⚠️ DRAFT — pending Florida-licensed counsel review
This document was drafted on 2026-04-26 from primary statutes (FL § 934.03, FL § 501.171/FIPA, CAN-SPAM, TCPA, GDPR Article 28) and industry-standard SaaS templates by a non-attorney. It has not been reviewed by a Florida-licensed attorney and is published here for transparency. Customers signing during the draft period are agreeing to the terms as stated, and we will notify them in writing if material changes occur after counsel review. Questions: legal@aifrontdesk.org.
Privacy policy
Last updated: 2026-04-26 · Version: 2026-04-26
AI FrontDesk is an AI receptionist service for small businesses, operated by Republic Publishing LLC ("we", "us"), a Florida limited liability company doing business as "AI FrontDesk." This policy covers both the web dashboard at aifrontdesk.org and the AI FrontDesk mobile app for iOS and Android. It also describes how we handle the data of people who call or text the phone line you connect to the Service.
When we process your callers' data, we do so as your processor under the Data Processing Addendum; the processing terms in that DPA control over this policy in the event of a conflict.
1. What we collect
From you (the business owner): your name, business name, email, phone number, timezone, business hours, service area, pricing notes, escalation rules, license number (if you choose to provide one), the AI receptionist phone number assigned to you, and the date and IP address at which you accepted our Terms. Payment-card information is handled by Stripe and never reaches our servers; we store only Stripe customer and subscription IDs.
From people who call or text your AI line: the caller's phone number, any name and address they volunteer, an audio recording of the call (after the audible recording disclosure plays), an AI-generated transcript, structured insights extracted from the conversation (intent, sentiment, urgency, summary), the booking metadata if a job is scheduled, and the content of any SMS we send or receive on your line.
From your device when you use the mobile app: the device push-notification token, the app version, the operating-system version, crash and error telemetry transmitted to Sentry, and the result of any biometric unlock attempt (the biometric data itself never leaves your device; we are only told whether the unlock succeeded).
From integrations you connect: if you connect Google Calendar, we store an OAuth refresh token (least-privilege scope: calendar events only), encrypted at rest, so we can create booking events on your calendar. You can revoke at any time from your Google Account or from Settings in the app.
2. How we use it
We use call, message, and booking data only to operate your AI receptionist — answer calls, qualify jobs, schedule bookings to your calendar, send confirmations, and escalate work the AI is not confident about. We use aggregate, de-identified performance data (e.g., median call duration per vertical) to improve the Service.
We do not sell, rent, or share for cross-context behavioral advertising any personal data of yours or your callers.
We do not use your call content or your callers' data to train any third-party foundation model. The LLM and STT providers we use (see §4) operate under zero-retention or short-retention contracts that exclude API content from their model training. Where a provider does not offer such terms, we do not use them in production.
3. Florida two-party consent for call recording
Florida is a two-party (all-party) consent state under Fla. Stat. § 934.03. Every call our AI answers begins with an audible recording disclosure before any audio is recorded. If the caller objects, the AI offers a recording-off path that retains only minimal call metadata (caller phone, time, duration) and discards transcripts beyond the consent moment.
The disclosure is hard-coded into the agent's system prompt and cannot be disabled by any configuration option you set. If you discover a way to disable it, please report it as a security issue to security@aifrontdesk.org; we will treat it as a P0 incident.
4. Sub-processors and the AI providers behind the Service
The full and current list of third parties that process data on our behalf is at aifrontdesk.org/subprocessors. The providers most directly handling caller content are:
- Telnyx — telephony, SMS, AI Voice Assistant runtime, knowledge-base storage. The Telnyx assistant runs the live conversation, including:
- LLM: currently
moonshotai/Kimi-K2.5(a Telnyx-native model running on Telnyx infrastructure under a no-train contract). When operationally necessary we may switch the LLM slot toanthropic/claude-haiku-4-5(Anthropic's zero-retention API). The current LLM is available on request. - Speech-to-text:
distil-whisper/distil-large-v2(open-weight model running on Telnyx infrastructure). - Text-to-speech:
Telnyx.KokoroTTS(open-weight Kokoro model running on Telnyx infrastructure).
- LLM: currently
- Nhost — managed Postgres + Hasura GraphQL + authentication; tenant-isolated source of truth for your business data.
- Stripe — your subscription billing and metered usage.
- Resend, Postmark — outbound transactional email (welcome series, billing notices, escalation digests).
- ImprovMX — inbound email forwarding for our operational mailboxes (support@, privacy@, etc.).
- Google — Calendar API for the booking integration; Google Workspace for the operational mailbox forwarding destination.
- Apple Push Notification Service / Expo push — push notifications to your phone when calls land or escalations need attention.
- Netlify — web and serverless function hosting.
- Sentry — application error tracking and crash reports.
