Privacy Policy

Who we are & our two roles

Sayvine, operated by [Legal Entity Name] (“Sayvine,” “we,” “us”), provides the Sayvine platform — AI front-desk and business-management software for local service businesses. This policy explains how we handle personal data.

We act in two different roles. (1) As a controller, for data about people who visit our website, contact us, or sign up for and administer a Sayvine account (our customers — “Subscribers”). (2) As a processor, for the personal data a Subscriber stores in the platform about its own customers, patients, and staff (“Guests”). When we act as a processor, the Subscriber is the controller, their privacy notice applies to those individuals, and our agreement with them (and any Data Processing Addendum) governs our handling of that data — if you are a Guest, please contact the business you interact with to exercise your rights.

Data we collect as a controller

• Account & contact data you provide — name, business name, email, phone, address, role.
• Billing data — plan, transactions, and limited payment references; card details are handled by our payment processor (Stripe) and are not stored by us.
• Usage, device & log data — IP address, device/browser info, pages viewed, and actions in the Service, collected automatically (including via cookies on our marketing website).
• Communications — messages, demo/contact requests, and support interactions; we may record calls where permitted and disclosed.

Data we process on behalf of Subscribers (Guest & staff data)

To deliver the Service, we process data Subscribers put into the platform about their Guests and staff, which may include:

• Identity & contact: name, phone, email, address; appointment/visit history, notes, and preferences.
• Communications: SMS, WhatsApp, web-chat, and phone-call content handled by the AI assistants on the Subscriber’s behalf.
• Payment references only: card brand and last four digits and processor tokens. Full card numbers, CVV, and bank-account numbers are entered only on the payment processor’s (Square) secure page — they are never collected or stored by Sayvine, and our assistants are built to never ask for them (we also automatically redact any card-like number a customer types into chat/SMS before it is stored or shown to the AI).
• Health information (clinical verticals only): if a Subscriber uses clinical charting features for protected health information (PHI), that data is processed under a Business Associate Agreement (BAA); Subscribers must not upload PHI without one.
• Staff data: the Subscriber’s employees/contractors — name, contact, role, schedule, and limited compensation references.

How we use data & legal bases

• Provide, operate, secure, and support the Service (answer calls/messages, take bookings, send reminders, run operations) — to perform our contract.
• Bill and manage subscriptions — to perform our contract and comply with law.
• Power AI features — relevant content is sent to our AI/voice providers to generate assistant responses (see Subprocessors).
• Improve and analyze the Service, including de-identified and aggregated analytics and anonymized cross-business benchmarks that do not identify you, your business, or your Guests — our legitimate interests.
• Market our products to Subscribers/prospects (you can opt out) — consent or legitimate interests.
• Meet legal obligations and protect against fraud, abuse, and security threats.

We do not sell your personal data

We do not sell personal data, and we do not “share” it for cross-context behavioral advertising. We do not use Guest data to train third-party foundation models, and AI providers act as our subprocessors under contract — they do not use the data to train their general models.

Mobile/SMS opt-in consent is never shared with third parties or affiliates for their own marketing.

Who we share data with

• Subprocessors that help run the Service (data only to provide their service to us): Anthropic (AI models), Vapi, Deepgram, ElevenLabs (voice), Twilio and Meta (SMS/WhatsApp/calls), Square (consumer payments), Stripe (subscription billing), and our cloud, database, and infrastructure providers. A current subprocessor list is available on request.
• The Subscriber you are affiliated with (for account verification, support, and security).
• Professional advisors, and authorities, courts, or regulators where required by law or to protect rights and safety.
• A successor in a merger, acquisition, or asset sale, subject to this policy and applicable law.

Security

We use administrative, technical, and physical safeguards appropriate to the data, including encryption in transit, tenant isolation (row-level data separation between businesses), access controls, and audit logging. No method of transmission or storage is 100% secure, but we work to protect your data and to notify as required if an incident occurs.

International data transfers

We may process and store data in the United States and other countries that may have different data-protection laws than where you live. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses) and take steps to ensure an adequate level of protection.

Retention

We keep personal data while your account is active and as needed for the purposes described here, or longer where required for legal, tax, accounting, dispute, or security reasons. Subscribers can export data anytime; after account termination, data is deleted or anonymized following the period described in our Terms, except where retention is legally required.

Cookies & tracking

Our marketing website uses cookies and similar technologies for essential functionality, analytics, and to improve your experience. You can control cookies through your browser; blocking some may affect site features. We do not currently respond to browser “Do Not Track” signals.

Marketing & messaging choices

• Email: unsubscribe via the link in any marketing email. You may still receive service/account messages.
• SMS: reply STOP to opt out at any time and START to opt back in. You may still receive transactional messages tied to your account.

Your privacy rights

Depending on where you live (e.g., under GDPR/UK GDPR and US state laws such as the CCPA/CPRA), you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent or appeal a decision. We will not discriminate against you for exercising these rights.

To exercise rights for data we control, contact us at [connect@sayvine.com]. If your data was provided to us by a Subscriber (i.e., you are a Guest or staff member of a business that uses Sayvine), please contact that business directly — we act on their instructions and will support them in responding. We may need to verify your identity before acting.

California disclosures

We do not sell personal information or share it for cross-context behavioral advertising. We disclose categories of personal data (identifiers, commercial information, internet activity, limited financial references, professional/employment information, and inferences) to service providers for business purposes as described above. Job applicants and business contacts acting for another business are handled separately. California residents may exercise the rights described in “Your privacy rights.”

Children

The Service is for businesses and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We will post the updated version here and, for material changes, provide notice (and seek consent where required by law).

Contact

Questions or requests: [connect@sayvine.com]. Postal: [Legal Entity Name, mailing address]. See also our Terms of Service.