Privacy Policy

1. Introduction

Hexnut.ai ("Hexnut," "we," "us," "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://hexnut.ai and use our AI-powered phone system services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

This Privacy Policy applies to all users of our Services, including website visitors, trial users, and paying customers.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use our Services, and information from third-party sources.

2.1 Information You Provide to Us

Account Information: When you create an account or subscribe to our Services, we collect:

• Full name (first and last name)
• Email address
• Phone number
• Business name and information
• Billing address
• Payment information (processed securely through Stripe)

Customer Data and Call Information: When you use our AI phone system, we collect and process:

• Call recordings and transcriptions
• Caller information (phone numbers, names, inquiries)
• Appointment and scheduling data
• Customer interaction history
• Business calendar and availability information
• Custom scripts and business rules you configure

Communications: When you contact us or communicate with our support team, we collect:

• Your name and contact information
• Contents of your messages and communications
• Support ticket information and correspondence
• Feedback, reviews, and survey responses

2.2 Information We Collect Automatically

Usage Information: When you use our Services, we automatically collect:

• IP address and device identifiers
• Browser type and version
• Operating system information
• Pages visited and time spent on pages
• Click-through and navigation patterns
• Referring website addresses
• Date and time of visits

Service Analytics: We collect data about your use of our AI phone system, including:

• Call volume and frequency
• Call duration and outcomes
• Appointment booking rates and patterns
• Feature usage and engagement metrics
• System performance and error logs

2.3 Information from Third Parties

We may receive information about you from third-party services and integrations, including:

• GoHighLevel: CRM data, contact information, marketing automation data
• Calendar Services: Appointment data from Google Calendar, Microsoft Outlook, and other calendar platforms
• Vapi: Voice AI infrastructure data and call processing information
• Stripe: Payment processing and billing information
• Analytics Providers: Website behavior and performance data

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Improve Our Services

• Operate and maintain our AI phone system
• Process and manage your account and subscriptions
• Handle incoming calls and messages on your behalf
• Schedule appointments and manage your calendar
• Provide call transcriptions and recordings
• Qualify leads and capture customer information
• Integrate with your existing business tools and systems
• Improve AI accuracy and performance
• Develop new features and functionality

3.2 To Communicate with You

• Send you service-related notifications and updates
• Respond to your inquiries and provide customer support
• Send billing statements and payment confirmations
• Provide onboarding assistance and training
• Request feedback and conduct satisfaction surveys
• Send marketing communications (with your consent)

3.3 For Business Operations

• Process payments and prevent fraud
• Enforce our Terms of Service and policies
• Comply with legal obligations and regulations
• Protect against security threats and abuse
• Conduct internal research and analytics
• Monitor and improve service quality

3.4 With Your Consent

• For purposes you specifically authorize
• To share testimonials or case studies (with your permission)
• For marketing purposes where consent is required by law

4. How We Share Your Information

We do not sell, rent, or lease your personal information to third parties. We may share your information in the following circumstances:

4.1 Service Providers and Partners

We share information with trusted third-party service providers who perform services on our behalf, including:

• Vapi: Voice AI infrastructure and call processing
• GoHighLevel: CRM integration and data synchronization
• Stripe: Payment processing and billing
• Calendar Providers: Appointment scheduling and calendar management
• Cloud Hosting Providers: Data storage and infrastructure
• Analytics Services: Website and service usage analysis
• Customer Support Tools: Support ticket management and communications

These service providers are contractually obligated to use your information only for the purpose of providing services to us and are required to maintain appropriate security measures.

4.2 Business Transfers

If Hexnut is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

• Comply with legal obligations, court orders, or subpoenas
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public
• Protect against legal liability

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you for research, marketing, analytics, or other purposes.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5.1 Security Measures

• Encryption: We use SSL/TLS encryption for data in transit and encryption at rest for sensitive data
• Access Controls: Role-based access controls and authentication requirements
• Secure Infrastructure: Industry-standard cloud hosting with security certifications
• Regular Audits: Periodic security assessments and vulnerability testing
• Employee Training: Regular security awareness training for our team
• Incident Response: Procedures for detecting and responding to security incidents

5.2 Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Account Information: Retained while your account is active and for a reasonable period after cancellation
• Call Recordings: Stored according to your preferences and legal requirements (typically 30-90 days)
• Billing Records: Retained for at least 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion
• Support Communications: Retained for reference and quality improvement purposes

5.3 Data Security Limitations

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You acknowledge that you provide information at your own risk.

6. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information.

6.1 General Rights

You have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Portability: Request a copy of your data in a machine-readable format
• Objection: Object to certain processing of your information
• Restriction: Request limitation of how we use your information
• Opt-Out: Unsubscribe from marketing communications at any time

6.2 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights
• Right to correct inaccurate personal information
• Right to limit use and disclosure of sensitive personal information

6.3 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

6.4 Exercising Your Rights

To exercise any of these rights, please contact us at hi@hexnut.ai or (641) 466-4689. We will respond to your request within the timeframe required by applicable law (typically 30-45 days).

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to personalize your experience.

7.1 Types of Cookies We Use

• Essential Cookies: Required for the website to function properly (login, security)
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track your visit across websites to show relevant ads (with consent)

7.2 Your Cookie Choices

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies if you prefer. However, this may prevent you from taking full advantage of our Services.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

8. Third-Party Services and Integrations

Our Services integrate with third-party platforms and services. This Privacy Policy does not apply to third-party websites, applications, or services.

8.1 Third-Party Privacy Policies

We encourage you to review the privacy policies of third-party services you connect with Hexnut:

• GoHighLevel: CRM and marketing automation platform
• Vapi: Voice AI infrastructure provider
• Stripe: Payment processing services
• Google Calendar, Microsoft Outlook: Calendar integration services

We are not responsible for the privacy practices of these third-party services.

8.2 Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party sites you visit.

9. Call Recording and Consent

Our Services include call recording functionality for quality assurance, training, and legal compliance purposes.

9.1 Your Responsibilities

Important: You are solely responsible for complying with all applicable laws regarding call recording and obtaining necessary consent from individuals whose calls are recorded.

• You must ensure compliance with federal and state wiretapping laws
• You must obtain proper consent for call recording in your jurisdiction
• You must provide appropriate disclosure notices to callers
• We provide tools to facilitate consent notifications, but legal compliance is your responsibility

9.2 Our Use of Call Recordings

We may use call recordings to:

• Improve AI accuracy and natural language processing
• Provide customer support and troubleshooting
• Train and enhance our AI models (aggregated and anonymized)
• Comply with legal obligations and defend legal claims

Call recordings are stored securely and access is restricted to authorized personnel only.

10. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hi@hexnut.ai. We will take steps to delete such information from our systems.

11. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside the United States and choose to use our Services, your information will be transferred to the United States and processed there. By using our Services, you consent to the transfer of your information to the United States.

We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable law, regardless of where it is processed.

12. Do Not Track Signals

Some web browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. We do not currently respond to Do Not Track signals.

13. Marketing Communications

We may send you marketing communications about our Services, special offers, and industry news if you have consented to receive such communications.

13.1 Opting Out

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at hi@hexnut.ai
• Updating your preferences in your account settings

Please note that even if you opt out of marketing communications, we will still send you service-related notifications (e.g., billing statements, account alerts, service updates).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.1 Notice of Changes

We will notify you of material changes to this Privacy Policy by:

• Posting the updated Privacy Policy on this page with a new effective date
• Sending an email notification to the address associated with your account
• Displaying a prominent notice on our website

14.2 Your Acceptance

Your continued use of the Services after changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

For material changes that significantly impact your rights, we will provide at least 30 days' notice before the changes take effect.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: