Privacy Policy

A. Information you provide directly

• Account information: name, email, password (managed by our authentication provider), business name, business type, owner name.
• Business profile: business address, phone, email, hours, service area, services offered, pricing notes, logo image.
• Customer/contact records entered by you: full name, business name, email, phone, address, status, notes.
• Appointments & scheduling: service addresses, dates and times, technician assignments, descriptions, notes.
• Invoices & payments: invoice amounts, line items, tax, status, and the contents of any notes you add.
• Communications: text-message templates, voice-receptionist scripts, FAQs, and review-request messages.

B. Information collected automatically

• Usage and device data: IP address, browser type, referring pages, timestamps, and similar log data when you use Visilence.
• Audit log: a record of sensitive actions (e.g., connecting/disconnecting a bank account, pushing an invoice to QuickBooks).
• Cookies and similar technologies (see Section 7).

C. Information from integrations you connect

• Google Calendar: when you connect your Google account, we read and write calendar events on your primary calendar to mirror Visilence appointments.
• Google Maps: we geocode service addresses and compute driving routes for the day’s appointments.
• Stripe: when you connect a Stripe account, we receive account status (charges enabled, payouts enabled), invoice payment events, and metadata necessary to issue payment links. We do not store full payment-card numbers.
• QuickBooks Online: when you connect QuickBooks, we read your customer and item lists and write invoices on your behalf.
• Plaid (bank & card sync, if enabled): when you connect a bank or credit card through Plaid, we receive transaction data (date, amount, merchant, category, account, pending status). We never see your bank login credentials.
• Twilio: phone numbers and SMS delivery status for messages we send on your behalf.
• Vapi: call recordings, transcripts, and metadata for inbound and outbound calls handled by the AI voice receptionist (when enabled).

D. End-customer information

Account holders enter information about their end customers (e.g., name, phone, email, address, appointment history) into Visilence. We process this information on behalf of the account holder. We do not contact end customers for our own marketing purposes. If you are an end customer and want to know what information is held about you, please contact the business that scheduled the service or texted you and they can update or delete your information through Visilence.

• Provide and operate Visilence’s features (scheduling, invoicing, calls, texts, route optimization, reports).
• Authenticate users and secure accounts.
• Process subscription payments and tenant billing.
• Send transactional emails (account-related notifications, invoice receipts, password resets).
• Send communications you configure to your customers (review requests, sick-day notices, appointment-related texts).
• Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
• Improve and develop the service, including aggregated, de-identified analytics.
• Comply with legal obligations.

We do not sell your personal information or your end customers’ personal information. We do not share phone numbers collected through Visilence with any third party for marketing, advertising, or other commercial purposes. See Section 5 for details.

We share information only in the following limited circumstances:

• Service providers / processors that help us run Visilence (see Section 4), under contracts that require them to protect your data.
• Integrations you connect — we share data with Google, Stripe, QuickBooks, Plaid, etc. only as needed to fulfill what you connected them for.
• Legal & safety — if required by law, valid legal process, or to protect the rights, property, or safety of Visilence, our users, or others.
• Business transfers — in a merger, acquisition, financing, or sale of assets, information may be transferred subject to standard confidentiality protections.
• With your consent for other purposes you specifically agree to.

We rely on the following third-party processors to operate Visilence. Each link points to that provider’s own privacy notice.

• Vercel — application hosting and edge delivery. vercel.com/legal/privacy-policy
• Supabase — database, file storage, authentication backing. supabase.com/privacy
• Clerk — user authentication. clerk.com/privacy
• Stripe — payment processing and subscription billing. stripe.com/privacy
• Twilio — SMS and voice number provisioning. twilio.com/legal/privacy
• Vapi — AI voice receptionist platform. vapi.ai/privacy
• Resend — transactional email delivery. resend.com/legal/privacy-policy
• Google (Calendar, Maps, OAuth) — calendar sync, geocoding, routing. policies.google.com/privacy
• Intuit / QuickBooks Online — accounting sync. intuit.com/privacy/statement
• Plaid — bank and card transaction sync (only if you enable it). plaid.com/legal
• Anthropic — AI language model used internally for tenant-triggered helpers. When you click “Extract from website” on the business profile, we fetch the public content of your saved website URL and send it to Anthropic’s API for analysis. When you click “Generate sample FAQs,” we send your business profile (name, services, hours, pricing notes) to Anthropic. Anthropic does not use API data to train their models and retains it for at most 30 days for abuse monitoring. anthropic.com/legal/privacy

