Privacy policy

Last updated: November 20, 2025

This privacy policy explains how CrewRelay collects, uses, stores, and protects your personal information when you use our AI-powered phone answering and SMS notification service.

      Quick summary: We collect only what's necessary to provide our service (phone numbers, call recordings, SMS delivery data). We don't sell your data. We keep conversation recordings for 90 days then delete them. You can request deletion anytime.
    

1. Information we collect

1.1 Information you provide directly

Business customers (account holders):

Business name and contact information
Billing information (processed securely by Stripe, we don't store credit cards)
Staff member names, phone numbers, and email addresses
Class schedules, location details, and business hours

End users (your customers):

Phone numbers (when they call or when provided for booking)
Names (when provided during booking)
Appointment preferences and booking details

1.2 Information collected automatically

Phone call data:

Call recordings and transcripts (stored for 90 days)
Call duration, date, and time
Caller phone number (caller ID)
Conversation summaries generated by AI

SMS messaging data:

Phone numbers (sender and recipient)
Message content (for customer support and delivery confirmation)
Delivery status (sent, delivered, failed)
Opt-in and opt-out preferences
Message timestamps

Usage data:

Voice minutes used per location
SMS messages sent per location
Login activity (staff and owners)
Feature usage and system interactions

Technical data:

IP addresses (for security and fraud prevention)
Browser type and version (for web app access)
Device information (mobile vs desktop)
Session data (for maintaining logged-in state)

2. How we use your information

2.1 To provide our service

Answer phone calls using AI and route them appropriately
Book trial classes and private lessons automatically
Send SMS confirmations and reminders
Allow staff to view schedules and manage availability
Enable owners to monitor calls and view analytics
Process billing and manage accounts

2.2 SMS-specific uses

We use SMS data to:

Send transactional messages - Appointment confirmations, reminders, schedule changes
Send authentication codes - One-time codes for secure login
Send operational alerts - Usage warnings, system notifications (owners/staff only)
Process opt-outs - Honor STOP requests immediately
Provide support - Troubleshoot delivery issues or answer questions
Track usage - Calculate billing for SMS overages

We do NOT:

Sell your phone number to third parties
Send marketing messages without separate consent
Share SMS content except with Twilio (our messaging provider)
Use phone numbers for purposes unrelated to our service

2.3 To improve our service

Analyze conversation patterns to improve AI responses
Identify and fix technical issues
Understand usage patterns and optimize performance
Develop new features based on customer needs

Note: All AI training uses anonymized data. We remove identifying information before using conversations for AI improvement.

2.4 For security and fraud prevention

Detect and prevent unauthorized account access
Identify and block spam or abusive calling patterns
Monitor for unusual usage that may indicate fraud
Comply with legal obligations and law enforcement requests

3. How we share your information

3.1 Service providers

We share data with trusted third-party providers who help us operate:

Vapi - AI voice call handling (conversation recordings, transcripts)
Anthropic (Claude AI) - Natural language processing (anonymized conversation data)
Twilio - Phone numbers and SMS delivery (phone numbers, message content, delivery status)
Stripe - Payment processing (billing information, we never see full credit card numbers)
Railway - Cloud hosting (all data is encrypted at rest)
Vercel - Web app hosting (session data, IP addresses)

All providers are contractually required to protect your data and use it only for providing services to CrewRelay.

3.2 Business transfers

If CrewRelay is acquired or merged with another company, your information may be transferred to the new owner. We'll notify you before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal requirements

We may disclose your information if required by law or in response to valid legal requests (subpoenas, court orders, or government demands).

3.4 With your consent

We may share your information with other parties when you explicitly consent to such sharing.

We never sell your personal information to third parties. Period.

4. Data retention

4.1 Conversation recordings

Call recordings and transcripts are automatically deleted 90 days after the call. This retention period allows:

Reviewing conversations for quality assurance
Resolving customer disputes or questions
Training AI to improve responses

After 90 days, recordings are permanently deleted and cannot be recovered.

4.2 SMS messages

SMS message content is retained for 90 days for customer support and delivery verification. After 90 days, message content is deleted. We retain delivery metadata (phone number, timestamp, delivery status) for 24 months for billing and compliance purposes.

4.3 Account data

Account information (business details, staff contacts, schedules) is retained for the duration of your subscription plus:

60 days after cancellation - Full data retention for potential reactivation
7 years after cancellation - Billing records only (legal requirement)

4.4 Opt-out records

If you opt out of SMS messages, we retain your phone number and opt-out preference indefinitely to ensure we never message you again. This is required by law.

5. Data security

5.1 Security measures

We implement industry-standard security measures to protect your data:

Encryption - All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access controls - Role-based access limits who can view data
Authentication - Multi-factor authentication for staff accounts
Monitoring - 24/7 security monitoring and intrusion detection
Regular audits - Quarterly security reviews and penetration testing
Secure development - Code reviews, vulnerability scanning, and secure coding practices

5.2 Data breach notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify you within 72 hours of discovering the breach
Explain what data was affected
Describe steps we're taking to address the breach
Provide recommendations to protect yourself

6. Your privacy rights

6.1 Right to access

You can request a copy of all personal information we have about you. We'll provide this within 30 days in a portable format (CSV or JSON).

6.2 Right to correction

You can update inaccurate information through your account dashboard or by contacting support.

6.3 Right to deletion

You can request deletion of your personal information. We'll delete it within 30 days, except:

Billing records (retained 7 years for legal compliance)
Opt-out records (retained indefinitely to honor your preferences)
Anonymized data used for AI training (cannot be re-identified)

6.4 Right to opt out of SMS

Reply STOP to any message or update preferences in your account. Opt-out is immediate.

6.5 Right to portability

You can request your data in a machine-readable format to transfer to another service.

6.6 How to exercise your rights

Email privacy@crewrelay.ai with your request. Include:

Your business name or phone number
Specific right you're exercising
Verification of your identity (we'll send a confirmation code to your registered phone/email)

We'll respond within 30 days.

7. Children's privacy

CrewRelay is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover we've collected such information, we'll delete it immediately.

Parents/guardians: If you believe your child has provided us with personal information, contact privacy@crewrelay.ai.

8. California privacy rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to know - What personal information we collect and how we use it
Right to delete - Request deletion of personal information
Right to opt out of sale - We don't sell personal information, so this doesn't apply
Right to non-discrimination - We won't discriminate against you for exercising these rights

To exercise these rights, email privacy@crewrelay.ai or call the phone number listed on our website.

9. International data transfers

CrewRelay operates in the United States. If you're located outside the US, your information will be transferred to and processed in the United States. By using CrewRelay, you consent to this transfer.

We comply with applicable data protection laws and use standard contractual clauses for international transfers when required.

10. Changes to this privacy policy

We may update this privacy policy from time to time. We'll notify you of material changes:

Via email to your registered address
Via SMS to registered phone numbers
Via notification in your CrewRelay dashboard

Notice will be provided at least 30 days before changes take effect. Continued use after changes constitutes acceptance.

11. Contact us

Questions about this privacy policy or our data practices? Contact us:

Email: privacy@crewrelay.ai
Data protection inquiries: privacy@crewrelay.ai
General support: support@crewrelay.ai

We'll respond to privacy inquiries within 30 days.