Privacy Policy

Last Updated: January 9, 2026

Important: This Privacy Policy explains how BizAssistant.ai collects, uses, discloses, and protects information for our website visitors, business customers, agencies, and the callers / end users whose information may be processed through our AI receptionist and related services. This Policy is intended to be broadly protective, but it is not legal advice and does not replace your own compliance obligations. You are solely responsible for making sure your use of our Services complies with all laws that apply to you.

1. Introduction

Welcome to BizAssistant.ai ("BizAssistant.ai," "we," "us," or "our"). We respect your privacy and take reasonable measures to help protect personal information entrusted to us. This Privacy Policy ("Policy") describes how we handle information when you:

Visit, use, or interact with our websites, landing pages, or online properties (the "Sites");
Use, or are invited to use, our AI receptionist / AI voice agent and associated products and dashboards (the "Services"); or
Communicate with us or with our Services by phone, SMS/text, email, or other channels.

By accessing the Sites or using the Services, you agree to this Policy. If you do not agree, please do not use the Sites or Services.

2. Scope & Who This Policy Covers

This Policy applies to:

Clients: Businesses and agencies that sign up for BizAssistant.ai or manage accounts for others;
Website visitors: People who browse or interact with our Sites;
Callers / End Users: People who call, text, or otherwise interact with phone numbers, AI receptionists, or workflows powered by BizAssistant.ai on behalf of a Client;
Prospective customers: Individuals who request information, demos, or free trials.

For most caller and lead information, BizAssistant.ai acts as a service provider / processor to our Clients, who act as the controller (or equivalent term under applicable law). Our Clients are primarily responsible for their own privacy notices, consents, and compliance obligations with respect to their callers and end users.

3. Information We Collect

The categories of information we collect depend on how you interact with us and the Services.

a. Information You Provide Directly

Contact details such as your name, email address, phone number, company name, job title, and role;
Business information such as service areas, pricing ranges, staff names, calendars, routing rules, and business hours;
Configuration content for your AI (scripts, FAQs, intake questions, notes, templates, prompts, and internal rules);
Messages or content you send us, including support requests, forms, surveys, or feedback;
Account credentials and authentication information that you create (usernames, hashed passwords, etc.);
Any other information you choose to provide when communicating with us or using the Services.

b. Caller, Lead & End-User Information (Processed on Behalf of Clients)

When our Services handle calls, texts, or interactions for a Client, we may process information about callers and end users on that Client’s instructions, including:

Caller name, phone number, email address, and contact details;
Service address, property details, appointment preferences, and similar logistics information;
Job or inquiry details (e.g., type of service requested, urgency, property type, budget range);
Call metadata (time, date, duration, direction, caller ID, target number);
Call recordings and transcripts where recording/transcription is enabled by the Client;
Booking details such as requested appointment slots, confirmations, and internal notes.

c. Payment & Billing Information

If you purchase a paid plan, our third-party payment processors collect and process payment information (such as card number, expiration date, security code, and billing address). We do not store full payment card numbers on our own servers.

d. Technical, Usage & Log Data

Device and browser information (IP address, browser type, device identifiers, operating system);
Usage data (pages viewed, features used, clickstream data, referring/exit pages, timestamps);
Approximate geolocation derived from IP address where permitted by law;
Diagnostic and performance data to monitor stability, uptime, and security of the Services.

e. Cookies & Similar Technologies

We and our third-party providers may use cookies, pixels, tags, SDKs, and similar technologies to operate the Sites, remember your preferences, secure your account, measure traffic, and support analytics and advertising. See Section 8 below for more detail.

f. Sensitive & Regulated Data We Prefer Not to Receive

Our Services are designed for general business and appointment-related communications, not to store highly sensitive data such as:

Government IDs (e.g., Social Security numbers);
Full payment card details shared verbally or via text (outside of secure payment flows);
Health or medical information subject to HIPAA or similar health-privacy laws;
Financial account numbers, login credentials, or other regulated financial data;
Biometric identifiers or precise geolocation where special rules apply;
Information revealing racial or ethnic origin, religious beliefs, sexual orientation, or union membership.

You agree not to intentionally use the Services to collect or store protected health information (PHI) or other highly sensitive categories of personal data unless we have a separate written agreement explicitly permitting that use. BizAssistant.ai does not hold itself out as a HIPAA "covered entity" or "business associate," and does not agree to HIPAA or similar sector-specific privacy obligations unless separately and expressly agreed in writing.

