Scope
This policy applies to data about businesses subscribed to Rannah, and to data about the callers and customers who interact with Rannah on behalf of those businesses.
For caller data, Rannah generally acts as a data processor on behalf of the subscribed business. The business remains the controller of that data and decides the purposes of its processing.
Data we collect
We collect the following categories of data:
- Business and account data: business name, contact details, billing details, and service settings.
- Caller phone numbers, which we treat as sensitive personal data.
- Call recordings when recording is enabled in your business settings, and the transcripts and summaries derived from them.
- Booking details and lead information collected during calls to serve your business.
- WhatsApp message data sent through the service, including template content, delivery status, and timing metadata.
- Usage and billing data such as call durations and the minute consumption ledger.
How we use data
We use data for the following purposes:
- Providing the service: answering calls, booking appointments, and sending confirmations and reminders.
- Quality assurance and handling complaints and disputes related to your business calls.
- Metering usage and issuing invoices.
- Improving your business's own Rannah setup specifically, such as tuning responses and booking rules. We do not use your recordings or data to train general-purpose AI models.
- Technical support and troubleshooting.
- Complying with legal and regulatory requirements.
Processors and subprocessors
We use trusted service providers to process data on our behalf within the following categories, and we bind them contractually to protect the data and use it only to deliver the service:
- Voice and AI technology providers for processing voice conversations.
- Telephony providers for connecting calls.
- A WhatsApp Business provider for sending messages and confirmations.
- Cloud hosting and storage providers for running the service and storing data.
- A billing and payments provider for managing subscriptions.
Saudi Personal Data Protection Law (PDPL)
We work to keep our data collection and processing practices aligned with the Saudi Personal Data Protection Law (PDPL) and its implementing regulations, including the principles of data minimization, purpose limitation, and processing security.
Where data must be transferred outside Saudi Arabia to operate the service through our providers, we comply with the applicable regulatory controls on data transfers.
Data retention
We retain data for as long as needed to provide the service and meet legal requirements. Retention periods for each data category, including call recordings, are detailed in the data retention policy.
Security
We apply security controls that include encrypting data in transit, isolating each business's data from others, restricting internal access by role, and storing call recordings in private storage accessible only through signed, time-limited links.
No method of transmission or storage is completely secure, but we review and update our controls on an ongoing basis.
Your rights and contact
Subscribed businesses can access their data, correct it, and request its deletion in line with the data retention policy, through the account dashboard or by contacting us directly.
If you are a caller who interacted with Rannah through a business, that business is the controller of your data. You can direct access, correction, or deletion requests to it directly, and we support the business in fulfilling them.
For any privacy question, you can reach us through the contact channels listed on our website.