Features Pricing Support Get It on the App Store
Privacy

Privacy Policy

Last updated: April 2026

Merchant Protocol LLC

App Store Privacy Nutrition Labels

When you download Sulla from the App Store, you'll see our privacy nutrition labels. Here's exactly what they mean and why we collect each piece of data.

Data We Collect (Privacy Nutrition Labels)

The following tables map directly to the privacy nutrition labels displayed on the Apple App Store listing for Sulla Mobile.

Data Linked to You

Phone Number Authentication & call forwarding
Name AI greeting personalization
Email Account recovery & notifications
Business Name AI call handling
Business Address Service area configuration

Data Used for App Functionality

Call Recordings & Transcripts AI processes calls in real-time, transcripts stored for your review
Website Content Scraped from your business website so AI can answer caller questions
Caller ID Data Name, city, and state from phone carrier for lead identification
Push Notification Tokens Send you call summaries
Device Information App functionality & debugging

Data NOT Collected

We do NOT track your location
We do NOT sell your data to advertisers
We do NOT share your data with third parties for marketing
We do NOT use your call recordings for AI training

1. How We Use Your Data

Sulla ("we", "our", or "us") operates the Sulla mobile application (the "App"). We use the data described above for the following purposes:

  • To provision and operate your AI phone assistant, including answering calls, generating transcripts, and delivering lead summaries.
  • To personalize your AI greeting using your business name and trade information.
  • To send push notifications about incoming calls, lead summaries, and urgent caller alerts.
  • To process and transcribe phone calls using AI voice synthesis and speech-to-text.
  • To provide customer support and troubleshoot technical issues.
  • To improve app functionality and fix bugs (using anonymized, aggregated data only).

2. Third-Party Services

We use third-party service providers to operate the App. These providers process data on our behalf in the following categories:

  • Telephony provider — Phone number provisioning, call routing, SMS verification, and call recording. Our telephony provider also supplies caller identification (CNAM) data, which may include the caller's name, city, and state as reported by their phone carrier.
  • AI voice provider — Voice synthesis and speech-to-text for your virtual receptionist. Call audio is streamed in real-time for processing and is not retained after the conversation ends.
  • AI language model provider — Used to extract business information from your website during onboarding and to answer caller questions during live calls. Website content and call transcripts may be sent for processing.
  • Cloud infrastructure provider — Data storage, hosting, and edge computing. All data is encrypted at rest.
  • Apple — Authentication (Sign in with Apple), payment processing (App Store subscriptions and in-app purchases), and push notification delivery (Apple Push Notification service). Apple Privacy Policy

3. AI Call Handling & Recording Disclosure

When your AI receptionist answers a call, it identifies itself as an AI assistant — not a real person. Calls may be recorded and transcribed for your review. During calls, the AI may:

  • Access your business profile (hours, services, service area) to answer caller questions.
  • Search your business website content to find specific information the caller is asking about.
  • Collect and save caller information (name, phone number, service needed, address, urgency) as a lead.

Recording consent: Your AI assistant's greeting identifies it as an AI. In jurisdictions requiring two-party consent for call recording (such as California, Florida, Illinois, and others), continued participation in the call after this disclosure constitutes consent. You are responsible for ensuring your AI greeting complies with local recording consent laws in the jurisdictions where you operate.

Caller identification: When a call arrives, we receive caller ID information from the phone carrier via our telephony provider, which may include the caller's registered name, city, and state. This data originates from the caller's phone carrier and is not verified by us.

4. Data Storage and Security

Your data is stored on secure cloud infrastructure. All data is encrypted in transit (TLS 1.3). Data at rest is protected by the encryption mechanisms provided by our cloud infrastructure and device operating system. Call recordings and transcripts are stored securely and associated only with your account. We implement industry-standard security measures, though no method of electronic transmission or storage is 100% secure.

5. Data Retention

  • Call recordings and transcripts are retained for 90 days from the date of the call, then automatically deleted. You may delete them sooner from within the app.
  • Account data (name, email, business info) is retained until you delete your account.
  • Push notification tokens are refreshed automatically and removed when you uninstall the app or revoke notification permissions.

6. Account Deletion

You may request deletion of your account at any time from within the app or by contacting us. When you delete your account:

  • Your account enters a soft-delete state. Your data is retained for 30 days to allow for billing dispute resolution, then permanently deleted.
  • Your provisioned phone number is released back to the carrier.
  • All call recordings, transcripts, and lead data are permanently purged after the 30-day retention period.

7. Children's Privacy

The App is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 13, we will delete it promptly.

8. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information:

  • Identifiers: Name, email address, phone number, Apple ID (if using Sign in with Apple).
  • Commercial Information: Subscription plan, purchase history, credit pack purchases.
  • Internet / Electronic Activity: App usage data, device information, push notification tokens.
  • Audio / Visual Information: Call recordings, call transcripts, AI voice interactions.
  • Professional Information: Business name, trade/industry, business address, service area, business hours, website URL, license number.
  • Geolocation: General location inferred from phone number area code and caller ID data. We do not collect precise GPS location.
  • Inferences: Lead qualification scores, call urgency, caller intent, estimated job value — all derived by AI from call content.

Sources of Information: Directly from you (app registration, profile setup), automatically (app usage, call data), from your business website (during onboarding scan), and from phone carriers (caller ID data).

9. CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA/CPRA) provides you with the following rights:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal data, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Information: You may request that we limit our use of sensitive personal information to what is necessary to provide the service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

How to Exercise Your Rights: You may submit a request through any of these methods:

We will respond to verifiable consumer requests within 45 calendar days. If we need additional time, we will notify you of the extension (up to 90 days total). For opt-out requests, we will process your request within 15 business days.

For more information about your California privacy rights, visit our California Privacy Rights page.

10. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We do not share your personal information for cross-context behavioral advertising. We share data only with the service providers listed in Section 2, solely to operate the App, and as required by law.

In the preceding 12 months, we have disclosed the following categories of personal information to service providers for business purposes: identifiers, commercial information, audio information (call recordings), and professional information.

11. Minors

We do not knowingly sell or share the personal information of consumers under 16 years of age.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or via email. Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, contact us at:

Merchant Protocol LLC
[email protected]