4. How We Use Information

We use the information we collect for purposes including:

Providing, operating, and maintaining the Sites and Services;
Answering calls, handling conversations, qualifying leads, and booking appointments on behalf of our Clients;
Configuring and customizing AI receptionists according to your business rules, scripts, and preferences;
Routing calls, messages, and notifications to the correct people or systems within your business;
Creating call logs, recordings, transcripts, analytics, and performance reports for Clients;
Monitoring, testing, and improving the accuracy, reliability, safety, and performance of our AI and telephony systems;
Detecting, investigating, and preventing fraud, abuse, and security incidents;
Providing customer support and responding to your inquiries and feedback;
Sending account, billing, and service-related communications;
Sending marketing and promotional communications where permitted by law (with appropriate opt-out options);
Complying with legal obligations and enforcing our contracts, including our Terms of Service.

5. AI, Third-Party Models & Automated Processing

Our Services may use third-party AI and large language models (for example, models provided by external AI vendors) to generate, understand, and transcribe speech and text.

We send prompts, call snippets, or configuration data to these AI providers so they can generate appropriate responses;
These providers act as our processors/service providers and are contractually required to use data only to provide their services to us;
AI systems may occasionally generate incomplete, outdated, or incorrect responses. You remain responsible for reviewing and configuring your AI flows appropriately for your business and industry.

We do not grant AI providers permission to use your data for their own advertising or to sell personal information; however, we cannot control their independent legal obligations. You should review our Terms of Service and any separate agreements you enter with us for additional details on AI usage and limitations.

AI Transparency: Where required by law or where we deem appropriate, BizAssistant.ai and/or our Clients may disclose that an interaction involves an automated or AI-enabled system. The Services may automatically route inquiries, categorize leads, or propose appointment times based on Client rules.

6. Legal Bases for Processing (EEA/UK Visitors)

Where the EU/UK data protection laws apply, we rely on one or more of the following legal bases:

Contract: To provide the Services to you or to perform our obligations under an agreement;
Legitimate interests: To operate, secure, improve, and promote our Services and to communicate with you about them;
Consent: For certain marketing communications, use of optional cookies, or call recording where required by law. You may withdraw consent at any time;
Legal obligations: To comply with applicable laws, regulations, and legal processes.

7. SMS/Text, Voice & Email Communications

By providing a phone number or email address to us, or to a Client using our Services, you may receive text messages, calls, and/or emails related to scheduling, confirmations, reminders, service updates, account notices, or marketing. Message frequency may vary. Standard message and data rates may apply.

Opting out: You can typically opt out of marketing texts by replying STOP, and opt out of marketing emails by clicking the unsubscribe link in those messages. You may still receive transactional or service-related messages even after opting out of marketing.

Client responsibility: When our platform sends messages, makes calls, or routes communications on behalf of a Client, that Client is responsible for:

Obtaining any legally required consent for calls, texts, recordings, and emails (including under TCPA, CTIA, CAN-SPAM, CASL, GDPR, and similar laws);
Providing appropriate notices to callers and contacts, including call-recording disclosures where required;
Honoring opt-out and unsubscribe requests from their customers and contacts; and
Ensuring message content complies with applicable laws, industry rules, and carrier policies.

8. Cookies, Tracking & Analytics

We may use cookies and similar technologies to:

Remember your settings, preferences, and login sessions;
Secure your account and help prevent fraud;
Measure traffic, usage patterns, and site performance;
Understand which marketing campaigns are effective;
Support limited, interest-based advertising and retargeting where allowed by law.

We may also use third-party analytics and advertising services (for example, Google Analytics, advertising pixels, or CRM tracking tools) that set their own cookies or similar technologies. These providers may collect or receive information about your use of our Sites and other websites and may use that information to provide measurement services and targeted ads, subject to their own privacy policies.

You can usually configure your browser to block or delete cookies, though some features may not function properly if you do. Depending on your location, you may see additional cookie banners or controls when you first visit our Sites.

9. How We Share Information

We do not sell personal information for money. We may disclose information in the following situations:

Service providers / processors: We share information with vendors that help us operate the Sites and Services, such as telephony/SMS providers, AI model providers, cloud hosting, analytics, customer support tools, email delivery services, and payment processors. These third parties are required to use the data only to perform services for us and to protect it appropriately.
Clients: If you are a caller or contact of a Client, we share your information (e.g., call details, transcripts, bookings, and notes) with the Client whose business you contacted or whose number you called.
Third-party tools you connect: At your direction, we may send data to CRMs, calendars, marketing tools, or other systems that you choose to integrate. Those systems are governed by their own privacy policies, and we are not responsible for their practices.
Business transfers: We may disclose or transfer information as part of a merger, acquisition, financing, reorganization, or sale of all or part of our business. We will take reasonable steps to ensure the recipient honors this Policy or implements similar protections.
Legal and safety: We may disclose information when we believe in good faith that it is necessary to comply with law or legal process, to protect our rights, property, or safety or that of our Clients, users, or the public, or to enforce our agreements.

