OffsiteAI

Privacy Policy

OffsiteAI ("we," "us," "our") provides AI-powered chatbot and CRM software for contractors. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Who We Collect Data From

We collect data from two groups:

• Contractors who sign up for OffsiteAI accounts.
• End customers who interact with the chatbot embedded on a contractor's website.

2. What We Collect

From contractors:

• Account information: name, email, business name, password (stored hashed with bcrypt).
• Business details you enter: services, pricing, hours, phone number, address.
• Payment information: handled by Stripe — we never see or store your card numbers.
• Usage data: which pages you visit, what features you use, log timestamps.

From end customers (people chatting with your chatbot):

• Conversation history with the chatbot.
• Contact info they provide (name, phone, email, address).
• Photos they upload (e.g., of damage for repair quotes).
• IP address and basic browser metadata.

3. How We Use Data

• To operate the chatbot and CRM features you signed up for.
• To improve our service (aggregate, anonymized analytics only).
• To send you account updates, product news, and security notices.
• To process payments (via Stripe).
• To provide customer support when you ask for help.

We do not sell your data, your customers' data, or any personal information to anyone — ever.

4. Third Parties We Use

We share data with the following third parties only as needed to operate the service:

• Anthropic — to power the AI chatbot responses (conversation messages are sent to their API).
• Stripe — to process payments.
• SendGrid — to send transactional emails.
• Twilio — to send SMS messages on your behalf (with customer consent).
• Railway — our cloud hosting provider.
• Sentry — for error monitoring (anonymized stack traces).

5. Data Retention

We keep your data as long as you have an active account. If you cancel:

• You can export all your data (contacts, deals, conversations) as CSV before cancelling.
• Your data is retained for 90 days after cancellation in case you want to reactivate.
• After 90 days, we permanently delete all account data.

6. Security

We take security seriously:

• Passwords are hashed with bcrypt (never stored in plain text).
• All data in transit is encrypted with HTTPS/TLS.
• API access requires JWT authentication.
• We use Sentry to monitor for and respond to errors and intrusions.
• Payment data is handled entirely by Stripe (PCI-compliant).

7. Your Rights

You can:

• Access all your data anytime via the CRM dashboard.
• Export your data as CSV.
• Edit or delete contacts, deals, and conversations.
• Request full account deletion by emailing ben@offsiteai.io.
• Opt out of marketing emails (transactional emails for security/billing will continue).

8. Children's Privacy

OffsiteAI is not directed at children under 13. We do not knowingly collect data from anyone under 13.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to active customers at least 30 days before taking effect.

10. Contact Us

Questions about this policy? Email ben@offsiteai.io and we'll respond within 48 hours.