Privacy. What we collect, what we do not.

We collect only what we need to run the service you hired us for. The exact data depends on which engagement you are in, but broadly it falls into a few buckets.

• Account + contact info: name, work email, company, role, and any details you give us during onboarding.
• Call audio + transcripts: for voice products and outbound calling services, recorded with the disclosures required by law.
• Photo uploads: for CraveMode and visual content engagements, the dish references and brand inputs you send.
• Lead and CRM data: lists you provide, enrichment data we source, replies your prospects send back.
• Usage data: how you interact with our dashboards, basic logs needed to keep systems running.

We use your data to deliver the service, tune it weekly, and report on what it is doing. Nothing else.

We do not sell your data. We do not use your call recordings, photos, or lead data to train third-party AI models without explicit written consent. If a model needs fine-tuning on your data for your benefit, we ask first.

Retention varies by service. Defaults below; contract terms override if different.

• Call recordings + transcripts: 4 years (TCPA statute of limitations) unless you request earlier deletion.
• Photo uploads + renders: 30 days after delivery, then purged from active storage.
• Lead and CRM data: lifetime of engagement plus 12 months, then archived or deleted on request.
• Account + billing records: 7 years for tax and audit purposes.
• Server logs: 90 days rolling.

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is role-based, logged, and scoped to the engineers actively running your engagement.

We are working toward SOC 2 Type II. We are not certified yet; we say so plainly rather than imply otherwise. Penetration testing and access reviews run quarterly.

We compose best-in-class tools rather than building everything from scratch. Data passes through these processors depending on which services you use:

• Voice + telephony: Twilio, Vapi, Retell, ElevenLabs
• AI models: OpenAI, Anthropic, open-source models we self-host where appropriate
• Outbound + email: Instantly, Smartlead, Apollo, Clay
• Data + auth: Supabase, Postgres, Clerk where used
• Payments: Stripe
• CRM + workflow: HubSpot, Pipedrive, Salesforce, Airtable, n8n
• Hosting: Vercel, Cloudflare

You can ask us to access, export, correct, or delete your data at any time. Email the address at the bottom and we will action within 30 days, faster where regulation requires.

If you are an EU or UK resident, GDPR rights apply. If you are a California resident, CCPA rights apply. We honor both regardless of where you live; the easier path wins.

Marketing site uses minimal first-party cookies for session state and Vercel Analytics for aggregate traffic. We do not run third-party advertising trackers or sell behavioral data.

Logged-in dashboards may use additional cookies for auth and preferences. We disclose those at first login.

Privacy questions, requests, or concerns go to the email below. We respond within two business days, faster for urgent compliance matters.