Privacy

Effective May 14, 2026. Last updated May 14, 2026.

Plain English: your customer data is yours. We don't sell it. We don't share it. We don't use it to make a smarter version of ourselves we'll sell to your competitor. Here's the full picture.

What we collect

• Business and account information you give us during signup — name, email, business name, phone number, address, billing details.
• Call recordings and transcripts for calls handled by your WorkHand employee — this is the data your employee needs to do its job.
• Caller information — caller phone number (caller ID), anything they say during the call, anything they ask us to do (appointment time, address for the visit, equipment description).
• Integration data you authorize — when you connect a calendar or field-service tool, we receive only what's needed for the skills you've enabled. You authorize the connection; you can revoke it.
• Operational telemetry — when WorkHand is up, when it errors, how long the AI took to answer. Not connected to specific caller content.

How we use it

• To run your AI employee — answer calls, book appointments, page your on-call tech, log everything you can see in your dashboard.
• To bill you. (Stripe handles your card; we never see your card number.)
• To send you transactional email — magic-link sign-ins, billing receipts, outage notices, critical alerts.
• To improve WorkHand for you — error patterns from your account inform fixes for your account. Not aggregated, not cross-trained.

What we do not do

• We do not sell your data. Not to data brokers, not to advertisers, not to anyone. Ever.
• We do not share your data with other WorkHand customers. Your account's data stays your account's data.
• We do not train models on your data that we then sell to anyone else. No cross-customer training pipelines.
• We do not send marketing email to your callers. Their phone numbers are operational data for your dashboard, not a list for us to remarket.
• We do not write to integrated systems unless you turned it on. Read-only by default. Write access requires explicit per-skill enable.

How we keep these promises

The guarantees above are what we commit to. How we enforce them inside our infrastructure — the specific isolation mechanisms, encryption schemes, and audit pipelines — is ours to choose and improve over time. What we commit to you, in writing, is the guarantees themselves: your data is isolated from other customers' data, your integrations are revocable from the vendor whose system holds them, and any access we have is scoped to what your enabled skills actually need.

Subprocessors

To run WorkHand, we use a small number of well-known vendors. Each one is contractually required to handle your data with at least the same care we promise here:

• Twilio & Telnyx — phone numbers, call routing, SMS delivery.
• Google (Gemini Live API) — voice AI runtime that powers the conversation.
• Google (Calendar API) — calendar reads and writes for accounts that connect Google Calendar.
• Jobber — for accounts that connect Jobber as their field-service system.
• Stripe — billing and payments. We never store your card number.
• Postmark — transactional email (magic links, billing receipts).
• Fly.io — application hosting.
• PostHog — product analytics on the website (not on your call data).

If we add a meaningful new subprocessor, this list updates and active customers get a notification.

Cancellation and deletion

When you cancel:

1. Your AI employee stops answering calls and your number forwards back to wherever it pointed before (or whatever you specify).
2. Your dashboard remains accessible for 30 days so you can pull anything you want. Email us and we'll help you get a copy of your call data, transcripts, and configuration.
3. After 30 days, we purge your call recordings, transcripts, customer records, and configuration from our active systems. Backups roll out within a further 60 days.
4. Aggregated, anonymized operational metrics (e.g., "outage on May 14 affected N accounts") may be retained — they don't identify you or your callers.

Your callers' rights

When someone calls your business and our AI answers, we treat that caller's data with the same care:

• Calls are recorded for service operation and to create the transcripts and summaries in your dashboard. Pennsylvania is an all-party-consent state, which means callers must be informed about recording before it begins — our AI agent discloses recording (for service operation and training) in its opening greeting on every call, before asking how it can help. If a caller objects to recording, the agent acknowledges and the call can still proceed.
• Caller phone numbers and call content are operational data for your business, not a marketing list for anyone else.
• If a caller asks for their data to be deleted or exported, email us — we'll help you handle the request consistent with your obligations.

Security incidents

If we ever experience a security incident affecting your data, we will notify you by email promptly after discovery, tell you what we know, and tell you what we're doing about it. Then keep telling you until it's resolved.

Questions, access, deletion

For any privacy question, data-access request, or deletion request, email jeffdeville@gmail.com. Mark the subject "Privacy" and we'll respond within 5 business days.

Last updated May 14, 2026. See also: Terms.