Privacy Policy — FoxTrove Voice

1. Introduction

FoxTrove Systems, Inc. (“FoxTrove,” “we,” “us,” or “our”) operates the FoxTrove Voice platform, including the website at voice.foxtrove.ai and all associated subdomains (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service.

2. Information We Collect

We collect the following categories of information when you use the Service:

Account Information: When you sign up, we collect your name, email address, business name, phone number, and billing information.
Call Data: Our AI voice agents process inbound and outbound phone calls on your behalf. We collect call recordings, transcripts, duration, caller phone numbers, and AI-generated summaries and analytics.
Customer Data: When callers interact with your AI agent, we collect their phone number, name (if provided), and the content of their conversation. This data is stored in your tenant workspace and is accessible only to you and your authorized team members.
Integration Data: When you connect third-party services (e.g., Jobber, HubSpot, Google Calendar), we store OAuth tokens and sync data as needed to provide the integration. We do not access more data than the scopes you authorize.
Usage Data: We collect standard analytics data including pages visited, features used, browser type, and IP address.

3. How We Use Your Information

To provide, operate, and maintain the Service
To process and complete transactions
To train and improve your AI agent based on your call data (your data is never used to train other tenants' agents)
To generate analytics and insights about your call performance
To derive aggregate, anonymized industry benchmarks (see “Aggregate Industry Data” below)
To send transactional notifications (call summaries, billing receipts)
To detect, prevent, and address technical issues and security threats
To comply with legal obligations

4. Aggregate Industry Data and Cross-Customer Learning

FoxTrove's optimization engine analyzes call outcomes across our platform to identify patterns that improve AI performance for all customers. This is strictly limited to anonymized, aggregate data and never involves sharing any customer's proprietary information with another customer.

What we collect at the aggregate level:

Call outcome patterns by industry (e.g., booking rates, average call duration, common call reasons)
Which AI response strategies lead to better outcomes (e.g., higher booking conversion, better caller satisfaction)
Seasonal trends and peak call patterns by industry vertical
General service category demand signals (not specific pricing, customer lists, or business details)

What is never shared or used across customers:

Call recordings, transcripts, or any verbatim conversation content
Caller names, phone numbers, email addresses, or any personally identifiable information
Your pricing, customer lists, business strategies, or proprietary knowledge base content
CRM data, invoices, account balances, or any data from connected integrations
Your AI agent's system prompt, custom instructions, or training data

In practice, this means if our system learns that a particular phrasing leads to 20% more bookings in the HVAC industry, that insight may be applied to improve other HVAC agents — but no specific call data, customer names, or business details are ever exposed. All cross-customer learning operates on statistical patterns derived from fully de-identified data.

You may opt out of aggregate data collection by contacting us at privacy@foxtrove.ai. Opting out will not affect your use of the Service but may limit the effectiveness of automated optimization features.

4. Call Recording and Consent

All inbound and outbound calls handled by FoxTrove Voice are recorded and transcribed
A disclosure is played at the beginning of every call informing the caller that the call may be recorded and that they are speaking with an AI assistant
FoxTrove applies all-party consent standards by default to comply with two-party consent state laws (California, Florida, Illinois, Pennsylvania, etc.)
Callers who do not wish to be recorded may hang up at any time
Call recordings are stored for 12 months and can be deleted upon request

5. SMS Communications

The Service may send SMS messages on behalf of businesses for appointment confirmations, reminders, and follow-ups
Message frequency varies based on service interactions
Standard message and data rates may apply
Recipients can opt out at any time by replying STOP
FoxTrove complies with TCPA and CTIA guidelines for SMS communications

6. AI Transparency

Callers interacting with FoxTrove Voice are informed at the beginning of each call that they are speaking with an AI assistant
AI-generated responses, summaries, and analytics may contain inaccuracies and should not be treated as professional advice
The Service uses AI models to generate responses, transcribe calls, and produce analytics. These models process call content in real time but do not retain it for model training
In compliance with the Colorado AI Act (SB 205), we disclose that our Service uses high-risk AI systems for consumer-facing interactions

7. Caller Verification and Security

Our Caller Identity Verification feature uses tiered security to protect your customers' sensitive information during phone calls. When a caller requests account details such as billing information or appointment changes, the AI verifies their identity by asking security questions (e.g., confirming the service address on file). Verification data is held in memory only for the duration of the call and is not persisted to any database.

8. Data Isolation and Multi-Tenancy

FoxTrove Voice is a multi-tenant platform. Each business account (tenant) has its own isolated data workspace enforced by Row-Level Security (RLS) at the database level. Your call recordings, transcripts, customer contacts, and CRM data are never accessible to other tenants. Administrative access is restricted to authorized FoxTrove personnel for support purposes only.

9. Third-Party Integrations

When you connect third-party services, data flows between FoxTrove and the connected service as needed to provide the integration. Each integration has configurable feature toggles that let you control exactly what data is shared. We store OAuth tokens securely and refresh them automatically. You can disconnect any integration at any time, which immediately revokes our access.

10. Sub-Processors and Service Providers

We use the following sub-processors to operate the Service:

VAPI Inc. — Voice AI infrastructure, real-time call processing
OpenAI — Transcription, language model responses, and embedding generation. Data sent via API with training opt-out enabled; your data is not used to train OpenAI models
Supabase (Singapore Pte. Ltd.) — Database hosting and authentication (US region)
Vercel Inc. — Application hosting and edge delivery
Stripe Inc. — Payment processing and subscription billing
Resend — Transactional email delivery (receipts, password resets, call summaries)
PostHog Inc. — Product analytics (page views, feature usage) for operating and improving the Service
Google LLC (Google Analytics & Google Ads) — Marketing website analytics and ad-measurement (conversion tracking for paid acquisition). Loaded only after you accept cookies via our consent banner.

All sub-processors are contractually bound to protect your data. We maintain an up-to-date list of sub-processors and will notify customers of material changes.

11. Data Retention

We retain your account data for as long as your account is active. Call recordings and transcripts are retained for 12 months by default, after which they are automatically deleted. You can request deletion of your data at any time by contacting us. When you delete your account, all associated data is permanently removed within 30 days.

12. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, secure OAuth token storage, and role-based access controls. Call recordings are stored in encrypted cloud storage. All API communications use HTTPS. We conduct regular security reviews of our infrastructure.

13. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Data portability
Withdraw consent at any time

To exercise any of these rights, contact us at privacy@foxtrove.ai.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: We do not sell or share personal information for cross-context behavioral advertising
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights
Right to Limit Use of Sensitive Personal Information: You may request that we limit use of sensitive PI to what is necessary to provide the Service

To exercise these rights, contact us at privacy@foxtrove.ai. We will respond within 45 days.

Categories of personal information we collect: Identifiers (name, email, phone), commercial information (subscription data), internet activity (usage logs), audio data (call recordings), geolocation (approximate, from IP), and inferences (AI-generated summaries).

15. Caller Privacy Notice

If you are a caller (not a FoxTrove business customer) whose call was handled by our AI:

Your call was recorded and transcribed as disclosed at the start of the call
Your phone number and conversation content are stored in the business's workspace
To request access to or deletion of your call data, contact the business directly or email privacy@foxtrove.ai with the business name, approximate date, and phone number used
We will facilitate your request with the business that operates the AI agent

16. Cookie Policy

We use cookies and similar technologies on our website:

Strictly Necessary: Authentication session cookies, CSRF tokens, and rate-limit cookies required for the Service to function. Always on.
Functional: Preferences and settings you configure (including your cookie-consent choice itself, stored in a first-party cookie_consent cookie for 365 days).
Analytics & Ad Measurement: Google Analytics, Google Ads conversion tracking, and PostHog product analytics. These only load after you click “Accept all” on our cookie banner. If you choose “Reject non-essential,” these are not loaded.

You can change your choice at any time by clearing the cookie_consent cookie in your browser — the banner will reappear on your next visit. You can also manage cookies through your browser settings. Disabling strictly necessary cookies may prevent you from using the Service.

17. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected customers within 30 days of confirming the breach, in compliance with Colorado law (CRS 6-1-716) and other applicable state breach notification laws. Notification will include the nature of the breach, the types of data affected, and steps you can take to protect yourself.

18. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

19. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

20. Contact Us

If you have questions about this Privacy Policy, please contact us at:
FoxTrove Systems, Inc.
PO Box [TBD]
Colorado, United States
Email: privacy@foxtrove.ai