10. International Data Transfers

BizAssistant.ai is based in the United States. Information we collect may be stored and processed in the U.S. or other countries where we or our service providers operate. These locations may have data protection laws that differ from those in your country.

Where required by law, we implement appropriate safeguards (for example, contractual clauses) to help ensure that international transfers of personal data are handled in a manner consistent with applicable data protection laws.

11. Data Retention

We retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements, or as otherwise permitted by law.

Account and configuration data are generally retained while your account is active and for a reasonable period afterward;
Call recordings, transcripts, and call logs may be retained for a period determined by us or by the applicable Client;
We may retain certain records (for example, billing, security, and contractual records) even after an account is closed if we have a legal or legitimate business reason to do so.

12. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot and do not guarantee absolute security.

You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. Please notify us promptly if you believe your account or any credentials have been compromised.

13. Regulated Industries & High-Risk Uses

Our Services are generally intended for standard commercial use (for example, service businesses, trades, local businesses, agencies, and similar organizations). They are not designed for:

Emergency services or life-critical systems (e.g., 911 or urgent medical triage);
Collection, storage, or processing of protected health information (PHI) governed by HIPAA, unless expressly agreed in writing;
Processing regulated financial, banking, or investment advice requiring registration or special licensure;
Providing professional legal, tax, medical, or other licensed professional advice.

You are solely responsible for determining whether and how to use the Services in your industry and for ensuring that your use complies with all laws, regulations, and industry standards that apply to you. If you operate in a highly regulated sector, you should consult your own legal counsel before using the Services with real customer data.

14. Your Privacy Rights & Choices

Depending on your location and applicable law (for example, GDPR in the EEA/UK, or state privacy laws in the U.S.), you may have some or all of the following rights:

The right to request access to personal information we hold about you;
The right to request correction of inaccurate or incomplete information;
The right to request deletion of your information, subject to legal and contractual requirements;
The right to object to or request restriction of certain processing activities;
The right to data portability (to receive certain information in a structured, commonly used format);
The right to withdraw consent where our processing is based on your consent;
The right to lodge a complaint with a supervisory authority or data protection regulator.

To exercise these rights, you can contact us at [email protected]. We may need to verify your identity (and, where permitted, your authority) before fulfilling your request. If you are a caller or customer of one of our Clients, we may refer your request to that Client, as they may be the primary controller of your data.

Where U.S. state privacy laws apply (for example, in California, Colorado, Virginia, or similar jurisdictions), you may also have the right to opt out of certain uses of personal information that could be considered "sale" or "sharing" under those laws. We do not sell personal information for money, but certain analytics or advertising activities could be interpreted as "sharing." You can contact us if you wish to exercise such rights.

15. Do Not Track

Some browsers include a "Do Not Track" ("DNT") setting that signals to websites that you do not want your online activity tracked. There is currently no industry-standard response to DNT signals, and we do not respond to them. We will continue to monitor developments around DNT and may update this Policy if our practices change.

16. Children’s Privacy

The Sites and Services are intended for business use and are not directed to children under 13 (or under 16 where a higher age is required by law). We do not knowingly collect personal information from children in this age range. If we become aware that we have collected such information, we will take reasonable steps to delete it. If you believe a child has provided us with personal information, please contact us.

17. BizAssistant.ai as Service Provider / Processor

For most caller, lead, and end-user data, BizAssistant.ai acts as a service provider / processor and the Client acts as the controller. That means:

Our Clients decide what data to collect from their callers and how they will use it;
Our Clients are responsible for providing any legally required privacy notices and obtaining required consents from their callers;
We process caller and lead data only in accordance with our agreements with Clients and their instructions;
We may use aggregated or de-identified information (that does not identify individuals) to improve and develop our Services.

18. Supplemental U.S. State Privacy Disclosures (Including California)

This section provides additional disclosures that may apply to residents of certain U.S. states with comprehensive privacy laws (including California). These disclosures apply to personal information we collect about website visitors, prospective customers, and business users of the Services.

Callers / End Users: Where we process caller, lead, or end-user data on behalf of a Client, that Client is typically the controller for that data, and the Client’s privacy notice generally governs. We will support our Clients’ lawful instructions and requests as required by our agreements and applicable law.

