Privacy Policy

This Policy covers three groups: (a) business owners and staff who register for and operate the Service (“Customers”); (b) end consumers who interact with a Customer through the Service, such as by booking an appointment or calling a Customer’s phone number (“End Users”); and (c) visitors to our marketing website.

For information we process on behalf of our Customers (for example, End User contact details they store in the Service), the Customer is the “controller” or “business” and we are a “processor” or “service provider.” End Users should contact the Customer directly for requests about that information; we will support the Customer in responding.

From Customers

• Account data: name, email, password hash, phone number, business name and address, and payment method details (handled by our payment processor).
• Business configuration: services, prices, staff/operator profiles, hours, and calendar settings.
• Communications: messages you send us and support requests.

From End Users, on behalf of Customers

• Booking data: name, phone number, email, appointment details, and notes you provide on the booking page.
• Telephony data: inbound call audio, recordings, transcripts, summaries, caller phone number, and call metadata generated when our AI agent answers a call.
• Payment data:deposits and payment metadata collected by our payment processor on the Customer’s behalf.

Automatically

• Device and usage data: IP address, browser and OS, referrer, pages visited, actions taken, timestamps, and approximate location derived from IP.
• Cookies and similar technologies: for authentication, preferences, security, and analytics. See Section 9.

• Provide, operate, maintain, and secure the Service.
• Process payments, send transactional messages, and deliver bookings and reminders.
• Answer inbound calls with the AI agent, generate transcripts and summaries, and surface them in the dashboard.
• Prevent fraud and abuse, enforce our Terms, and comply with law.
• Improve the Service, including debugging, analytics, and developing new features. We do not use End User content stored by a Customer to train general-purpose AI models without the Customer’s authorization.
• Communicate with Customers about product updates and, subject to your preferences, marketing.

Where the GDPR or UK GDPR applies, we process personal data on the following bases: performance of a contract (to deliver the Service), legitimate interests (to secure and improve the Service, prevent fraud, and run our business), consent (for certain cookies and marketing), and legal obligation (tax, accounting, responding to lawful requests).

We share information with:

• Service providers that help us run the Service, including hosting and database (Supabase), payments (Stripe), calendar (Google), telephony and SMS providers, and AI model providers that process call audio, transcripts, and text prompts. These providers are bound by contract to use information only to provide services to us.
• The Customer whose booking page or phone number an End User interacts with, so the Customer can provide services.
• Legal and safety: to comply with law, valid legal process, or to protect rights, property, or safety.
• Corporate transactions: in connection with a merger, acquisition, financing, or sale of assets, subject to customary confidentiality.

We do not sell personal information.

We retain information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Call recordings and transcripts are retained based on the Customer’s plan settings and applicable law. When we no longer need data, we delete or de-identify it.

We use administrative, technical, and organizational measures designed to protect information, including encryption in transit, access controls, and monitoring. No method of transmission or storage is perfectly secure; you are responsible for keeping your credentials safe and for configuring access for your staff appropriately.

Depending on where you live, you may have rights to access, correct, delete, or export personal information, to object to or restrict certain processing, to opt out of targeted advertising or “sales” or “shares” as defined by applicable law, and to withdraw consent. Virginia residents may exercise rights under the VCDPA; California residents may exercise rights under the CCPA/CPRA; residents of other U.S. states and of the EEA and UK may have similar rights.

Customers may access and manage most data directly in the dashboard. For other requests, contact privacy@aisysware.com. End Users should contact the Customer they interacted with; we will assist the Customer in responding. We may need to verify your identity before acting on your request, and we will not discriminate against you for exercising your rights.

We use cookies and similar technologies that are strictly necessary (session and security), functional (preferences), and analytics (usage and performance). You can control cookies in your browser. Blocking strictly necessary cookies may cause parts of the Service to stop working.

The AI agent records and transcribes inbound calls to the Customer’s phone number. It is the Customer’s responsibility to provide any legally required notice or consent to callers, including in jurisdictions that require all parties to consent to recording. If you are an End User and do not consent, please end the call and contact the Customer directly.

The Service is not directed to children under 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will delete it.

We are based in the United States, and our service providers may process information there and elsewhere. Where required, we rely on lawful transfer mechanisms such as the Standard Contractual Clauses.

We may update this Privacy Policy from time to time. Material changes will be notified by email or through the Service. The “Effective” date above reflects the latest revision.

Questions or requests? Contact us at privacy@aisysware.com.

AISysware LLC
A Virginia limited liability company