Privacy Policy | BizAssistant.ai

Privacy for calls, forms, SMS, calendars, and workflows

Privacy Policy

How BizAssistant.ai collects, uses, discloses, retains, and protects information across its website and AI receptionist services.

Last Updated: June 13, 2026Call, SMS & Calendar DataBusiness Workflows

Privacy Summary

This Privacy Policy applies to the BizAssistant.ai website, demo line, setup and checkout flows, Essential, Growth, Scale, and custom services, and AI receptionist workflows. It explains how BizAssistant.ai LLC collects, uses, discloses, retains, and protects information.

When BizAssistant.ai processes caller or customer information on behalf of a business customer, that business generally determines the purpose and means of processing and remains responsible for its notices, consent, call-recording disclosures, AI disclosures, retention choices, and lawful use.

1. Scope

This Privacy Policy applies when you visit BizAssistant.ai, call a demo or service line, submit a form, schedule a demo, use a setup link, complete checkout, select a plan, communicate with us, or interact with a workflow powered by our Services. It does not apply to third-party sites or services we do not control.

2. Our Privacy Roles

BizAssistant.ai may act as a business, controller, or similar role for information about website visitors, prospects, demo users, customers, account users, vendors, and business contacts.

For caller and workflow data processed on behalf of a Customer, Customer generally acts as the business/controller and BizAssistant.ai generally acts as a service provider/processor. Requests concerning a particular business’s caller data may need to be directed to that business. We may direct or assist a requester accordingly.

3. Information We Collect

Depending on how you interact with us, we may collect:

  • Identifiers and contact data: name, business name, role, email, phone number, mailing or service area, website, and communication preferences.
  • Business and onboarding data: services, hours, locations, scripts, FAQs, pricing language, escalation contacts, appointment rules, calendar preferences, phone-system information, CRM preferences, and workflow instructions.
  • Plan, account, and transaction data: selected plan, included usage, number of business numbers or locations, trial status, subscription status, invoices, payment status, tax data, and billing contacts. Payment-card details are generally handled by payment processors rather than stored directly by us.
  • Call and communication data: caller name and number, recordings where enabled, transcripts, summaries, messages, requested services, urgency, preferred appointment times, outcomes, consent or opt-out information, and support communications.
  • Calendar and integration data: account identifiers, permissions, availability, appointment metadata, staff or resource names, time zones, and integration logs needed to perform approved actions.
  • Device, usage, and online activity: IP address, browser, device, pages viewed, referring pages, timestamps, cookie identifiers, advertising identifiers, form events, and diagnostic logs.
  • Security and compliance data: authentication, fraud signals, abuse reports, consent records, audit logs, and records needed to investigate incidents or enforce agreements.
  • Inferences: limited operational inferences such as likely call category, urgency, routing destination, lead type, or workflow outcome.

4. Sources of Information

We collect information directly from you, business customers, callers, account users, connected calendars or integrations, telephony and messaging providers, payment processors, analytics and advertising providers, publicly available business sources, vendors, and automatically through websites and Services.

5. How We Use Information

We may use information to:

  • provide, configure, operate, personalize, and support the Services;
  • answer and route calls, capture requests, create summaries, send notifications, and manage appointments;
  • authenticate users, process payments, administer trials and subscriptions, and enforce plan limits;
  • communicate about setup, support, billing, security, product changes, and lawful marketing;
  • monitor quality, troubleshoot, prevent fraud and abuse, secure systems, and maintain carrier and vendor compliance;
  • analyze and improve functionality, capacity, workflows, and user experience;
  • create aggregated or deidentified analytics that do not reasonably identify a person or Customer;
  • comply with law, respond to legal process, protect rights and safety, and establish or defend legal claims; and
  • carry out other purposes disclosed at collection or authorized by the relevant Customer or individual.

6. How We Disclose Information

We may disclose information to affiliates, contractors, telephony carriers, SMS and email providers, hosting and cloud vendors, AI and speech providers, calendar and CRM providers, automation platforms, analytics and advertising providers, security and fraud vendors, payment processors, professional advisers, and other service providers that support the Services.

We may disclose information to the Customer on whose behalf a workflow operates, to authorized Customer users, or to third parties at Customer direction. We may also disclose information in a merger, financing, acquisition, reorganization, bankruptcy, sale of assets, or similar transaction, subject to appropriate confidentiality and legal requirements.

We may disclose information when reasonably necessary to comply with law or legal process, enforce agreements, investigate fraud or abuse, protect rights or safety, or respond to emergencies. We do not guarantee that legal requests will be challenged.

7. AI, Telephony, Calendar, and Integration Providers

The Services may transmit data to AI model, speech-to-text, text-to-speech, telephony, messaging, email, calendar, CRM, cloud, and automation providers to perform requested functions. These providers may process data in multiple jurisdictions and are subject to their own security practices and contractual obligations.

Optional calendar booking may involve Google Calendar, Apple Calendar, Outlook Calendar, or other approved systems. Customer controls which accounts are connected and is responsible for permissions and settings. Disconnecting an integration may not immediately delete data already retained by that third party.

Where BizAssistant.ai acts as a processor, we use Customer Content consistent with Customer instructions, applicable agreements, and law. We may use aggregated or deidentified information for service improvement. Any broader use of identifiable Customer Content will be governed by applicable agreements, disclosures, and permissions.

