Privacy Policy

GetApexAutomation LLC ("Apex Automation," "we," "us," "our") operates the website at getapexautomation.comand the AI voice receptionist service sold there (the "Service"). This Privacy Policy explains what data we collect, how we use it, who we share it with, and your rights.

By using the Service, you agree to this Policy. If you don't agree, please don't use the Service.

1. Two Kinds of People We Collect Data About

Apex Automation is an AI voice receptionist for garage-door companies ("Clients"). Each Client gets an AI Voice Agent on a dedicated phone number (or their existing number via call forwarding), appointment booking and scheduling, and call recordings with transcripts and summaries. We handle data for two distinct groups:

• Clients — garage-door business owners who pay for the Service. We collect their account data, business info, and billing data.
• Clients' end customers— people who call a Client's AI Voice Agent or get booked by it. The Client is the data controller for end-customer data; we are a data processor acting on the Client's behalf.

2. Data We Collect From Clients

• Account data — name, email, business name, phone. Stored in our authentication database (Supabase).
• Business profile data — services, hours, service area, brand color, and FAQs. Used to operate the Service and feed the AI Voice Agent.
• Payment data — handled entirely by Stripe. We never see or store credit card numbers; we only store the Stripe customer + subscription IDs.
• Usage + analytics — pages visited inside the dashboard, buttons clicked, browser type. First-party only; no third-party trackers.

3. Data We Process On Behalf of Clients (End-Customer Data)

• Voice call recordings + transcripts— every call handled by the Client's AI Voice Agent. Disclosed to the caller before the call begins.
• Lead contact info — name, email, phone, address, and free-text notes an end customer provides on a voice call with the AI Voice Agent.
• Booking details — service, date/time, customer name, contact info, address.

4. How We Use This Data

• To operate the Service (run the AI Voice Agent, deliver bookings, send confirmation/reminder emails).
• To process Client payments via Stripe.
• To send transactional emails to Clients (welcome, billing, refund-guarantee status).
• To send account- and booking-notification text messages to the Client account holder (e.g. an instant alert when the AI books a job), where the account holder has opted in by providing their mobile number at signup.
• To send transactional emails to end customers on the Client's behalf (booking confirmations + calendar invites, reminders). End customers receive these by email — Apex does not send SMS to end customers.
• To improve the Service (aggregated analytics, no individual profiling).
• To respond to support requests.
• To investigate abuse.
• To comply with legal obligations.

We do not sell personal data. We do not use Client or end-customer data to train AI models — conversational data is sent to Anthropic for response generation under their commercial terms (no training on API data).

5. Sub-processors

To run the Service, we share necessary data with:

• Anthropic, PBC — Voice Agent response generation + voice call summaries. Receives business profile context and voice call transcripts.
• ElevenLabs, Inc. — Voice Agent speech-to-text + text-to-speech and voice call transcription. Receives audio + metadata.
• Twilio, Inc. — telephony for the AI Voice Agent and SMS delivery of Apex's account- and booking-notification text messages to Client account holders, sent from Apex Automation's own registered A2P 10DLC sender. Receives the recipient phone number and message metadata. Apex does not share or sell mobile numbers or SMS consent information with Twilio or anyone else for marketing.
• Stripe, Inc. — payment processing + billing portal for your flat monthly subscription.
• Resend, Inc. — transactional email delivery (Client and end-customer mailings).
• Supabase, Inc. — Postgres database, authentication, storage (incl. voice call recording audio). Hosted in US (AWS us-east-1).
• Render Services, Inc. — application hosting (US).
• Cloudflare, Inc. — DNS for getapexautomation.com.
• OpenAI, L.L.C. — text embeddings used to search and enrich voice calls. Receives voice call transcript text. Embeddings only — not used for chat or generation.
• Sentry, Inc. — server-side error and performance monitoring. Receives stack traces, anonymous user IDs, and request paths when errors occur. Personal identifiers (emails, phone numbers) are stripped in our `beforeSend` hook before transmission.
• Meta Platforms, Inc. (Facebook Pixel) — conversion measurement on the public marketing pages at getapexautomation.com only (page views, sign-up clicks, checkout starts, completed purchases). The Pixel is not loaded inside the authenticated dashboard at app.getapexautomation.com.

Voice call recording. The AI Voice Agent records and transcribes the calls it answers so it can understand the caller, book the job, and produce a summary. Audio is stored in Supabase Storage (private bucket), transcribed by ElevenLabs, summarized by Anthropic Claude, and embedded for search by OpenAI. Callers are notified that the call is handled by an AI agent and recorded before the conversation begins. End customers may request deletion at any time by contacting the Client's business directly or by emailing support@getapexautomation.com; we propagate deletion within 24 hours. Recording laws vary by state and the legal responsibility for disclosure rests with the Client — see Section 7a of the Terms of Service.

