Privacy Policy

OffsiteAI ("we," "us," "our") is operated by OffsiteAI LLC, an Arizona limited liability company (Arizona Entity Number 25050665, EIN 42-2037550). We provide AI-powered chatbot and CRM software for contractors. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. For a physical mailing address, email team@offsiteai.io.

1. Who We Collect Data From

We collect data from two groups:

• Contractors who sign up for OffsiteAI accounts.
• End customers who interact with the chatbot embedded on a contractor's website.

2. What We Collect

From contractors:

• Account information: name, email, business name, password (stored hashed with bcrypt).
• Business details you enter: services, pricing, hours, phone number, address.
• Payment information: handled by Stripe — we never see or store your card numbers.
• Usage data: which pages you visit, what features you use, log timestamps.

From end customers (people chatting with your chatbot):

• Conversation history with the chatbot.
• Contact info they provide (name, phone, email, address).
• Photos they upload (e.g., of damage for repair quotes).
• IP address and basic browser metadata.

3. How We Use Data

• To operate the chatbot and CRM features you signed up for.
• To improve our service (aggregate, anonymized analytics only).
• To send you account updates, product news, and security notices.
• To process payments (via Stripe).
• To provide customer support when you ask for help.

We do not sell your data, your customers' data, or any personal information to anyone — ever.

Mobile information: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Phone numbers collected through the chatbot or contact forms are used only to fulfill the request the customer initiated (SMS confirmations, reminders, lead handoff to the contractor) and are never sold, rented, or shared for third-party marketing.

4. Third Parties We Use

We share data with the following third parties only as needed to operate the service:

• Third-party AI model providers — to power chatbot responses (conversation messages and uploaded images are sent to their APIs under commercial terms; not used to train their models).
• Stripe — to process payments. Card numbers never touch our servers.
• SendGrid — to send transactional emails.
• Twilio — to send SMS messages on your behalf (with customer consent).
• Railway — our cloud hosting provider (PostgreSQL + app servers).
• Sentry — for error monitoring (anonymized stack traces).
• PostHog — product analytics + session replay on our public marketing pages and the customer portal. We mask all form inputs (passwords, payment fields, the email you enter at signup). We do not record chat-widget conversations in PostHog. PostHog stores session data in the United States. PostHog privacy policy.
• Google (Gmail + Calendar) — optional integrations. If you connect Gmail, we read replies to outbound emails so we can sync them into the CRM. If you connect Google Calendar, we read/write your appointments. Both are read-only or read/write under OAuth scopes that you grant explicitly; you can revoke at any time from Google's account permissions page.

5. Data Retention

We keep your data as long as you have an active account.

• Cancel anytime from Settings or by emailing team@offsiteai.io.
• Export your data anytime via GET /api/my-org/export (owner/admin only) or by emailing team@offsiteai.io.
• Request account deletion via POST /api/my-org/delete (owner only). Deletion schedules a 30-day grace window; during that window you can cancel with POST /api/my-org/delete/cancel. After 30 days, personally identifiable information on contacts, activities, and conversations is permanently anonymized.

6. Security

We take security seriously:

• Passwords are hashed with bcrypt (never stored in plain text).
• All data in transit is encrypted with HTTPS/TLS.
• API access requires JWT authentication.
• We use Sentry to monitor for and respond to errors and intrusions.
• Payment data is handled entirely by Stripe (PCI-compliant).

7. Your Rights

You can:

• Access all your data anytime via the CRM dashboard.
• Edit or delete contacts, deals, and conversations from the dashboard.
• Request a full data export by emailing team@offsiteai.io or by hitting GET /api/my-org/export as an owner/admin. We fulfill export requests within 7 business days.
• Request account deletion by emailing team@offsiteai.io or via POST /api/my-org/delete (owner only, requires typed-name confirmation). Deletion enters a 30-day grace window during which you can cancel; after 30 days, personally identifiable information on your contacts, activities, and conversations is permanently anonymized, lead photos and legacy on-disk files are removed, and we send a redaction request to Stripe for your customer record.
• Unsubscribe from marketing emails immediately via the link in any marketing email footer. We honor unsubscribe requests at the moment you click — no waiting period. Transactional emails (security, billing, appointment confirmations) continue regardless.

Third-party processors and your deletion request: when we anonymize your account, we automatically send a redaction request to Stripe (your customer record there is scrubbed of identifying details, but Stripe retains payment history for legal/financial reporting). For SendGrid (email logs + suppression entries), Twilio (SMS logs), Google (calendar events you authorized), and Anthropic (chat conversation history), data retention is governed by each processor's own policy and we do not automatically issue deletion requests on your behalf. If you require deletion at those processors, contact them directly or email us and we will request it for you.

7a. California, Virginia, Connecticut, Colorado, and Utah Residents

If you reside in a state with a comprehensive privacy law, you have the following rights:

• Right to know / access — request a copy of personal data we hold about you. Use GET /api/my-org/export as an owner/admin, or email team@offsiteai.io.
• Right to delete — request deletion. Use POST /api/my-org/delete (owner, with typed confirmation), or email team@offsiteai.io.
• Right to opt out of sale or sharing — we do not sell your personal data, and we do not share it for cross-context behavioral advertising. There is nothing to opt out of in this category.
• Right to non-discrimination — exercising any of these rights does not affect the price or quality of the Service.
• Right to correct — you can edit your contact information from the CRM dashboard, or email us.

To exercise any of these rights, email team@offsiteai.io. We respond within 45 days.

8. Children's Privacy

OffsiteAI is not directed at children under 13. We do not knowingly collect data from anyone under 13.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to active customers at least 30 days before taking effect.

10. Contact Us

Questions about this policy? Email team@offsiteai.io and we'll respond within 48 hours. If you need a physical mailing address (for certified mail, subpoena, etc.), request one via that email.

OffsiteAI LLC · Arizona Entity Number 25050665 · United States