Sign in with Apple) and payment processing (App Store subscriptions).

3. Data Storage and Security

Your data is stored on Cloudflare infrastructure, including Cloudflare D1 (database) and Cloudflare Workers. All data is encrypted at rest and in transit (TLS 1.3). Call recordings and transcripts are stored securely and associated only with your account. We implement industry-standard security measures, though no method of electronic transmission or storage is 100% secure.

4. Data Retention

  • Call recordings and transcripts are retained for 90 days from the date of the call, then automatically deleted. You may delete them sooner from within the app.
  • Account data (name, email, business info) is retained until you delete your account.
  • Push notification tokens are refreshed automatically and removed when you uninstall the app or revoke notification permissions.

5. Account Deletion

You may request deletion of your account at any time from within the app or by contacting us. When you delete your account:

  • Your account enters a soft-delete state. Your data is retained for 30 days to allow for billing dispute resolution, then permanently deleted.
  • Your provisioned phone number is released back to the carrier.
  • All call recordings, transcripts, and lead data are permanently purged after the 30-day retention period.

6. Children's Privacy

The App is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

7. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to Know: You may request a copy of the personal data we have collected about you.
  • Right to Delete: You may request deletion of your personal data.
  • Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at [email protected]. We will respond within 45 days as required by law.

8. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only with the service providers listed in Section 2, solely to operate the App, and as required by law.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, contact us at:

Merchant Protocol LLC
[email protected]