A current list of sub-processors and a Data Processing Addendum (DPA) are available on request — email support@getapexautomation.com.

6. Cookies & Tracking

• Authentication cookies — set by Supabase to keep dashboard users logged in. Required.
• SessionStorage — used by our analytics tracker to give a stable visitor ID for the duration of a browser tab. Cleared when the tab closes. Not a cookie.
• Meta Pixel cookies — set on the public marketing pages at getapexautomation.com only (e.g. _fbp) for conversion measurement. Not set inside the authenticated dashboard. You can opt out via your browser's cookie controls or Meta's ad-preferences page.
• Cloudflare — security and bot-mitigation cookies on getapexautomation.com.

We do not use cross-site tracking or behavioral advertising cookies inside the authenticated dashboard at app.getapexautomation.com.

7. Your Rights

You have the following rights regarding your personal data:

• Access — request a copy of all personal data we hold about you.
• Correction — request that we correct inaccurate data.
• Deletion — request that we delete your account and all associated data.
• Portability — request your data in a machine-readable format (JSON).
• Opt-out — opt out of marketing emails at any time via the unsubscribe link in any email or your account preferences.

California (CCPA/CPRA) and EU (GDPR) residentshave additional rights including the right to know what categories of data we collect, the right to opt out of any "sale" or "sharing" (we don't sell or share for cross-context behavioral advertising), and the right to non-discrimination for exercising these rights.

For end-customer data: contact the Client directly (the business whose AI Voice Agent you spoke with). We will support the Client in honoring access/deletion requests forwarded to us within 30 days.

To exercise any right, email support@getapexautomation.comand we'll respond within 30 days.

8. Data Retention

• Active Client accounts — we retain data for as long as the account is active.
• Canceled/churned Client accounts — we retain data for 90 days after cancellation in case you reactivate, then permanently delete it. The AI Voice Agent and dashboard access are paused immediately on cancellation.
• Voice call audio recordings— the recorded audio of each call is automatically deleted 90 days after the call. The call's transcript and summary are kept after the audio is deleted (see the next item).
• End-customer call transcripts + booking data— call transcripts, summaries, and booking records are kept for the life of the Client's subscription (as long as we need them to provide the service). Clients may request earlier deletion on behalf of their customers, and end customers may request deletion at any time — see Section 5.
• Billing records — kept for 7 years for tax/accounting compliance.

9. Client Responsibility for End-Customer Disclosures

Apex provides each Client with an AI Voice Agent and tools that send transactional email to the Client's end customers. Clients are responsible for posting their own privacy notice on whatever website or surface they choose to advertise their phone number, disclosing the AI Voice Agent, the lead capture, and any third-party services they reference.

Clients are also responsible for ensuring their use of the AI Voice Agent complies with applicable law (including state-specific recording-consent rules — see Section 7a of the Terms — and CAN-SPAM rules for any email they cause Apex to send).

10. Mobile Messaging (SMS)

Apex Automation operates one text-messaging program, sent from Apex's own dedicated phone number registered under our A2P 10DLC sender:

• Who we text: the Client account holder (the shop owner who signs up) — never their end customers. End customers always receive booking confirmations and calendar invites by email, not SMS.
• What we send: account and booking notifications — for example, an instant text alert the moment the AI Voice Agent books a job, plus occasional account or service notices. These are transactional messages, not marketing.
• Opt-in: the account holder opts in by entering their mobile number and checking the consent box on the signup form. By providing the number they agree to receive these texts from Apex Automation.
• Message frequency varies and depends on how often jobs are booked.
• Message and data rates may apply, charged by the recipient's carrier, not Apex.
• Opt-out: reply STOP to any message to unsubscribe; reply HELP for help. We store the mobile number, message content, delivery status, and opt-out state only to operate the program and honor opt-outs.

We do not sell or share mobile phone numbers or SMS opt-in / consent information with any third parties or affiliates for marketing or promotional purposes. The only party that ever receives a mobile number for this program is our messaging carrier (Twilio), solely to deliver the message you asked to receive. SMS consent is collected and used for the account- and booking-notification program described above and for nothing else.

11. Security

We take reasonable security measures to protect data: encryption in transit (TLS 1.2+) and at rest, role-based access control, least-privilege database policies (Postgres RLS with admin SECURITY DEFINER helpers), audit logs, and regular security reviews. No system is 100% secure, but we follow industry best practices.

12. International Data Transfers

Our infrastructure is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer.

13. Children

The Service is not directed at children under 16, and we do not knowingly collect data from children. If we learn we have collected data from a child, we'll delete it.

14. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced via email to Client account holders at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

15. Contact

Questions, requests, or complaints about this Policy or your data:
Email: support@getapexautomation.com
Mailing address: GetApexAutomation LLC, 3395 Delaney Dr, Apt 303, Melbourne, FL 32934