18.1 Categories of Personal Information (Notice at Collection)

Depending on how you interact with us, we may collect the following categories of personal information:

Identifiers: name, email address, phone number, online identifiers, IP address, account login information.
Customer records / business contact info: company name, job title, role, billing/contact details.
Commercial information: plan tier, subscription status, billing records, and purchase history.
Internet / network activity: browsing and interaction data on our Sites, app events, analytics, and logs.
Approximate location: derived from IP address (where permitted).
Audio/electronic information: call recordings and transcripts where enabled; call metadata.
Professional information: business role and related details you provide.
Inferences: lead categorization, routing signals, and summaries generated to operate the Services.

18.2 Purposes for Collection/Use

We collect and use personal information for the purposes described in this Policy, including providing and securing the Services, processing transactions, supporting customers, preventing fraud/abuse, marketing where permitted, improving reliability and performance, and complying with law.

18.3 Disclosure of Personal Information

We may disclose the categories of personal information described above to the categories of recipients described in Section 9 (service providers/processors, Clients, integrations you choose, professional advisors, parties to a business transfer, and for legal/safety/enforcement).

18.4 “Sale”, “Sharing”, and Targeted Advertising

We do not sell personal information for money. However, some privacy laws define “sale” or “sharing” broadly, and certain analytics or advertising disclosures (for example, pixels/cookies used for measurement or retargeting) may be considered a “sale,” “sharing,” or “targeted advertising” even if no money is exchanged.

Where applicable, you may opt out of targeted advertising and certain disclosures by adjusting cookie settings (where available), limiting third-party cookies in your browser/device, or by contacting us at [email protected].

18.5 Sensitive Personal Information

We do not intentionally collect sensitive personal information as a core part of the Services. If sensitive personal information is provided to us, we use it only as necessary to provide the Services, secure our systems, comply with law, and enforce our agreements, unless otherwise required by law.

18.6 Requests, Verification, Authorized Agents, and Appeals

You may submit requests by emailing [email protected]. We may require identity verification and/or proof of authority (for authorized agents) as permitted or required by law. Where an appeals process applies, you may appeal by replying to our decision email or emailing support with “Privacy Appeal” in the subject line.

18.7 Non-Discrimination

We will not unlawfully discriminate against you for exercising your privacy rights, subject to lawful and permitted differences related to plan features and service delivery.

18.8 Global Privacy Control (GPC)

Some browsers and extensions support an opt-out preference signal known as Global Privacy Control (“GPC”). Where required by applicable law, we will treat a recognized GPC signal as a request to opt out of certain disclosures that may be considered a “sale” or “sharing,” and/or certain targeted advertising, for the browser/device associated with that signal. GPC is typically browser/device-specific.

19. Security Incident Notification

We maintain safeguards designed to protect personal information (see Section 12). In the event of a confirmed security incident involving personal information, we will take reasonable steps to investigate, mitigate, and comply with applicable notification obligations. Where we act as a service provider/processor for a Client, we will generally notify the Client and provide information reasonably necessary for the Client to meet its obligations, subject to law and our agreements.

20. Voice Data, Recordings, and Biometric Information

Our Services may process voice recordings and related transcripts when enabled by a Client. BizAssistant.ai does not use voice data to identify a person by “voiceprint” for authentication or identification purposes, and we do not intentionally create or store biometric identifiers for that purpose. If we implement a feature that involves biometric identifiers or biometric information under applicable law, we will provide any legally required notices and obtain any legally required consents.

21. Subprocessors

We use third-party service providers (“subprocessors”) to help deliver the Sites and Services (for example, cloud hosting, telephony/SMS, AI model vendors, analytics, support tooling, and payment processing). We require subprocessors to protect information and process it only to provide services to us. You may contact us at [email protected] to request information about our current subprocessors.

22. Third-Party Websites and Client-Controlled Experiences

Our Sites may contain links to third-party websites or services, and Clients may configure experiences that route you to third-party tools (for example, CRMs, calendars, or payment pages). This Policy does not govern third-party practices, and we are not responsible for the privacy or security practices of third parties. Please review their policies directly.

23. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we do, we will update the “Last Updated” date at the top of this page. Your continued use of the Sites or Services after the effective date of an updated Policy constitutes your acceptance of the changes. If you do not agree with the updated Policy, you should stop using the Sites and Services.

24. Contact Us

If you have any questions about this Privacy Policy or how we handle your information, please contact us:

BizAssistant.ai LLC
Attn: Privacy / Support
3400 Cottage Way, Ste G2 #32353
Sacramento, CA 95825
📧 [email protected]
🌐 https://www.bizassistant.ai

This Privacy Policy is provided for general informational purposes only and does not constitute legal advice. BizAssistant.ai is not a law firm and does not provide legal services. Because privacy and data protection laws can vary significantly by industry, jurisdiction, and use case, you should consult with a licensed attorney in your state or country to review and adapt this Policy and our Terms of Service for your specific business, industry, and marketing practices.