Privacy Policy

1. Introduction

NeighborStack LLC ("we," "us," or "our") operates an AI-powered communication platform that helps home service contractors manage inbound customer calls, texts, and web inquiries. This Privacy Policy explains how we collect, use, share, and protect information when you use our Service.

NeighborStack acts as a Data Processor for customer communications processed on behalf of contractors. Contractors who use our Service are the Data Controllers responsible for their customer relationships and data collection practices.

2. Information We Collect

2.1 Contractor Account Information

When contractors sign up, we collect:

• Business name, owner/manager name, and email address.
• Business phone number and service address.
• Payment and billing information (processed by our payment processor — we do not store full card numbers).
• Service offerings, pricing, service areas, FAQs, and business rules you configure.

2.2 End User Communications

When consumers contact contractors through our platform, we process:

• Voice Recordings: Phone conversations are recorded for AI analysis and service delivery.
• Phone Numbers: Caller phone numbers for identification and follow-up.
• Names and Contact Information: As provided by the caller during conversations.
• Service Requests: Details about requested services, property information, and scheduling preferences.
• SMS/Chat Content: Text messages and web chat transcripts.

2.3 Waitlist and Marketing Data

When you join our waitlist or interact with marketing pages, we collect:

• Email address and business name.
• Business type and referral source.
• UTM parameters and ad attribution data.
• Page interaction events (demo plays, calculator usage) for conversion optimization.

2.4 Technical Information

We automatically collect:

• IP addresses and approximate geolocation.
• Browser type, device type, and operating system.
• Usage patterns, page views, and feature interactions.
• Performance metrics and error logs.

3. How We Use Information

3.1 Service Delivery

• Processing customer communications through AI to answer calls, qualify leads, and provide quotes.
• Extracting lead information and delivering it to contractors.
• Generating conversation transcripts and performance analytics.

3.2 AI Processing

• Real-time Analysis: Customer communications are processed by AI in real time to understand intent, give quotes, and capture lead details.
• Service Improvement: We use aggregated, de-identified data to improve AI accuracy and platform performance.
• Quality Assurance: Conversations may be reviewed to diagnose issues and improve response quality.

3.3 Marketing and Analytics

• Sending transactional emails (lead notifications, account updates).
• Measuring ad campaign effectiveness through Meta Pixel and Google Analytics.
• Sending marketing communications to waitlist subscribers (with opt-out).

3.4 Legal and Security

• Fraud prevention and abuse detection.
• Compliance with legal obligations.
• Enforcing our Terms of Service.

4. AI Technology and Third-Party Data Processing

4.1 AI Providers

4.2 Telecommunications Provider

We use Twilio to handle phone calls and SMS messages. Twilio processes call audio, phone numbers, and message content in accordance with their privacy policy and our DPA.

4.3 AI Processing Limitations

AI processing may be inaccurate or incomplete. We cannot guarantee the accuracy of AI-extracted information. AI responses are generated automatically and may not always be contextually appropriate. See our Terms of Service for full AI disclaimers.

5. Information Sharing

5.1 With Contractors

Customer data (lead details, call recordings, transcripts) is shared with the specific contractor the customer contacted. Contractors control how they use this data for their business.

5.2 Service Providers

We share information with trusted third parties who help us operate:

• OpenAI: AI conversation processing.
• Twilio: Phone calls, SMS, and voice recording.
• SendGrid: Transactional and marketing email delivery.
• Vercel / Neon: Application hosting and database services.
• Stripe (or applicable processor): Payment processing.
• Meta / Google: Advertising measurement and conversion tracking.

5.3 Legal Requirements

We may disclose information when required by law, legal process, government request, or to protect the rights, safety, or property of NeighborStack, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5.5 No Sale of Personal Information

We do not sell personal information to third parties. We do not share personal information for cross-context behavioral advertising as defined under the California Consumer Privacy Act.

6. Cookies and Tracking Technologies

6.1 Cookies We Use

• Essential Cookies: Required for authentication, session management, and security.
• Analytics Cookies: Google Analytics to understand site usage (anonymized IP).
• Advertising Cookies: Meta Pixel for ad conversion measurement and retargeting.

6.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning properly. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout.

7. Data Security

7.1 Technical Safeguards

• Encryption in Transit: All data transmitted via HTTPS/TLS.
• Encryption at Rest: Sensitive data encrypted using AES-256.
• Access Controls: Role-based access with least-privilege principles.
• Authentication: JWT-based authentication with secure token management.

7.2 Breach Notification

In the event of a data breach affecting personal information, we will:

• Notify affected contractors within 72 hours of discovery.
• Notify affected individuals as required by applicable state and federal law.
• Report to relevant regulatory authorities as required.
• Take immediate steps to contain and remediate the breach.

8. Data Retention

• Voice Recordings: Retained for up to 2 years or as configured by the contractor, whichever is shorter.
• Conversation Transcripts: Retained while the contractor's account is active, plus 30 days after termination.
• Lead Data: Retained while the contractor's account is active.
• Account Data: Retained while account is active, plus 30 days post-cancellation for data export.
• Billing Records: Retained for 7 years as required for tax and accounting purposes.
• Waitlist Data: Retained until you unsubscribe or request deletion.

9. Your Rights

9.1 All Users

• Access: Request a copy of personal information we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your personal information.
• Opt-Out: Unsubscribe from marketing emails at any time.
• Data Export: Request your data in a portable format.

To exercise these rights, email privacy@neighborstack.com. We respond within 30 days.

9.2 End Users (Consumers)

If you contacted a contractor through our platform, you may exercise your rights by contacting the contractor directly or by emailing us at privacy@neighborstack.com. Since contractors are the Data Controllers for their customer data, we may direct your request to the appropriate contractor.

10. Call Recording

All inbound calls handled by the AI Assistant may be recorded. An automated disclosure is provided at the beginning of each call. Contractors are responsible for compliance with applicable call recording consent laws, including requirements in two-party consent jurisdictions. Recordings are stored securely and access is restricted to the contractor and authorized NeighborStack personnel.

11. Regional Privacy Rights

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and share.
• Delete your personal information (subject to exceptions).
• Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising.
• Non-Discrimination: We will not discriminate against you for exercising your rights.
• Correct inaccurate personal information.

To submit a request, email privacy@neighborstack.com with "CCPA Request" in the subject line. We will verify your identity before processing.

11.2 EU/EEA Residents (GDPR)

If you are in the EU/EEA:

• We process data under lawful bases: performance of a contract, legitimate interest, and consent.
• You have rights to access, rectification, erasure, restriction, portability, and objection.
• International data transfers to the US are covered by standard contractual clauses.
• You may lodge a complaint with your local Data Protection Authority.

11.3 Other Jurisdictions

If your jurisdiction provides additional privacy rights (Virginia CDPA, Colorado CPA, Connecticut CTDPA, etc.), we will honor applicable rights. Contact privacy@neighborstack.com for assistance.

12. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will promptly delete the information.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. For material changes, we will notify contractors via email at least 30 days before the changes take effect. The "Last Updated" date at the top indicates when the policy was last revised.

14. Contact Information

• Privacy Questions: privacy@neighborstack.com
• General Support: support@neighborstack.com
• Company: NeighborStack LLC, 633 W. Davis Street, #283, Dallas, TX 75208
• Response Time: We aim to respond to all privacy requests within 30 days.