Privacy
Privacy Policy
Effective date: July 10, 2026
This policy explains what PennyReply collects and how that information is used to run the AI receptionist, website widget, phone workflows, lead records, booking workflows, and owner dashboard.
Information We Collect
Account information: name, email address, password credentials handled by the authentication provider, company details, role, and workspace preferences.
Business setup information: services, prices, add-ons, FAQs, hours, booking rules, service areas, policies, review links, calendar settings, phone setup, widget settings, AI settings, and handoff rules.
Customer lead information: customer name, phone, email, message content, requested service, preferred time, location details, lead source, conversation status, lead score, and notes created by the business or AI workflow.
Phone and messaging information: inbound SMS content, missed-call events, sender and recipient phone numbers, opt-in or opt-out status, message status, timestamps, and provider identifiers needed to operate the service.
Usage and billing information: plan, usage counters, checkout status, invoices, feature access checks, and payment records handled by payment providers.
How We Use Information
We use information to run the AI receptionist, create and update leads, save conversations, answer from approved business rules, support booking flows, route handoffs, measure usage, prevent abuse, provide support, and improve product reliability.
Customer messages may be processed by AI systems to normalize typos, detect intent, extract fields, score leads, draft replies, and decide whether a clarifying question or human handoff is safer.
Original customer messages are preserved in conversation history. Normalized interpretations and AI metadata may be stored separately so business owners can review how the AI understood the message.
AI and Third-Party Providers
PennyReply may use infrastructure and service providers such as Supabase, Vercel, Twilio, Stripe, Google Calendar, Gemini, OpenAI-compatible AI providers, website import tools, analytics providers, and email providers.
We share information with these providers only as needed to operate the product, process payments, send messages, connect calendars, host the application, analyze usage, or provide support.
Business owners should not put payment card numbers, health information, legal advice requests, sensitive identity documents, or other regulated data into customer conversations unless they have confirmed the proper compliance setup is in place.
SMS, Calls, and Customer Consent
PennyReply supports operational messages such as missed-call text back, customer replies, booking updates, follow-ups, and review requests. Business owners are responsible for having proper permission to contact customers.
Customers can reply STOP to opt out of SMS replies and HELP for help where SMS is enabled. Opt-out status should be honored before sending future messages.
Message and data rates may apply for SMS depending on the customer's mobile carrier and plan.
Data Retention
We keep account, business setup, lead, conversation, usage, and billing records while they are needed to provide the service, maintain business records, resolve disputes, prevent abuse, and comply with legal obligations.
Some third-party providers may retain logs under their own retention policies. For example, telecom providers may retain message records for a period of time even if records are removed from PennyReply.
Security
We use reasonable technical and organizational safeguards to protect data, including hosted infrastructure, access controls, environment variable separation, and service-role credentials that are not exposed to the public website.
No internet service can guarantee perfect security. Business owners should use strong passwords, limit staff access, and avoid sharing sensitive credentials in messages or setup notes.
Your Choices and Requests
Customers can ask the business they contacted to update or delete lead information. Business owners can request workspace data help by contacting support@pennyreply.com.
Privacy, access, deletion, or data handling questions can be sent to privacy@pennyreply.com. We may need to verify the request before taking action.
Children
PennyReply is built for businesses and is not intended for children under 13. Do not use PennyReply to knowingly collect information from children.
Updates
We may update this policy as the product, providers, or legal requirements change. The effective date will show when the policy was last updated.