8. Cookies, Analytics, and Advertising

We and our providers may use cookies, pixels, tags, local storage, and similar technologies for essential functionality, security, analytics, attribution, advertising measurement, and marketing. For example, the website may use Google advertising or analytics technologies.

You may manage cookies through browser settings and any privacy-choice tools we make available. Blocking technologies may affect functionality. Browser “Do Not Track” signals are not uniform; we respond to legally recognized opt-out signals as described below where required.

9. Sale, Sharing, and Targeted Advertising

We do not sell personal information for money. However, depending on applicable law, disclosure of online identifiers or activity data to advertising or analytics providers may be considered a “sale,” “sharing,” or “targeted advertising.” Where applicable, you may opt out by using an available privacy-choice mechanism, enabling a legally recognized Global Privacy Control signal, or emailing [email protected].

We do not knowingly sell or share personal information of individuals under 16.

10. Retention

We retain information for no longer than reasonably necessary for the purposes described in this Policy, including to provide active Services, maintain business and billing records, comply with law, resolve disputes, enforce agreements, protect security, and maintain backups. Retention depends on the type of data, Customer configuration, contractual instructions, legal requirements, operational need, sensitivity, risk, and available deletion controls.

Call recordings, transcripts, summaries, appointment data, and workflow logs may be retained during the customer relationship and for a reasonable period afterward unless a Customer configuration, deletion request, addendum, legal hold, or legal requirement provides otherwise. Backups may persist until overwritten through ordinary cycles. Deidentified or aggregated data may be retained longer.

11. Security and Incident Response

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect information, such as access controls, vendor management, logging, and secure transmission where appropriate. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

Customers are responsible for securing their accounts, forwarding rules, calendars, CRMs, email, devices, credentials, and personnel access. Please promptly report suspected compromise to [email protected]. We may notify affected Customers or individuals of confirmed incidents as required by law or contract.

Calls may be answered by an AI system and may be recorded, transcribed, summarized, analyzed, or reviewed. The business Customer operating the workflow is generally responsible for required AI disclosures, recording notices and consent, and other caller-facing notices. Callers should not provide information they do not want processed.

SMS and email communications may include setup, support, security, transaction, appointment, or other Customer-approved messages. Recipients may opt out of non-required messages using provided instructions. Operational or legally required communications may continue where permitted.

13. Sensitive and Regulated Information

The standard Services are not intended for protected health information, full payment-card data, Social Security numbers, government identifiers, account passwords, biometric identifiers, children’s information, or other highly sensitive or specially regulated data unless the workflow and required contract addendum are expressly approved.

Customers must minimize data collection and must not direct callers to provide sensitive data that is unnecessary for the approved workflow. Payment information should be collected through approved payment processors rather than call transcripts or free-text fields.

14. Privacy Rights and Requests

Depending on your location and applicable law, you may have the right to know or access personal information, receive a portable copy, correct inaccuracies, delete information, opt out of sale, sharing, targeted advertising, or certain profiling, limit certain uses of sensitive information, withdraw consent, appeal a denial, and receive non-discriminatory treatment.

To submit a request, email [email protected] with “Privacy Request” in the subject line and describe the right you wish to exercise. We may verify identity and authority. Authorized agents may be required to provide proof of authorization. We will respond within the period required by applicable law.

If we process your information solely for a business Customer, we may refer the request to that Customer or ask you to contact it directly. Certain information may be exempt, and we may retain information necessary for legal, security, fraud-prevention, billing, dispute, or contractual purposes.

15. California Notice at Collection and Rights

Where the California Consumer Privacy Act, as amended, applies, the categories collected may include identifiers; customer records; commercial information; internet or electronic activity; geolocation at a general level; audio or electronic communications; professional or employment-related information; sensitive personal information voluntarily provided or required for approved workflows; and inferences. We use these categories for the purposes listed in Section 5 and disclose them to the categories in Section 6.

RightsKnow/access, delete, correct, opt out of sale or sharing, limit certain uses of sensitive personal information, and non-discrimination, subject to legal scope and exceptions.
RequestsEmail [email protected]. If BizAssistant.ai operates exclusively online for the relevant interaction, email may be the designated method as permitted by law.
Sale/SharingWe do not sell personal information for money. Advertising or analytics disclosures may be considered sharing or targeted advertising under some laws. Legally recognized opt-out signals, including Global Privacy Control where required, will be treated as opt-out requests.
RetentionRetention periods or criteria are described in Section 10 and may vary by data type and Customer configuration.

16. Children

The website and Services are intended for businesses and adults and are not directed to children under 13. We do not knowingly collect children’s personal information through our own website. Customers may not configure workflows to intentionally collect children’s data without prior written approval and all required parental consent and safeguards.

17. International Processing

BizAssistant.ai and its providers may process information in the United States and other countries. Those jurisdictions may have different privacy laws. Where required, we use legally recognized transfer mechanisms and contractual protections.

18. Changes to This Policy

We may update this Policy to reflect changes in Services, technology, vendors, laws, or practices. The “Last Updated” date identifies the current version. We may provide additional notice of material changes where required.

19. Contact

Privacy questions, requests, and complaints may be sent to [email protected]. Please identify the relevant Customer or business phone number when the request concerns a particular AI receptionist workflow.