Privacy Policy

Last Updated: December 2025

This Privacy Policy explains how Inflowence ("we," "us," or "our") collects, uses, and discloses information. Because we are a B2B SaaS provider, our data processing falls into two categories:

Our Customers: The businesses who buy our software.

End-Users: The customers of our Customers (whose data we process on our Customers' behalf).

1. Data Roles & Responsibilities

Customer Data (B2B): Regarding our business relationship with you (the Customer), we act as a Data Controller.

End-User Data (The "Service Data"): Regarding the information you upload or that is generated via SMS, Voice, and DMs with your clients, we act as a Data Processor. You (the Customer) remain the Data Controller of your End-Users' information.

2. Information We Collect

A. From Our Customers (You)

Account Information: Name, business email, billing address, and payment details (processed via Stripe/third-party).

Technical Data: IP address, browser type, and usage logs on the Inflowence platform (via Vercel and Upstash).

B. From End-Users (Processed on your behalf)

Communication Content: Transcripts of Voice Agent calls, SMS message history, and social media Direct Messages (WhatsApp, Instagram, Facebook).

Contact Metadata: Phone numbers, social media handles, and timestamps of interactions.

Voice Data: Temporary audio recordings used for AI transcription and intent analysis.

3. The Technical Data Journey

To provide our services, data flows through a specific architecture designed for speed and reliability.

Interaction Trigger: An End-User sends a DM or calls your AI phone receptionist.

Processing Layer (GoHighLevel & AWS): The message is received by GoHighLevel (CRM) or AWS (Voice/Email). Our AI logic analyzes the intent.

Storage Layer (Supabase): The interaction history, lead status, and AI-generated logs are stored in our Supabase database to be displayed in your Inflowence dashboard.

State Management (Upstash): Temporary session data (like an active AI phone call state) is managed via Upstash for real-time performance.

4. How We Use Information

We do not sell End-User data. We use the information solely to:

  • Facilitate multi-channel communications.
  • Improve AI performance using aggregated, de-identified usage data
  • Provide analytics and reporting on your communication performance.
  • Prevent fraud and ensure compliance with our Acceptable Use Policy.

5. Data Retention

Account Data: Retained as long as your account is active.

End-User Communication Data: Retained for the duration of your subscription unless you request deletion.

Voice Recordings: Unless otherwise configured by the Customer, raw audio files are typically deleted after transcription is finalized, though transcripts remain in the database.

6. Third-Party Disclosures (Subprocessors)

We share data with the following categories of service providers to maintain the platform:

Infrastructure: AWS, Vercel, Supabase.

Communication Pipes: GoHighLevel, Twilio, Meta Platforms.

Analytics: Upstash.

Data & Infrastructure

To provide transparency about our data processing relationships:

  • Subprocessors List - View the complete list of third-party service providers, including AWS, GoHighLevel, Vercel, Supabase, and others, along with their roles and data locations.

  • Data Processing Addendum (DPA) - For business customers, review our data processing agreement which outlines our obligations as a data processor, security measures, and your rights under applicable US data protection laws.

7. Geographic Scope and Privacy Rights

7.1 Geographic Limitations

Our Services are offered solely to businesses and individuals located in the United States and Canada. We do not offer services to, and do not knowingly collect personal data from, entities or individuals located in the European Union, the European Economic Area, the United Kingdom, or Switzerland.

If you are located in a restricted jurisdiction, please do not use our Services or provide us with any personal data.

7.2 US State Privacy Rights

We comply with applicable US state privacy laws, including the CCPA/CPRA (California) and VCDPA (Virginia).

Right to Know: You may request a list of the personal data we store.

Right to Delete: You may request the deletion of your account data.

Opt-Out: Our Customers are responsible for providing "Opt-Out" mechanisms to their End-Users (e.g., "Reply STOP to opt out of text messages").

8. Security

We implement enterprise-grade security via our infrastructure providers (AWS and Supabase), including:

Encryption at Rest: All database entries are encrypted.

Encryption in Transit: Data is transmitted via HTTPS/TLS 1.3.

Access Control: Strict internal policies regarding who can access Customer databases for support purposes.

9. Contact Us

For any privacy-related inquiries or to exercise your data rights, please contact:

Privacy Officer Email: privacy@inflowence.ai

By using Inflowence, you acknowledge that you have read, understood, and agree to this Privacy Policy.