Privacy Policy

Last Updated: December 9, 2025

Table of Contents

  1. Introduction & Scope
  2. Information We Collect
  3. How We Use Your Information
  4. Call Recording and Transcription
  5. Data Sharing and Third Parties
  6. Data Security
  7. Your Privacy Rights
  8. International Data Transfers
  9. Cookies and Tracking
  10. Data Retention
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

1. Introduction & Scope

OzyOps ("we," "us," or "our") provides AI-powered receptionist and follow-up services for businesses across multiple industries. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services.

Services Covered:

  • AI Receptionist Services: 24/7 call answering, qualification, and routing across Trades, Law, and Healthcare verticals
  • Customer Portal: Web-based portal for managing your AI receptionist, viewing analytics, and accessing call recordings (portal.ozyops.com)
  • Industry Verticals: Trades (trades.ozyops.com), Law (law.ozyops.com), Healthcare (health.ozyops.com)
  • Follow-Up Services: Automated SMS and email sequences, quote follow-up, appointment reminders

By using any of our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Business Contact Information

  • Account Information: Name, email address, phone number, business name, business address
  • Account Credentials: Username, password (encrypted)
  • Billing Information: Payment details processed securely through Stripe (we do not store full credit card numbers)

2.2 Google OAuth Data Collection

When you sign in to the OzyOps Customer Portal using Google OAuth, we collect certain information from your Google account:

  • Email Address: Used for authentication and account identification
  • Profile Information: Your name and profile picture for personalization within the portal
  • Google Calendar Access: Permission to read, write, and manage calendar events

Calendar Scope Explanation: We request the scope "View, edit, share, and permanently delete all calendars you can access using Google Calendar." This broad permission enables our AI receptionist to book appointments, check availability, send calendar invites, and manage scheduling on your behalf.

Purpose: Calendar integration enables appointment booking features in the portal, allowing our AI receptionist to schedule appointments directly into your Google Calendar based on your availability rules.

User Control: You can revoke Google Calendar access at any time through your Google Account settings (myaccount.google.com/permissions). Note that revoking access will limit appointment booking functionality within our services.

2.3 End User Information (Your Customers)

  • Contact Details: Name, phone number, email address, service address
  • Service Requests: Type of service needed, urgency level, preferred timing, specific requirements
  • Communication Records: Call recordings, transcripts, SMS and email message history
  • Appointment Details: Scheduled appointments, booking preferences, calendar availability

2.4 Call Data

  • Call Recordings: Audio recordings of all calls handled by our AI receptionist
  • Transcriptions: Text transcripts of call conversations generated from recordings
  • Call Metadata: Call duration, time/date, caller ID, disposition (booked, callback, emergency, etc.)
  • Customer Details: Information collected during calls (name, contact info, service needs)

2.5 Usage Data

  • Portal Activity: Login times, pages viewed, features used, settings changed
  • Call Volume: Number of calls answered, missed, forwarded, or escalated
  • Analytics: Call conversion rates, booking rates, response times, customer satisfaction metrics

2.6 Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies: Session cookies, authentication tokens, analytics cookies (see Section 9)
  • Log Files: Server logs, error logs, access logs

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

  • Operating the AI receptionist to answer, qualify, and route calls 24/7
  • Booking appointments into your Google Calendar based on availability rules
  • Escalating emergency calls to on-call technicians or staff
  • Managing callback lists and follow-up sequences
  • Providing access to the customer portal for managing your account

3.2 Service Improvement

  • Analyzing call recordings to optimize AI scripts and responses
  • Training our AI models to better understand industry-specific terminology
  • Identifying patterns to improve call routing and qualification
  • Developing new features based on usage patterns and customer feedback

3.3 Business Operations

  • Processing payments and managing subscriptions through Stripe
  • Generating monthly reports and analytics dashboards
  • Providing customer support and responding to inquiries
  • Monitoring system performance and uptime
  • Conducting quality assurance reviews

3.4 Legal Compliance

  • Complying with TCPA (Telephone Consumer Protection Act) regulations
  • Meeting CCPA (California Consumer Privacy Act) requirements
  • Adhering to GDPR (General Data Protection Regulation) for European users
  • Responding to legal requests and protecting our rights
  • Preventing fraud, abuse, and security threats

4. Call Recording and Transcription

Important: All calls handled by our AI receptionist are recorded and transcribed for quality assurance, service optimization, and dispute resolution.

