Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we collect:

• Account Information: Business name, owner name, email address, phone number, billing address
• Business Information: Industry, number of locations, business type
• Payment Information: Credit card details (processed securely by Stripe), billing history
• Communication Data: Messages sent via our platform, campaign content, customer contact lists
• Support Communications: Information you provide when contacting customer support

1.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Performance Metrics: API response times, error logs, campaign performance data
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies

1.3 Customer Data

When you use our Service to communicate with your customers, we process their information on your behalf, including:

• Customer names, phone numbers, and email addresses
• Appointment details and preferences
• Communication history and engagement metrics
• Conversation transcripts and AI-generated responses

Important: You are the data controller for your customer data. We are the data processor. You must obtain appropriate consent from your customers before using our Service to contact them.

2. How We Use Your Information

2.1 To Provide the Service

• Process and deliver SMS/voice messages on your behalf
• Generate AI-powered responses and campaign content
• Schedule and manage appointments
• Provide analytics and performance reporting
• Process payments and manage billing

2.2 To Improve the Service

• Analyze usage patterns to enhance features
• Train AI models for better performance
• Develop new features and capabilities
• Create anonymized industry benchmarks

2.3 For Security and Compliance

• Detect and prevent fraud, abuse, and security threats
• Ensure compliance with TCPA, CAN-SPAM, and other regulations
• Respond to legal requests and enforce our Terms of Service
• Conduct security audits and monitoring

2.4 For Communications

• Send service notifications and updates
• Provide customer support
• Share product announcements and feature updates
• Send billing and account-related emails

3. Data Sharing and Disclosure

3.1 Service Providers

We share data with trusted third-party service providers:

• Twilio: SMS and voice message delivery
• OpenAI: AI-powered text generation and analysis
• Stripe: Payment processing
• SendGrid: Email delivery
• Microsoft Azure: Cloud hosting and storage
• Analytics Providers: Google Analytics, application monitoring

All service providers are contractually obligated to protect your data and use it only for specified purposes.

3.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and provide choices regarding your data.

3.3 Legal Requirements

We may disclose information when required by law, including:

• Responding to subpoenas, court orders, or legal process
• Protecting our rights, property, or safety
• Investigating fraud or security incidents
• Complying with regulatory requirements

3.4 Aggregated Data

We may share anonymized, aggregated data that does not identify you or your customers, such as industry benchmarks, usage statistics, and trend analysis.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures:

• Encryption: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest
• Access Controls: Role-based access, multi-factor authentication, least-privilege principles
• Network Security: Firewalls, intrusion detection, DDoS protection
• Monitoring: 24/7 security monitoring and incident response
• Audits: Regular security assessments and penetration testing

4.2 Data Breach Notification

In the event of a data breach affecting your information, we will notify you within 72 hours and provide details about the incident and our response.

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your account is active and as needed to provide the Service.

5.2 Terminated Accounts

Upon account termination, we retain your data for 30 days to allow for reactivation. After 30 days, data is permanently deleted except as required for legal, tax, or regulatory purposes.

5.3 Backup Retention

Backup copies may persist for up to 90 days after deletion from production systems.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access your data and export it in a machine-readable format at any time through your account dashboard.

6.2 Correction and Update

You can update your account information at any time through your account settings or by contacting support@cloudfran.com.

6.3 Deletion

You may request deletion of your account and data by contacting us. We will process deletion requests within 30 days, subject to legal retention requirements.

6.4 Opt-Out of Marketing

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences in your account settings. You cannot opt out of transactional emails necessary for service operation.

6.5 Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7. International Data Transfers

Our Service is hosted in the United States on Microsoft Azure infrastructure. By using the Service, you consent to the transfer of your data to the United States. We implement appropriate safeguards including Standard Contractual Clauses for international transfers.

8. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately at privacy@cloudfran.com.

9. Regional Privacy Rights

9.1 GDPR (European Union)

If you are located in the EU, you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

9.2 CCPA (California)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information held by businesses
• Opt-out of sale of personal information (Note: We do not sell personal information)
• Non-discrimination for exercising CCPA rights

9.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. Contact us at privacy@cloudfran.com for jurisdiction-specific inquiries.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice on our website at least 30 days before the changes take effect. Continued use after changes constitutes acceptance.

12. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:

13. Consent

By using CloudFran Agents, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.