Last updated: May 9, 2026 · EA Creative LLC / bySophia AI · Miami, FL
bySophia AI is a service operated by EA Creative LLC (DBA EA Creative Agency and EA Creative Studio), based in Miami, Florida. We provide AI-powered receptionist solutions for businesses. References to "we," "us," or "our" refer to EA Creative LLC.
Contact (product): [email protected] · Billing & legal: [email protected]
We collect the following information when you submit a form on our website:
Website chat widget. Our website offers an AI-powered chat assistant. If you choose to use it, we collect the messages you type, any contact details you voluntarily provide in the conversation (such as name, email, phone number, or business type), and a transcript of the chat session. This chat data is processed by our voice/chat infrastructure provider (Retell AI) under a data processing agreement and is used to answer your questions and follow up on your inquiry. You are never required to use the chat; you may instead contact us by email or phone. Do not enter sensitive personal information (such as financial account numbers or health information) into the chat.
We use the information you provide to:
By submitting our contact form and checking the consent checkbox, you expressly authorize EA Creative LLC / bySophia AI to contact you using an automated telephone dialing system or artificial intelligence voice technology, even if your number is listed on the National Do Not Call Registry or any state do-not-call list, for the purpose of discussing AI receptionist services.
This authorization complies with the Telephone Consumer Protection Act (TCPA) and the Florida Telephone Solicitation Act (FTSA), which require prior express written consent before making automated calls or texts to Florida residents.
This consent is not a condition of purchase. You may revoke your consent at any time by contacting us at [email protected] or by stating "STOP" during any call.
We maintain records of all consents, including the date, time, IP address, and specific consent language agreed to at the time of submission.
Inbound-only Service. The bySophia AI receptionist Service is operated as inbound-only: it answers calls placed to phone numbers controlled by our Customers and does not initiate outbound calls, telemarketing, or solicitation campaigns. The TCPA / FTSA consent above relates solely to follow-up communications about your demo or quote request submitted through this site.
When you call a phone number serviced by bySophia AI on behalf of one of our Customers, your call may be answered by an artificial intelligence receptionist and may be recorded and transcribed.
Disclosure at the start of each call. Before the conversation continues, the AI receptionist delivers a verbal disclosure that (i) identifies itself as artificial intelligence (FCC AI voice rules) and (ii) notifies you that the call may be recorded, in compliance with Florida Statutes §934.03 (Florida Security of Communications Act) and analogous all-party consent laws of other U.S. states where applicable. By continuing the call after this disclosure, you are deemed to have consented to recording and AI interaction.
What we capture. Audio of the call, an automated transcript, metadata (date, duration, caller phone number where transmitted, language detected), and any structured data the caller provides (name, email, preferred appointment time).
Why we capture it. To deliver the receptionist Service to our Customer (the business you called), to enable scheduling and follow-up, for quality assurance, agent training, and ongoing improvement of the AI models we operate.
How long we keep it. Call recordings and transcripts are retained for up to 12 months from the date of the call, unless a longer retention is required by law, by a pending legal hold, or by an explicit written request from the Customer who owns the line. Aggregated, de-identified usage statistics may be retained longer.
Who has access. EA Creative LLC operations personnel with a legitimate need, the Customer who owns the phone line that received your call, and our sub-processors (Retell AI for voice infrastructure and Twilio for telephony) under data processing agreements. We do not sell call recordings or transcripts.
Your rights. You may request deletion of recordings or transcripts in which you appear by contacting [email protected] with sufficient information to identify the call (approximate date, time, and the phone number you dialed). We will honor verified requests subject to legal retention obligations and pending dispute holds.
This section applies only when our Customer (the business that uses bySophia AI) has connected a third-party calendar account (e.g., Google Calendar) to enable automatic appointment booking. If no calendar is connected, this section does not apply to your interaction.
What is processed. When the AI receptionist books an appointment for you, EA Creative LLC processes: your name as you provided it on the call, the date and time of the appointment, the requested service (if any), your phone number for the appointment record, and your email address if you provided one. This information is written into the Customer's connected calendar as a calendar event.
Where it goes. The appointment data flows from our system to the Customer's calendar provider (e.g., Google) under the Customer's own account. EA Creative LLC does not maintain a separate persistent copy of the appointment beyond the call transcript and the audit log entry described in Section 5; the calendar event itself lives in the Customer's calendar.
Roles. EA Creative LLC acts as a processor on behalf of the Customer for the limited purpose of placing the appointment in their calendar. The Customer is the data controller for that appointment data. This means:
Token security. The Customer's authorization to access their calendar is stored as encrypted refresh tokens in our database (AES-GCM encryption, keys held exclusively by EA Creative LLC and stored separately from the encrypted data). Tokens are decrypted in memory only at the moment of an API call and are never logged in plaintext. If a Customer disconnects their calendar from the bySophia AI dashboard, our access is revoked immediately and the encrypted tokens are marked inactive.
