Privacy Policy

Your drawing PDFs are sent to Anthropic's AI for analysis and are not stored on Callout's servers. Anthropic does not use API inputs to train their models. Your review results, account data, firm standards, and jurisdiction amendment text are stored in an encrypted database. Payments are handled by Stripe. We do not sell or share your data with third parties.

1. What We Collect

When you create an account, we collect your email address and a hashed password. When you run a review, we store your review results (comments, severity ratings, PE decisions), project metadata (project name, discipline, depth selection, file name, sheet count), and credit transaction history. We do not store your uploaded PDF drawing files. If you upload a jurisdiction amendment PDF, we extract the text content and store it in our database so it can be used in future reviews. The original amendment PDF file is not retained.

2. How Your Drawings Are Processed

When you upload a PDF and run a review, the drawing is temporarily uploaded to secure storage, sent to Anthropic's AI for analysis, and then deleted. Once the analysis is complete, the uploaded files are removed from temporary storage. Your PDF files are never retained after the review completes and are not stored in a database. Jurisdiction amendment PDFs are handled differently: their text content is extracted and stored in the database so it can be reused across reviews. The original PDF file is discarded after extraction. You can delete any stored amendment at any time from the Standards tab.

3. Anthropic's Data Practices

Callout uses Anthropic's commercial API, which has a zero-retention data policy. Anthropic does not store API inputs or outputs, and does not use data sent through the API to train or improve their models. For details, see Anthropic's API Data Usage Policy at anthropic.com/policies.

4. Data Storage and Hosting

Your account data and review results are stored in a managed database hosted in the United States. All data is encrypted at rest and in transit. All connections use HTTPS/TLS encryption.

5. Payment Processing

All payments are processed by Stripe. Callout never sees, stores, or has access to your full credit card number. Stripe handles all payment data in compliance with PCI DSS Level 1, the highest level of payment security certification.

6. Authentication and Access

Passwords are hashed and never stored in plain text. Session tokens are short-lived. Shared report links use cryptographically random tokens and provide read-only access only. No account credentials are required to view a shared report.

7. Third-Party Services

Callout uses third-party services to operate, including Anthropic (AI), Stripe (payments), and infrastructure providers for hosting and data storage. Each maintains its own privacy policy and security practices. We do not share your data with any other third parties, and we do not sell your data under any circumstances. For a full list of service providers, see our Security page.

8. Cookies and Tracking

Callout uses a session token stored in your browser to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics. We do not serve ads.

9. Data Retention

Your review history and account data are retained for as long as your account is active. You can delete individual reviews from the History tab at any time. Jurisdiction amendments can be deleted from the Standards tab at any time. Shared report links can be revoked at any time, which permanently removes public access to that report. If you wish to delete your entire account and all associated data, contact hello@callout.app.

10. Your Rights

You have the right to: access all data associated with your account, export your review results to CSV or Excel at any time, delete individual reviews or your entire review history, revoke shared report links, and request full account deletion. To exercise any of these rights, use the in-app controls or contact hello@callout.app.

11. Confidentiality of Drawings

We understand that construction drawings are often confidential, proprietary, and may be subject to NDAs between project stakeholders. Callout is designed with this in mind. Your drawings are temporarily uploaded for processing and deleted immediately after analysis. We have no mechanism to view, browse, or access your uploaded drawings after a review completes. No Callout employee can see your drawings.

12. Security Practices

All data in transit and at rest is encrypted. Secrets are stored securely and never committed to source code. Dependencies are regularly updated to patch known vulnerabilities. For full details on our security practices, see callout.app/security. If you discover a security issue, please report it to hello@callout.app.

13. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify users via email. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact

Questions about privacy or security? Contact Callout Software LLC at hello@callout.app.