This Privacy Policy is a placeholder pending legal counsel review. The policy below reflects our current data practices but has not been reviewed by privacy counsel for specific jurisdictional requirements (GDPR, CCPA, state-level laws). Prior to commercial engagement, customers will receive a counsel-reviewed Data Processing Agreement. This page exists for pre-launch transparency.
When you submit the prototype-request form, we collect: your website URL, email address, business scale, and stated operational struggle. When you use the Services, we process call audio, transcripts, caller phone numbers, appointment details, and related operational data necessary to deliver the service.
We use collected data to: (a) build and deliver your prototype; (b) operate the live Services; (c) improve call-handling accuracy; (d) communicate with you about your service. We do not sell your data. We do not use your data to train general-purpose AI models that benefit other customers.
We use third-party infrastructure to deliver the service: Cloudflare (hosting and workers), phone carriers (voice routing), email delivery services (Resend), and AI model providers for generation. Each processor handles data under contract and within their published security practices.
Calls routed through Capacity may be recorded for quality assurance, service improvement, and dispute resolution. State and federal call recording laws vary; your use of the Services includes responsibility for any caller-notification requirements in your jurisdiction. We support configurable caller-notification messages as part of standard onboarding.
Call audio is retained for 30 days by default. Call transcripts and structured records are retained for 12 months. Lead and contact data submitted via the prototype form is retained until you request deletion. Retention periods can be adjusted for your account in the service agreement.
You may request access, correction, or deletion of personal data we hold about you. Email hello@hvacaiemployee.com with your request. We respond within 30 days.
We use industry-standard practices: encryption in transit (TLS 1.3), encryption at rest for sensitive data, role-based access controls, and audit logging. No system is perfectly secure; we disclose material breaches to affected parties as required by law.
This Site uses minimal analytics to understand visitor behavior in aggregate. We do not use tracking cookies for advertising. Your browser’s Do Not Track signal is respected.
The Services are designed for business use. We do not knowingly collect data from anyone under 16.
We may update this policy. Material changes will be communicated via email to active customers.
Privacy questions: hello@hvacaiemployee.com