Calendar data we do NOT use. The Service reads only free/busy availability windows and the events the Service itself created on behalf of the Customer. The Service does not scan, mine, or index the Customer's other personal calendar events for any analytics, advertising, or AI training purpose.
We do not sell your personal information. We may share your information with:
We retain your information for as long as necessary to provide services and comply with legal obligations, including consent records which are retained for a minimum of 5 years in accordance with TCPA compliance best practices.
Depending on your location, you may have the right to:
To exercise any of these rights, contact us at [email protected].
We use a small number of cookies and similar technologies on sophiavoiceai.com and dashboard.sophiavoiceai.com. We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking. We do not currently load Google Analytics or any analytics provider on the public marketing site.
Cookie consent banner. When you first visit our website, you will see a cookie consent banner with three options of equal prominence: Accept all, Reject all, and Customize. Your choice is stored in your browser and respected on subsequent visits. You can change your choice at any time using the Cookie preferences link in our footer. We automatically honor the Global Privacy Control (GPC) browser signal — if your browser sends GPC, we treat it as a valid opt-out and skip the banner.
What we actually store in your browser:
| Name | Type | Category | Purpose | Retention |
|---|---|---|---|---|
theme-preference / sophia-theme |
localStorage | Strictly necessary (functional) | Remembers your light/dark theme choice. | Until you clear it |
sophia-lang |
localStorage | Strictly necessary (functional) | Remembers your language (EN/ES). | Until you clear it |
bysophia-cookie-consent-v1 |
localStorage | Strictly necessary | Records your consent choices for the cookie banner so we don't ask again on every visit. | Until you clear it or our schema changes |
pwa-install-dismissed / pwa-install-accepted |
localStorage | Strictly necessary (functional) | Prevents the "Install BYSOPHIA AI app" banner from re-appearing after you dismiss it. | 14 days (dismiss) / persistent (accepted) |
sophia_splash_shown |
sessionStorage | Strictly necessary (functional) | Stops the dashboard splash screen from replaying mid-session. | Tab session only |
Clerk session cookies (__session, __client) |
First-party cookie (HttpOnly, Secure, SameSite=Lax) | Strictly necessary (authentication) | Keeps you signed in to dashboard.sophiavoiceai.com. Set by our authentication provider Clerk. | 7 days (rolling) |
Cloudflare cookies (cf_clearance, __cf_bm) |
Third-party cookie (HttpOnly) | Strictly necessary (security / bot mitigation) | Prevents abuse and DDoS. Set by Cloudflare, our hosting/CDN provider. | 30 minutes (__cf_bm) / 30 days (cf_clearance) |
| Analytics (placeholder — not currently loaded) | localStorage / cookie | Analytics | If we add Google Analytics 4 or similar in the future, it will only load when you click "Accept all" or enable "Analytics" in our consent modal. | N/A today |
| Embedded third-party services | Cookies set by the embed | Strictly necessary (transactional) | When you book a demo we use Cal.com; when you subscribe we use Stripe Checkout; for fonts we use Google Fonts. These third parties may set their own cookies governed by their own privacy policies. | See each provider |
Your choices. You can (a) use the cookie banner on first visit, (b) reopen the modal anytime via the "Cookie preferences" link in the footer, or (c) clear cookies and local storage through your browser settings. Most browsers also offer a "Do Not Track" or "Global Privacy Control (GPC)" signal — we honor GPC automatically as a valid opt-out under California law (CCPA §1798.135(b)). Blocking strictly necessary storage may break parts of the site (sign-in, theme, language, demo booking).
California residents (CCPA / CPRA). We do not sell personal information and do not share personal information for cross-context behavioral advertising. Because we do not "sell" or "share" personal information as defined by California law, no "Do Not Sell or Share My Personal Information" link is required at this time. If we change this in the future, we will add the link prominently. You may still exercise the rights described in Section 8 by contacting us.
EU/UK residents (GDPR / ePrivacy). Our cookie banner is designed to comply with GDPR Article 7 (informed, freely given, granular, withdrawable consent) and the ePrivacy Directive. "Reject all" and "Accept all" appear with equal prominence, and you can always change your mind via the footer link.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our website and dashboard are hosted on Cloudflare with TLS 1.3 encryption end-to-end. OAuth refresh tokens stored on our behalf are encrypted at rest with AES-GCM. Sensitive contact identifiers (e.g., phone numbers) used for deletion lookups are stored as HMAC-SHA256 hashes so the raw value cannot be reversed from our database.
If we send you marketing emails, each email will include a clear way to opt out (unsubscribe). We comply with the CAN-SPAM Act, which means:
To unsubscribe from emails at any time, click "Unsubscribe" in any email or contact [email protected].
Our website may use third-party services including Google Fonts and YouTube embeds. These services have their own privacy policies. We encourage you to review them.
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.
For any privacy-related questions or requests:
This Privacy Policy was prepared for informational purposes. EA Creative LLC recommends consulting with a qualified attorney to ensure full compliance with applicable laws including the TCPA, Florida Telephone Solicitation Act, and any other regulations applicable to your business.