DRAFT โ€” Pending legal review

Privacy Policy

Last updated: This document is a placeholder pending legal review before launch.

Note: This page is a structural placeholder. Final policy language will be drafted by counsel and reviewed for call-recording consent law (one-party vs. two-party states), HIPAA considerations for medical clients, and CCPA / CPRA requirements before public launch.

1. Overview

Swiftlee (โ€œwe,โ€ โ€œusโ€) provides bilingual phone answering services to small and growing businesses. This Privacy Policy explains how we collect, use, share, and protect information about our customers and their callers.

2. Information we collect

From customers signing up for Swiftlee, we collect:

  • Account details: name, email, company name, phone number, billing address
  • Payment information (processed by Stripe โ€” we never store full card numbers)
  • Business configuration: scripts, FAQs, escalation contacts, custom intake fields

From inbound callers to Swiftlee-managed numbers, we may collect:

  • Caller phone number (caller ID where available)
  • Call recording (where legally permitted โ€” see Section 6)
  • Transcript and structured intake data captured during the call
  • Any information the caller voluntarily provides during the call

3. How we use information

  • To provide the answering service to our customers
  • To deliver messages, recordings, and transcripts to the appropriate customer
  • To process billing and send service-related communications
  • To improve our service (in aggregate, non-identifiable form)
  • To comply with legal obligations

4. Third-party processors

We use the following sub-processors to deliver the service:

  • Stripe (payment processing)
  • Telnyx (voice and messaging telephony)
  • Supabase (database and authentication)
  • Cloudflare R2 (recording storage)
  • Resend (transactional email)
  • Vapi (AI voice agent infrastructure โ€” only for AI-tier customers)
  • Deepgram (post-call transcription)
  • Sentry (error monitoring)

5. Data retention

  • Call recordings: 90 days standard (configurable per plan)
  • Transcripts and call metadata: retained for the life of the account
  • Account data: retained for the life of the account, plus 30 days post-cancellation

6. Call recording consent

Call recording laws vary by state. Some states (e.g., California, Florida, Illinois) require all-party consent. Our default greeting includes consent language appropriate for two-party consent states. Customers operating in two-party consent states are responsible for ensuring their custom scripts also include appropriate consent language.

7. HIPAA notice

Swiftlee is not currently a HIPAA Business Associate. Healthcare customers should not provide Protected Health Information (PHI) until we've executed a BAA. HIPAA-tier availability is planned post-launch.

8. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or port your personal information. To exercise these rights, email privacy@getswiftlee.com.

9. Contact

Questions about this policy: privacy@getswiftlee.com