Privacy Policy

Last updated: 18 May 2026.

1. Introduction

VeryBookedAI Inc. ("VeryBookedAI," "we," "us," or "our") provides an AI automation platform that helps service businesses capture leads, handle inbound calls, run reactivation campaigns, and engage customers through chat. This Privacy Policy explains how we collect, use, share, and protect information we obtain when you visit our website or use our platform and related services (collectively, the "Services").

By accessing or using the Services you confirm that you have read this policy and agree to its terms. If you are using the Services on behalf of an organisation, you represent that you have authority to bind that organisation to this policy.

2. Information We Collect

We collect information in the following categories:

  • Account and contact information. Name, business name, email address, phone number, and payment details you provide when registering or purchasing a subscription.
  • Usage data. Pages visited, features used, session duration, referring URLs, browser type, and device identifiers collected automatically when you interact with our web properties.
  • Call recordings and transcripts. When you enable our voice AI features, calls between your customers and our AI agents may be recorded and transcribed. You are responsible for obtaining the required consent from your customers before enabling call recording.
  • Chat transcripts. Conversation logs between your customers and our chat AI are retained to allow the agent to maintain context and to improve agent performance within your account.
  • Knowledge base content. Documents, FAQs, and business information you upload to train your AI agents.
  • Customer contact data. Contact records (name, email, phone) you import or that are generated through lead-capture flows.

3. How We Use Information

We use the information we collect to:

  • Provision, operate, and improve the Services and your AI agents.
  • Process billing and send subscription-related communications.
  • Respond to support requests and troubleshoot issues.
  • Send service announcements, security alerts, and administrative messages.
  • Detect, investigate, and prevent fraudulent or harmful activity.
  • Comply with legal obligations, including responding to lawful requests from public authorities.
  • Analyse aggregate, de-identified usage patterns to guide product development. We do not link de-identified data back to individuals.

4. AI Training and Processing

Your customer data, call recordings, chat transcripts, and knowledge base content are used exclusively to train and operate AI agents within your own account. We do not use your data to train shared or cross-tenant base models, and we do not share your proprietary content with other VeryBookedAI customers.

Inference requests are routed through the Vercel AI Gateway to large language model providers (currently OpenAI and Anthropic). These providers process your prompts under their own data processing agreements with us and do not use your data to train their general-purpose models under the terms of those agreements.

5. Data Sharing and Sub-processors

We do not sell your personal information or your customers' personal information. We share data only with the sub-processors necessary to deliver the Services:

  • Retell AI and Vapi: voice AI infrastructure providers that handle real-time call routing and voice synthesis.
  • OpenAI and Anthropic (accessed via Vercel AI Gateway): large language model inference.
  • Stripe: payment processing and subscription management.
  • Cloudflare R2: object storage for call recordings and uploaded knowledge base files.
  • PostHog: product analytics (session events and funnel metrics; no call or chat content).
  • Cloudflare: CDN, DDoS protection, and DNS.

We may also disclose information if required by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of VeryBookedAI, our users, or the public.

In the event of a merger, acquisition, or sale of substantially all our assets, your information may be transferred to the successor entity subject to equivalent privacy protections.

6. Data Retention

  • Call recordings are retained for 90 days from the date of the call and then permanently deleted from our systems unless you request earlier deletion.
  • Chat transcripts are retained indefinitely to preserve conversation context unless you submit a deletion request, after which they are purged within 30 days.
  • Billing records (invoices, payment history) are retained for seven (7) years in compliance with applicable tax and accounting regulations.
  • Account data is retained for the duration of your subscription and for up to 60 days after account closure, after which it is deleted except where retention is required by law.

7. Your Rights

Depending on your jurisdiction (including the EU/EEA, UK, and California), you may have the following rights with respect to your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete information.
  • Erasure. Request deletion of your personal information, subject to our legal retention obligations.
  • Portability. Receive your personal information in a structured, machine-readable format.
  • Restriction. Ask us to limit the processing of your personal information in certain circumstances.
  • Objection. Object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please email [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your request, you have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

VeryBookedAI is headquartered in the United States. If you are located in the European Union, European Economic Area, or United Kingdom, your personal information will be transferred to and processed in the United States.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for transferring personal data from the EU/EEA and UK to the United States. Where our sub-processors are certified under the EU-US Data Privacy Framework, we may rely on that framework as an additional transfer mechanism.

9. Security

We implement administrative, technical, and physical safeguards designed to protect the information we process:

  • Encryption in transit using TLS 1.2 or higher for all data exchanged with our APIs.
  • Encryption at rest for call recordings stored in Cloudflare R2 using AES-256 managed keys.
  • Role-based access controls limiting internal access to personal data to personnel who require it to perform their job functions.
  • Regular vulnerability scanning and periodic third-party security assessments.
  • Audit logging for administrative actions on production databases.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Children's Privacy

The Services are intended for businesses and professionals aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected] and we will delete the information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (to the address associated with your account) and by updating the "Last updated" date at the top of this page at least 30 days before the changes take effect. Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data:

VeryBookedAI Inc.
Email: [email protected]
Address: 1234 Market St, San Francisco, CA 94103, USA