Legal

Privacy Policy

Last updated: April 27, 2026

1. Introduction

AI Front Desk ('AIFD', 'we', 'us', or 'our') is operated as a sole proprietorship. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our platform and services. By accessing or using AI Front Desk, you agree to the collection and use of information in accordance with this policy. This policy applies to all users of our services, including business owners, administrators, and the end customers of businesses using our platform. If you do not agree with this policy, you must discontinue use of our services immediately.

2. Information We Collect

We collect the following categories of personal information: (a) Account Information - name, email address, business name, phone number, and password when you create an account; (b) Billing Information - payment details processed and stored securely by Stripe; (c) Business Configuration - business description, hours, pricing ranges, AI instructions, automation rules, and business rules you configure within the platform; (d) Third-Party Credentials - API keys, OAuth tokens, and access credentials for services you connect, including Twilio, Gmail, and Telegram; (e) Communications Data - incoming customer messages and AI-generated responses processed through our platform; (f) Usage Data - log data, IP addresses, browser type, pages visited, and platform activity; (g) Device Information - device type, operating system, and browser information.

3. How We Use Your Information

We use your personal information to: provide, operate, maintain, and improve our services; process payments and manage your subscription; deliver AI-powered responses to your customers across connected communication channels; send transactional and service-related communications; detect, investigate, and prevent fraudulent or unauthorized activity; comply with applicable legal obligations; and analyze usage patterns to improve platform performance. We do not sell, rent, or trade your personal information to any third party for marketing or commercial purposes under any circumstances.

4. Legal Basis for Processing - GDPR (EEA, UK, Switzerland)

For users located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process personal data under the following legal bases as defined by GDPR: (a) Contract Performance (Article 6(1)(b)) - processing necessary to deliver services you subscribed to; (b) Legitimate Interests (Article 6(1)(f)) - fraud prevention, security, and service improvement; (c) Legal Obligation (Article 6(1)(c)) - processing required by applicable law; (d) Consent (Article 6(1)(a)) - where you have provided explicit consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. California Privacy Rights - CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): (a) Right to Know - request disclosure of categories and specific pieces of personal information collected about you, sources, business purpose, and third parties we share it with; (b) Right to Delete - request deletion of your personal information, subject to legal exceptions; (c) Right to Correct - request correction of inaccurate personal information; (d) Right to Opt-Out - AI Front Desk does not sell or share personal information for cross-context behavioral advertising; (e) Right to Limit Use of Sensitive Personal Information - where applicable; (f) Right to Non-Discrimination - we will not discriminate against you for exercising your CCPA rights. To exercise your rights, contact support@aifrontdsk.com with subject line 'California Privacy Request'. We respond within 45 days.

6. Additional US State Privacy Rights

AI Front Desk complies with applicable state privacy laws. Residents of the following states have additional privacy rights: Virginia (VCDPA) - rights to access, correct, delete, and opt out of sale or targeted advertising; Colorado (CPA) - rights to access, correct, delete, opt out of targeted advertising and profiling; Connecticut (CTDPA) - rights to access, correct, delete, and opt out of sale or targeted advertising; Nevada (SB 220) - right to opt out of sale of personal information; Illinois (BIPA) - we do not collect biometric identifiers or biometric information; Texas, Florida, and other states with emerging privacy legislation - we commit to honoring equivalent rights as they become legally effective. To exercise any state privacy right, contact support@aifrontdsk.com with your state name and specific request. We do not sell personal information in any state.

7. SMS Communications - TCPA Compliance

AI Front Desk enables businesses to send SMS and WhatsApp messages to their customers. All SMS communications must comply with the Telephone Consumer Protection Act (TCPA) and applicable carrier regulations. Business owners are solely responsible for: obtaining prior express written consent from all recipients before sending automated messages; including STOP opt-out instructions in every message; maintaining records of customer consent; honoring all opt-out requests immediately; and complying with applicable TCPA requirements. AI Front Desk is a technology provider only and assumes no liability for TCPA violations resulting from a business owner's failure to comply.