We treat phone numbers as sensitive personal information. The following applies to phone numbers we collect from account holders at sign-up and to phone numbers of end customers that account holders enter into Visilence.

• We do not sell phone numbers. We do not share phone numbers with third parties for marketing, advertising, lead generation, or any commercial purpose unrelated to operating Visilence.
• No third-party data brokers. Phone numbers collected through Visilence are not made available to data brokers, affiliated companies, or any third party for their independent use.
• Limited processor sharing only. Phone numbers are shared only with the SMS and voice processors required to deliver a message or place a call you (or your configured automation) explicitly initiated — currently Twilio (SMS and voice transport) and Vapi (AI receptionist). These providers act as processors under written agreements and may use phone numbers only to perform the requested service.
• Account-holder SMS opt-in. When you provide a phone number during sign-up, you may opt in to receive SMS messages from Visilence for account alerts, billing notices, and service updates. Opt-in is captured as a timestamped record. You may opt out at any time by replying STOP to any of our messages, or by removing the phone number from your account.
• End-customer messages. Messages sent to your end customers (review requests, sick-day notifications, appointment confirmations, payment receipts) are sent by the account holder, not by Visilence for its own purposes. Replies of STOP, UNSUBSCRIBE, CANCEL, END, or QUIT to those messages cause us to mark the recipient as opted out for that account holder immediately.
• Mobile information confidentiality. No mobile information, including phone numbers, will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted; all other use case categories exclude text messaging originator opt-in data and consent.

Visilence accesses certain Google account data on your behalf when you choose to connect your Google account. This section describes that access comprehensively, in compliance with the Google API Services User Data Policy, including the Limited Use requirements for restricted scopes.

A. OAuth scopes we request

• openid — to identify your Google account.
• https://www.googleapis.com/auth/userinfo.email — to display the connected Google email in our dashboard so you can verify which Google account is linked.
• https://www.googleapis.com/auth/calendar.events — to read and write events on your primary Google Calendar so Visilence appointments stay in sync with Google Calendar.

We do not request any other Google OAuth scopes. We do not access Gmail, Google Drive, Google Contacts, Photos, or any other Google product data.

B. How we access Google user data

• Read. We query your primary calendar within the time windows needed to (i) check availability before booking an appointment and (ii) display upcoming events on the Visilence dashboard.
• Write (create). When an appointment is created in Visilence, we create a corresponding event on your primary calendar.
• Write (update). When an appointment is rescheduled or edited in Visilence, we update the linked event on your primary calendar.
• Write (delete). When an appointment is cancelled in Visilence, we delete the linked event from your primary calendar.

C. How we store Google user data

• Tokens. Google OAuth access and refresh tokens are stored in our Postgres database (operated by Supabase) and encrypted at rest with AES-256-GCM using a key held outside the database. Tokens are scoped to the Visilence tenant that authorized them and are never accessible to other tenants.
• Email address. The Google account email is stored so we can show you which Google account is connected and detect when a different Google account would be needed.
• Calendar events. We do not maintain a long-term cache of Google Calendar events. We query the API at the time of each operation (booking flow, dashboard render) and only persist event IDs needed to link a Visilence appointment back to its mirror event for later update or delete.

