← Back to Home

Privacy Policy

Effective Date: February 20, 2026

1. Introduction

AI Business Manager ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. This policy is designed to comply with the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, the UK General Data Protection Regulation (UK GDPR), and the Australian Privacy Act 1988.

2. Information We Collect

2.1 Information You Provide

  • Account information: email address, password (hashed), business name, business type
  • Business details: phone number, address, service area, operating hours, services offered
  • Customer data: names, phone numbers, email addresses, appointment history, notes
  • Financial data: invoice amounts, payment status (actual payment card data is processed solely by Stripe)
  • Communications: SMS/text messages between you and your customers via our platform

2.2 Information Collected Automatically

  • Usage data: features accessed, pages visited, actions performed
  • Device data: browser type, operating system, IP address
  • Log data: timestamps, error logs, API request metadata

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process AI-powered customer communications on your behalf
  • Schedule appointments and manage your calendar
  • Generate and send invoices
  • Send business briefings and follow-up communications
  • Process subscription payments and billing
  • Provide customer support
  • Improve and develop new features
  • Detect and prevent fraud, abuse, or security issues

4. Third-Party Service Providers

We share data with the following third-party service providers, solely for the purpose of operating the Service:

  • Twilio — SMS messaging and voice call handling. Twilio processes phone numbers, message content, and call metadata.
  • Stripe — Payment processing. Stripe handles credit card information directly; we never store your card details.
  • SendGrid — Email delivery for invoices, briefings, reports, and transactional messages.
  • AI Provider (Anthropic/OpenAI) — AI-powered message generation and voice handling. Conversation context is sent for processing and not retained by the AI provider beyond the request.

Each provider has their own privacy policy and data processing agreements in place.

5. Data Storage & Security

Your data is stored in encrypted PostgreSQL databases with encryption at rest. Passwords are hashed using bcrypt with 12 rounds of salting. All data transmission uses TLS/HTTPS encryption. Access to production systems is restricted to authorized personnel. We conduct regular security reviews and monitor for unauthorized access.

6. Data Retention

We retain your data for as long as your account is active. Upon subscription cancellation, your data is retained for 90 days to allow re-subscription. After 90 days, all data is permanently and irreversibly deleted, including customer records, appointments, invoices, messages, and business settings. You may request immediate deletion at any time through your account settings.

7. Your Rights

7.1 All Users

  • Access: You can export all your data at any time from Settings → Account → Export Data.
  • Deletion: You can permanently delete your account and all data from Settings → Account → Delete Account.
  • Correction: You can update your information directly in the dashboard at any time.

7.2 California Residents (CCPA)

You have the right to: know what personal information is collected; request deletion of personal information; opt out of the sale of personal information (we do not sell personal information); non-discrimination for exercising your rights.

7.3 Canadian Residents (PIPEDA)

You have the right to: access your personal information; challenge the accuracy of your information; withdraw consent for certain uses; file a complaint with the Privacy Commissioner of Canada.

7.4 UK/EU Residents (UK GDPR)

You have the right to: access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is (a) contract performance (providing the Service) and (b) legitimate interest (improving the Service). For UK customers, we act as the data processor and you act as the data controller for your customer data. Contact us for our Data Processing Agreement (DPA).

7.5 Australian Residents (Privacy Act 1988)

You have the right to: access your personal information; request correction of inaccurate information; complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the Australian Privacy Principles.

8. Data Breach Notification

In the event of a data breach that compromises your personal information, we will: (a) notify affected users within 72 hours of becoming aware of the breach (as required by UK GDPR — the most restrictive requirement); (b) notify relevant supervisory authorities as required by law; (c) provide details of the breach, data affected, and steps taken to mitigate the impact; (d) implement corrective measures to prevent recurrence.

9. Cookies & Tracking

We use essential cookies for authentication (JWT session tokens). We do not use third-party tracking cookies, advertising cookies, or analytics cookies that track individual users across websites. We may use anonymous, aggregated analytics to understand general usage patterns.

10. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect. The "Effective Date" at the top reflects the most recent revision.

12. How to Request Deletion

To delete your account and all associated data: go to Dashboard → Settings → Account → Delete Account. Alternatively, email us at support@aibusinessmanager.com with the subject line "Data Deletion Request" and we will process your request within 30 days.

13. Contact

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at: privacy@aibusinessmanager.com

© 2026 AI Business Manager. All rights reserved. | Terms of Service