4.1 Recording Practices

  • Purpose: Recordings are used to improve AI responses, train scripts, ensure quality, resolve disputes, and comply with your service requirements
  • Storage: Recordings are stored securely with AES-256 encryption at rest and TLS 1.2+ encryption in transit
  • Access: Only authorized OzyOps personnel and your designated team members can access recordings through the customer portal
  • Retention: Call recordings are retained for 12 months from the date of the call, unless earlier deletion is requested or required by law
  • Transcription: All recordings are automatically transcribed using third-party speech-to-text services for analysis and searchability

4.2 Your Responsibility for Consent

Customer Obligation: By using our service, you represent and warrant that you have obtained all necessary consents from end users (your customers) for call recording as required by applicable law.

Two-Party Consent States: The following U.S. states require consent from all parties before recording a phone call:

  • California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, Washington

Best Practice: We recommend having your AI receptionist announce that calls may be recorded for quality and training purposes at the beginning of each call, regardless of state law requirements.

4.3 Recording Management

  • Portal Access: You can listen to, download, or delete call recordings through the customer portal
  • Transcripts: Searchable transcripts are available alongside recordings for quick review
  • Deletion Requests: You may request deletion of specific recordings at any time by contacting support
  • Automatic Deletion: Recordings are automatically deleted after 12 months unless otherwise specified

5. Data Sharing and Third Parties

We do not sell your personal information. We may share information with the following third parties to provide and improve our services:

5.1 AI and Voice Processing Services

  • Retell AI: Voice processing, natural language understanding, conversational AI technology
  • Purpose: Powers the AI receptionist's ability to understand and respond to customer calls
  • Data Shared: Call audio, transcripts, conversation context

5.2 Infrastructure and Database Services

  • Supabase: Database hosting, authentication, real-time data synchronization
  • Purpose: Stores account information, call logs, analytics, and portal data
  • Data Shared: Account details, call metadata, user activity, configuration settings
  • Security: All data is encrypted at rest and in transit; Supabase is SOC 2 Type II compliant

5.3 Google Services

  • Google OAuth: Authentication for portal access
  • Google Calendar API: Appointment booking, availability checking, calendar management
  • Purpose: Enables secure login and calendar integration for appointment scheduling
  • Data Shared: Email address, profile information, calendar events and availability
  • Google's Privacy Policy: https://policies.google.com/privacy

5.4 Payment Processing

  • Stripe: Secure payment processing, subscription management, invoicing
  • Purpose: Processes monthly subscription payments and manages billing
  • Data Shared: Payment card information, billing address, transaction history
  • Security: Stripe is PCI-DSS Level 1 certified (highest level of payment security)

5.5 Communication Services

  • Twilio: SMS messaging for follow-up sequences and appointment reminders
  • Purpose: Enables automated text message follow-up with leads and customers
  • Data Shared: Phone numbers, message content, delivery status

5.6 Integration and Automation

  • Zapier: Integration automation, workflow coordination, data synchronization
  • Purpose: Connects our services with your existing tools (CRM, scheduling software, etc.)
  • Data Shared: Call details, lead information, appointment data (based on your configured integrations)

5.7 Legal Requirements

We may disclose information when required by law, court order, subpoena, or government request, or when necessary to:

  • Comply with legal obligations and regulatory requirements
  • Protect our rights, property, or safety, and that of our users and the public
  • Detect, prevent, or address fraud, security, or technical issues
  • Enforce our Terms of Service and investigate violations

5.8 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and portal notice before your information is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • At Rest: All stored data, including call recordings and database records, is encrypted using AES-256 encryption
  • Passwords: User passwords are hashed using bcrypt with salt for secure storage

6.2 Access Controls

  • Role-Based Access: Team members only have access to data necessary for their role
  • Multi-Factor Authentication (MFA): Available for all portal accounts (strongly recommended)
  • Audit Logging: All access to sensitive data is logged and monitored
  • Limited Personnel: Only authorized OzyOps personnel have access to production systems

6.3 Monitoring and Response

  • Continuous Monitoring: 24/7 security monitoring and threat detection
  • Intrusion Detection: Automated systems detect and respond to suspicious activity
  • Incident Response: Documented procedures for security incident response and notification
  • Regular Audits: Quarterly security audits and annual penetration testing

6.4 Data Backups

  • Backup Schedule: Daily automated backups of all critical data
  • Backup Encryption: All backups are encrypted using AES-256
  • Retention: Backups are retained for 30 days for disaster recovery purposes
  • Testing: Regular backup restoration tests to ensure data recovery capability

Important Notice: While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the security of your account credentials and should notify us immediately of any unauthorized access.

7. Your Privacy Rights

7.1 General Rights (All Users)

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing communications at any time
  • Data Portability: Receive your data in a structured, commonly used, machine-readable format
  • Objection: Object to processing of your personal information for certain purposes

7.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Know (Business Purposes): Know the business purposes for collecting and sharing information
  • Right to Know (Third Parties): Know categories of third parties with whom information is shared
  • Right to Delete: Request deletion of personal information collected (with certain exceptions)
  • Right to Opt-Out: Opt-out of sale of personal information (note: we do not sell personal information)
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising CCPA rights

Response Time: We will respond to verifiable consumer requests within 45 days. If we need more time, we will notify you and explain the reason for the extension.

7.3 European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Obtain confirmation of data processing and access to your personal data
  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of personal data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing under certain circumstances
  • Right to Data Portability: Receive personal data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Lodge Complaint: File a complaint with your local data protection authority
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing

Legal Basis for Processing: We process your data based on consent, contractual necessity, legal obligations, and legitimate interests.

7.4 Exercising Your Rights

To exercise any of these rights, contact us at:

Verification: For security purposes, we may require verification of your identity before fulfilling requests. We will respond within 30 days of receiving a verifiable request.

8. International Data Transfers

Our services are hosted in the United States. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States.

8.1 Data Transfer Locations

  • Primary Hosting: United States (AWS and Google Cloud infrastructure)
  • Third-Party Services: May process data in various locations based on their infrastructure
  • Backup Storage: United States (encrypted backups)

8.2 European Users (GDPR)

For users in the European Economic Area, we rely on Standard Contractual Clauses approved by the European Commission for data transfers from the EEA to the United States. These clauses provide appropriate safeguards for your personal data.

8.3 Data Protection

Regardless of where your data is processed, we apply the same privacy and security protections described in this policy. All data transfers comply with applicable data protection laws.

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience and collect analytics:

9.1 Types of Cookies

  • Essential Cookies: Required for website functionality, authentication, and security. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our website and portal (Google Analytics). You can opt-out via browser settings or Google's opt-out tool.
  • Preference Cookies: Remember your settings, preferences, and customizations within the portal.

9.2 Cookie Management

You can control cookies through your browser settings:

  • Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies
  • Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
  • Limitation: Disabling cookies may limit functionality of the portal and website

9.3 Do Not Track

Some browsers support a "Do Not Track" signal. Currently, there is no industry consensus on how to respond to these signals, and we do not currently respond to "Do Not Track" browser signals.

10. Data Retention

We retain information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce agreements:

10.1 Retention Periods

  • Account Data: Retained while your account is active and for 2 years after account termination (for dispute resolution and legal compliance)
  • Call Recordings: Retained for 12 months from the date of the call, then automatically deleted
  • Call Transcripts: Retained for 12 months from the date of the call
  • Financial Records: Retained for 7 years to comply with tax and accounting requirements
  • Marketing Data: Retained until you unsubscribe or request deletion
  • Support Tickets: Retained for 3 years for quality assurance and issue tracking
  • Analytics Data: Aggregated and anonymized analytics retained indefinitely for business intelligence

10.2 Deletion Practices

  • Automatic Deletion: Data is automatically deleted after retention periods expire
  • Manual Deletion: You may request deletion of specific data at any time (subject to legal retention requirements)
  • Secure Deletion: All deleted data is securely erased using industry-standard deletion methods
  • Backup Deletion: Deleted data is removed from backups within 30 days of deletion request

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information promptly.

If you believe we may have collected information from a child under 18, please contact us immediately at privacy@ozyops.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.1 Notification of Changes

We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the customer portal dashboard

12.2 Acceptance of Changes

Your continued use of our services after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you must stop using our services and may request account termination.

12.3 Material Changes

For material changes that significantly affect your privacy rights, we will provide at least 30 days' notice before the changes take effect and may require explicit consent to continue using our services.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

OzyOps
Email: hello@ozyops.com
Privacy Email: privacy@ozyops.com
Website: https://ozyops.com
Portal Support: https://portal.ozyops.com/support

For privacy rights requests (access, deletion, correction):
Please email privacy@ozyops.com with "Privacy Rights Request" in the subject line. Include your name, email address associated with your account, and a description of your request. We will respond within 30 days.