8. Email Communications - CAN-SPAM

AI Front Desk enables businesses to respond to customer emails via Gmail integration. All email communications must comply with the CAN-SPAM Act. Business owners are responsible for ensuring communications include accurate sender information, a non-deceptive subject line, a valid physical mailing address, and a clear opt-out mechanism. AI Front Desk processes emails as a technology service provider and is not responsible for CAN-SPAM violations resulting from a business owner's email practices.

9. Data Storage and Security

Your data is stored using Supabase infrastructure hosted in the United States. We implement the following security measures: encryption of all data in transit using TLS 1.2 or higher; row-level security (RLS) policies restricting data access to authorized users only; access controls limiting internal access on a need-to-know basis; secure handling of third-party API credentials with restricted access permissions; and regular security reviews. Despite these measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information and are not liable for unauthorized access resulting from circumstances beyond our reasonable control.

10. International Data Transfers

AI Front Desk is operated from the United States. If you are located in the EEA, United Kingdom, or other regions with data protection laws that differ from US law, your information may be transferred to, stored, and processed in the United States. For transfers from the EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46. By using our services, you acknowledge and consent to this international transfer.

11. Third-Party Services

AI Front Desk integrates with third-party services governed by their own privacy policies: Twilio Inc. - twilio.com/legal/privacy; Google LLC - policies.google.com/privacy; Telegram Messenger - telegram.org/privacy; OpenAI LLC - openai.com/privacy; Stripe Inc. - stripe.com/privacy; Resend Inc. - resend.com/legal/privacy-policy; Supabase Inc. - supabase.com/privacy; Vercel Inc. - vercel.com/legal/privacy-policy. We share only the minimum data necessary for each integration to function and are not responsible for the privacy practices of these third parties.

12. Data Retention

We retain personal data for as long as your account is active or as needed to provide services. Conversation history and message data are retained for 12 months by default. Upon account deletion, we delete or anonymize personal data within 30 days, except where retention is required by applicable law (e.g., billing records retained up to 7 years for tax compliance). You may request earlier deletion by contacting support@aifrontdsk.com.

13. Your Privacy Rights

Depending on your location, you may have rights including: access to your personal data; correction of inaccurate data; erasure (GDPR Article 17); restriction of processing; data portability; objection to processing; and withdrawal of consent. To exercise any right, contact support@aifrontdsk.com. We respond within 30 days (45 days for California). EEA residents may also lodge complaints with their local data protection supervisory authority.

14. Cookies

AI Front Desk uses only essential cookies necessary to operate our services and maintain authenticated sessions. We do not use advertising, tracking, or third-party analytics cookies. Session cookies are deleted when you close your browser. Persistent authentication cookies expire after 30 days. You may control cookies through your browser settings; however, disabling essential cookies may impair service functionality.

15. Children's Privacy - COPPA

AI Front Desk is a business-to-business platform not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor without verifiable parental consent, we will delete that information immediately. Contact support@aifrontdsk.com if you believe we may have data from a minor.

16. Jurisdictional Compliance

AI Front Desk operates across multiple jurisdictions and is committed to complying with applicable privacy laws. However, given the rapidly evolving global privacy landscape, users are responsible for ensuring their own use of our platform complies with all privacy laws applicable in their specific jurisdiction. If a privacy law applicable to you is not explicitly addressed in this policy, the general principles of data minimization, purpose limitation, transparency, and individual rights described herein shall apply. We reserve the right to update this policy as new privacy laws take effect.

17. Changes to This Policy

We may update this Privacy Policy at any time. We will notify you of material changes by email and through a prominent in-platform notice at least 30 days before changes take effect. The 'Last Updated' date reflects the most recent revision. Continued use of our services after the effective date constitutes acceptance of the updated policy.

18. Contact and Data Controller

AI Front Desk is the data controller for personal data processed through our platform. For all privacy inquiries, requests, or complaints: Email: support@aifrontdsk.com - Website: aifrontdsk.com. For GDPR requests, include 'GDPR Request' in your subject line. For California requests, include 'California Privacy Request'. We respond to all privacy inquiries within 30 days.