Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account information: business name, owner name, email address, phone number, and physical address.
• Payment information: billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
• Business configuration: service areas, operating hours, service types, pricing details, and custom greeting scripts you provide to configure your AI receptionist.

1.2 Information Collected Automatically

• Call data: inbound and outbound call recordings, call transcripts, caller phone numbers, call duration, and call outcomes.
• Caller information: phone numbers, names (when provided by the caller), and any information callers share during conversations with our AI receptionist.
• Booking data: appointment details, customer names, service requests, and scheduling information created through the Service.
• Usage analytics: pages visited, features used, session duration, browser type, device type, and IP address.
• SMS data: text message content, recipient phone numbers, and delivery status for messages sent through the Service.

1.3 Information from Third-Party Sources

We may collect publicly available information from third-party platforms, including social media sites (such as Reddit, X, Facebook, and Quora), to identify potential leads for your business through our Lead Radar feature. This information may include usernames, post content, and publicly displayed contact information. We also collect business listing data from Google Business Profile to provide reputation management services. This data is collected and processed solely to provide the Service to you and is not used for unrelated purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including answering calls, booking appointments, and sending follow-up messages on your behalf.
• Process call recordings and transcripts using AI to generate summaries, extract action items, and improve call handling.
• Analyze call patterns and business metrics to provide you with dashboards, reports, and actionable insights.
• Process payments and manage your subscription.
• Send transactional communications such as account notifications, billing receipts, and service alerts.
• Detect, prevent, and address technical issues, fraud, and security incidents.
• Improve and develop new features based on aggregate usage patterns.

We do not sell your personal data to third parties. We do not use your data for advertising or marketing purposes unrelated to the Service.

3. Third-Party Services

We use the following third-party service providers to operate the Service. Each provider receives only the minimum data necessary to perform its function:

• Retell AI — voice AI platform that handles speech-to-text, text-to-speech, real-time conversation, call recording, transcription, and post-call analysis for the AI receptionist (lead scoring, intent classification, sentiment, follow-up recommendations).
• Twilio — SMS messaging delivery (text auto-replies, owner alerts, customer notifications). Voice calls are handled by Retell AI, not Twilio.
• Anthropic (Claude) — large language model used for non-voice analysis features: SMS auto-reply conversations, daily business briefings, lead source enrichment, automated review responses, Google Business Profile content generation, and the in-dashboard AI assistant. Anthropic is not used for voice calls.
• OpenAI — AI models used for call analysis, response generation, and post-call data extraction. Call transcripts and conversation data may be processed by OpenAI's API.
• Supabase — database hosting and authentication services (PostgreSQL).
• Stripe — payment processing and subscription management.
• Cloudflare R2 — cloud storage for call recordings, generated assets (logos, photos), and data exports.
• Resend — transactional email delivery.
• Google Business Profile API — review management and business listing integration.

Each provider maintains its own privacy policy. We encourage you to review their policies. We select providers that maintain industry-standard security practices and, where applicable, are SOC 2 compliant.

4. Data Storage and Security

Your data is stored in Supabase-hosted PostgreSQL databases and Cloudflare R2 object storage. All data is encrypted in transit using TLS 1.2 or higher. Data is encrypted at rest using AES-256 encryption through our infrastructure providers. Database connections are encrypted, and access is restricted through row-level security policies.

We implement administrative, technical, and physical safeguards designed to protect your information, including access controls, audit logging, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities as required by applicable law, including Florida's data breach notification statute.

5. Law Enforcement and Legal Process

We may disclose your information if required by law or in response to valid legal process, including subpoenas, court orders, or government requests. We may also disclose information when we believe disclosure is necessary to protect our rights, your safety, investigate fraud, or respond to a government request.

6. Call Recording and Transcription

When callers reach your business through the Service, their calls are recorded and transcribed. As the business using our Service, you are responsible for complying with applicable call recording laws in your jurisdiction, including providing any required notices or obtaining consent from callers.

Call recordings are stored in Cloudflare R2 and are accessible through your dashboard. Call transcription, speech synthesis, and the live conversation are handled by Retell AI. Post-call analysis (sentiment, caller intent, lead quality scoring, summarization) is processed by Anthropic Claude. These recordings, transcripts, and analyses are used solely to provide the Service and are not shared with unrelated third parties.

7. SMS Communications (TCPA Compliance)

The Service may send SMS messages to your customers on your behalf, such as appointment confirmations, reminders, and follow-ups. All SMS communications are sent in compliance with the Telephone Consumer Protection Act (TCPA) and applicable state regulations.

As a business using the Service, you represent and warrant that you have obtained proper consent from recipients before enabling SMS communications through our platform. You are responsible for maintaining records of consent and honoring opt-out requests. Recipients may opt out of SMS messages at any time by replying STOP.

8. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We may use analytics tools to understand how the Service is used in aggregate. We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site tracking or ad networks.

9. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Call recordings and transcripts are retained for the duration of your subscription unless you request earlier deletion. After account termination, we retain data for up to 90 days to facilitate account recovery, after which it is permanently deleted. We may retain certain data longer if required by law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Portability: request an export of your data in a machine-readable format.
• Objection: object to certain processing activities.

To exercise any of these rights, contact us at privacy@vantechsystem.com. We will respond to verified requests within 30 days.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with additional rights regarding your personal information.

Categories of personal information we collect:

• Identifiers (name, email address, phone number, IP address).
• Commercial information (subscription and payment records).
• Internet or other electronic network activity (usage analytics).
• Audio information (call recordings).
• Professional or employment-related information (business details).

We do not sell or share your personal information as defined under the CCPA/CPRA.

Your California privacy rights include:

• Right to Know: request disclosure of the personal information we have collected about you.
• Right to Delete: request deletion of your personal information, subject to certain exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt-Out: not applicable, as we do not sell or share personal information.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, contact us at privacy@vantechsystem.com. We will respond to verified requests within 45 days.

12. Children's Privacy

The Service is designed for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete that information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Service prior to the change becoming effective. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: