Trust & your data
Last updated: July 10, 2026
This page is the plain-English version. The Privacy Policy is the formal one. If the two ever disagree, tell us — that is a bug, and we will fix it.
We do collect your data. That is the product.
Some companies open with “we don’t collect your data.” We can’t say that honestly. Answering your phone means hearing what your callers say, writing it down, and keeping it so you can read it later. The promise worth making isn’t about collection. It’s about use.
What we promise
- We never sell your data. Not to advertisers, not to data brokers, not to anyone.
- We never train AI on your business’s data. Not our own systems, and not the AI providers we send it to — their business terms say they don’t train on it, and we checked that language rather than assuming it.
- We never mix one customer’s data with another’s. Every question the software asks the database is scoped to a single business. Your dashboard cannot show you another business’s calls, and theirs cannot show them yours.
- We use your data to run your service, and for nothing else.
What we actually collect
- From your callers: their phone number, their name if they give it, what they need, and a written transcript of the conversation. We do not record the audio of the call.
- From you: your business details, your contacts, your bookings, and the settings that tell the AI how to answer.
- What the AI did: every action your assistant took for you, so you can read it back.
- Card numbers: never. Our payment processor handles those; they never touch our systems.
Where it lives, and who can see it
In an encrypted database on servers in the United States. The connections to it are encrypted, and the passwords and keys that link your calendar or inbox to us are encrypted before they are stored — the code refuses to save them any other way.
Two sets of eyes can reach your data: you, signed in to your dashboard, and us, as the people who run and repair the service. Nobody else. We look when we need to fix something or when you ask us for help.
How long we keep it
We keep the detailed activity — transcripts and the event-by-event history — for 90 days, then it is deleted automatically. We keep the summary of each call (who called, when, how long, whether it became a booking) for as long as you are a customer, because that is what your reports are built from. Our hosting provider keeps its own server logs for about a week.
That is a description of how the system works today, not a promise about tomorrow. If we ever change it, we will change this page.
Leaving, and taking your data with you
Export it. From your dashboard you can download your entire activity history as a spreadsheet, for any date range, whenever you want. You do not have to ask us.
Then delete it. Ask us to erase your business and we run a single command that deletes it: your calls, transcripts, contacts, bookings, messages, settings, and files. It also disconnects and revokes anything you connected — your calendar, your inbox, your payment account — and releases your phone number. Afterwards the command re-reads the database and checks that nothing survived, and it tells us if anything did.
Two things deliberately outlive the deletion, and we would rather tell you than be caught keeping them:
- If anyone ever replied STOP to one of your texts, we remember that phone number forever. Forgetting an opt-out because a business left is exactly how someone gets texted after they asked not to be. The law agrees with us on this one.
- We keep the record that you accepted our service agreement — who accepted it and when. It is our evidence that our arrangement existed, and the moment we would need it is the moment after you have gone.
And one honest caveat about backups. Deleting you removes you from our live systems immediately. Our database also keeps rolling backups so we can recover from a disaster; your data ages out of those on their normal schedule. We can’t reach into a backup to remove one business without destroying our ability to recover everyone else’s.
Who else touches your data
We are a small company standing on other companies’ infrastructure. Each of these does one job for us, is contractually limited to that job, and gets only what that job needs:
- Twilio carries the phone calls and text messages. The speech-to-text and text-to-speech that let the AI hear and speak happen inside Twilio’s system.
- Anthropic provides the AI that understands the conversation. If it is unavailable, the request fails over to OpenAI so your phone still gets answered.
- Render hosts the software and the database.
- Stripe processes payments and holds the card numbers we never see.
- Postmark delivers our email to you.
- Google and Microsoft, and Nylas which brokers the Gmail connection, but only for the accounts you choose to connect.
- Voyage AI reads the documents you upload, if you turn on the knowledge base.
If something goes wrong
We have a written plan for a security breach: contain it, work out exactly who and what was affected, tell the businesses affected in plain English, and notify the authorities Florida law requires us to. We will not send you a panicked notice about a problem we have not confirmed, and we will not sit on a confirmed one — the law gives us 30 days from the moment we determine a breach happened, and we intend to use far less.
What we are not
We are not SOC 2 certified. That audit costs tens of thousands of dollars, and at our size the honest substitute is this page: telling you exactly what we do, in words you can hold us to. We are also not set up for medical records or anything covered by HIPAA. If that is your business, we are not the right service yet, and we would rather say so than take your money.
Ask us
If anything here is unclear, or you want to know something this page doesn’t answer, ask. A question we can’t answer straight is a problem worth knowing about.
Remedy Automation LLC
Cape Coral, Florida, USA
Email: security@remedyautomation.com
© 2026 Remedy Automation LLC · Cape Coral, Florida