- GitHub — encrypted off-platform disaster-recovery backups (a private repository owned by us).
5. Tenant isolation
Every record in our database is scoped by business_id. Hasura permission filters keyed to a JWT custom claim (x-hasura-business-id) enforce that any authenticated query you issue can only reach your tenant's rows. Administrative service-role access is restricted to webhook endpoints, scheduled cron jobs, and a small number of named human operators; every administrative action is recorded in an append-only audit log that you can read for your own business at any time.
6. Retention
| Data category | Default retention | Configurable? |
|---|---|---|
| Call audio recording | 12 months from call end, then permanent deletion | Yes — Settings → Retention |
| Call transcript and AI-extracted insights | 24 months from call end, then permanent deletion | Yes — Settings → Retention |
| Bookings and customer contact records | Life of your account + 12 months | Per-record deletion only |
| SMS message log | 24 months from send/receipt | Per-record deletion only |
| Audit log of administrative actions | 7 years (operational and dispute-evidence retention) | No |
| Encrypted disaster-recovery backups | Up to 90 days after deletion of the live data | No (automatic backup expiry) |
You can request earlier deletion of specific calls, customers, or your entire account at any time by emailing privacy@aifrontdesk.org. We will complete deletion from active systems within 30 days; data may persist in encrypted backups for up to an additional 90 days before automatic backup expiry.
7. Your rights — Florida residents
The Florida Information Protection Act (Fla. Stat. § 501.171) governs how we handle and notify about breaches of personal information about Florida residents. If a breach occurs that affects you, we will notify you by the means and within the timing FIPA requires — for individual notice, no later than 30 days after determination of the breach (with up to 15 additional days' extension on written good cause to the Florida Department of Legal Affairs).
8. Your rights — California residents (CCPA / CPRA)
AI FrontDesk does not currently meet the revenue or consumer-volume thresholds that make the California Consumer Privacy Act (as amended by the California Privacy Rights Act) directly applicable to us. We honor the substantive rights anyway, regardless of jurisdiction:
- Right to know. You can request a copy of the personal information we hold about you and the categories of sources, purposes, and recipients.
- Right to delete. You can request deletion of personal information we hold about you, subject to legal exceptions (e.g., information we are required to retain for tax or audit purposes).
- Right to correct. You can request correction of inaccurate personal information.
- Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of, but the right exists preemptively in case our practices ever change.
- Right to non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of service because you exercised a privacy right.
- Right to limit use of sensitive personal information. We do not collect categories CPRA defines as "sensitive" (no government IDs, no precise geolocation, no biometric data leaves your device, no health information beyond whatever a caller volunteers in conversation). To exercise: email privacy@aifrontdesk.org.
9. Your rights — EEA / UK / Switzerland residents (GDPR / UK GDPR)
The Service is operated from the United States. If you are located in the EEA, the United Kingdom, or Switzerland, transfers occur on the basis of the European Commission's Standard Contractual Clauses (Module 1: Controller to Controller, when we are independent controller of your account data; Module 2: Controller to Processor, when we process caller data on your behalf — see the DPA §8). You have the rights under GDPR Articles 15–22: access, rectification, erasure, restriction of processing, data portability, objection, and the right not to be subject to a decision based solely on automated processing. To exercise any of these, email privacy@aifrontdesk.org; we will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. We do not currently have an EU/UK establishment and have not appointed an Article 27 representative; if you are an EU/UK customer who needs a representative, contact us before signing up so we can address that requirement.
10. Children's privacy
AI FrontDesk is a business-to-business tool. The Service is not directed to children, and we do not knowingly collect personal information from anyone under 13 in a manner regulated by the Children's Online Privacy Protection Act (COPPA). If a parent or guardian believes their child has provided personal information to us via a call or text to a customer's AI FrontDesk line, please contact privacy@aifrontdesk.org and we will delete the data and any derived records within 30 days.
11. Security
Data in transit is encrypted with TLS 1.2 or newer. Data at rest is encrypted with AES-256 (or equivalent provided by our infrastructure providers). Access to production data is limited to a small number of named human operators, logged, and reviewed. We never store payment-card numbers — billing goes through Stripe Checkout, which tokenizes cards before any data reaches us. We send error and crash reports to Sentry; while we configure Sentry SDK scrubbing to remove obvious PII fields, incidental personal information may appear in stack-trace local state, and we treat that telemetry as operational data subject to the same retention windows.
12. Changes to this policy
When we materially change this policy, we will email the primary address on your account at least 14 days before the change takes effect, and we will bump the "Version" date at the top of this page. Continued use of the Service after the effective date constitutes acceptance.
13. Contact
Republic Publishing LLC, doing business as AI FrontDesk
Privacy contact: privacy@aifrontdesk.org
Security contact: security@aifrontdesk.org
Support: aifrontdesk.org/support
Postal address: as listed in the email footer of any communication from us