D. How we share Google user data

• We do not sell Google user data.
• We do not share Google user data with third parties other than the infrastructure providers strictly necessary to operate Visilence (database hosting via Supabase, application hosting via Vercel). Those providers act as processors under contract and have no independent right to use your data.
• We do not transfer Google user data for advertising, credit-worthiness scoring, lending, or any other purpose unrelated to the calendar-sync feature you connected.
• We do not use Google user data to train AI/ML models. No calendar data is sent to any AI provider for training purposes.
• Humans do not read your Google user data except (i) with your explicit consent, (ii) to debug a support issue you have specifically raised, (iii) for security investigations, or (iv) where required by law.

E. Limited Use compliance

Visilence’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

F. How to disconnect and delete

• From Visilence. Go to Dashboard → Business profile → Integrations → Google Calendar → Disconnect. When you disconnect, our stored access and refresh tokens for your Google account are deleted from our database immediately and we stop making API calls.
• From Google.You can revoke Visilence’s access at any time from your Google account at myaccount.google.com/permissions. Revoking through Google immediately invalidates our refresh token; our stored copy is cleared the next time we try to use it.
• Bulk deletion. To request deletion of all Google-related data we hold about you, email privacy@visilence.com.

We use cookies and similar technologies for the following purposes:

• Strictly necessary: session cookies that keep you signed in (set by Clerk).
• Functional: preferences such as the view you last used on the calendar.
• Security: anti-abuse and fraud detection.

We do not currently use third-party advertising cookies. Most browsers let you block or delete cookies; if you do, parts of Visilence may not work as intended.

We keep account-holder information for as long as your account is active and for a reasonable period afterward to handle disputes, comply with legal obligations, and enforce our agreements. End-customer information is retained for the same period at the direction of the account holder.

You can delete individual records (contacts, invoices, appointments) from within Visilence at any time. To delete an entire account or request bulk deletion of records, contact us at privacy@visilence.com.

We use industry-standard administrative, technical, and physical safeguards to protect information, including:

• Encryption in transit (HTTPS/TLS) for all traffic.
• Encryption at rest for sensitive bearer tokens — including Google OAuth tokens, QuickBooks Online tokens, and Plaid access tokens — using AES-256-GCM with a key separate from the database.
• Signed-URL access for private file attachments so customer photos can only be retrieved by an authenticated member of the owning tenant.
• Webhook signature verification for incoming payment, SMS, voice, and bank events.
• Audit logging of sensitive actions (bank connect/disconnect, expense push to QuickBooks, integration token rotation, and similar).
• Strict access controls and role-scoped credentials for our processors.

No system is perfectly secure. If we become aware of a data incident affecting your information, we will notify you and applicable regulators as required by law.

Depending on where you live, you may have the following rights:

• Access — request a copy of personal information we hold about you.
• Correction — ask us to correct inaccurate or incomplete information.
• Deletion — ask us to delete personal information.
• Portability — receive certain information in a portable format.
• Objection / restriction — object to or restrict certain processing.
• Withdraw consent — when we rely on consent, you may withdraw it at any time.

To exercise any of these rights, email privacy@visilence.com. We may need to verify your identity. You can also lodge a complaint with your local data-protection authority. For phone-number-specific opt-outs, see Section 5.

End customers: if you received a text from Visilence on behalf of a business, you may reply STOP to opt out of further SMS from that business. To exercise broader rights, contact the business directly; they control their customer list within Visilence.

If you are a California resident, the California Consumer Privacy Act (as amended) gives you specific rights regarding your personal information, including the rights described in Section 10 and the right not to be discriminated against for exercising those rights.

We do not sell or share personal information for cross-context behavioral advertising. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

Visilence is not currently a “business” subject to the CCPA threshold tests, but we provide these rights to all users as a best practice. Counsel should confirm the appropriate disclosures for your specific operations.

Visilence is operated in the United States. If you access the service from outside the U.S., you understand that your information will be transferred to, stored, and processed in the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

Visilence is intended for use by businesses and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us and we will delete it.

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by updating the “Last updated” date above and, where appropriate, by email or an in-app notification). Continued use of Visilence after the changes take effect constitutes acceptance of the updated policy.

Questions, requests, or concerns about this Privacy Policy can be directed to:

Visilence
privacy@visilence.com