Privacy Policy

Last updated: May 26, 2026

This Privacy Policy explains how ReplyHawk, Inc. ("ReplyHawk", "we", "us") collects, uses, and discloses information when home-service professionals ("Pros") use our platform to receive and respond to leads from third-party sources such as Yelp, Thumbtack, Google Local Services Ads, and their own websites.

1. Who controls your data

ReplyHawk is a data processor acting on behalf of each Pro. The Pro is the data controller for their leads and customers; ReplyHawk processes that data solely to provide the service.

2. Information we collect

From the Pro

• Account information: name, business name, email, phone, business address.
• Authorization tokens for connected third-party platforms (Yelp, Thumbtack, Google LSA) — obtained via OAuth or platform-supported delegation. We never request or store the Pro's password.
• Business profile (services offered, service area, hours, pricing notes) used to draft replies.
• Configuration: outreach preferences, calling hours, AI tone settings.

From customers / leads (collected on the Pro's behalf)

• Name (when shared by the lead source).
• Contact information (phone number, email) — only when explicitly shared by the customer.
• Conversation messages exchanged through the connected platform.
• Project metadata provided by the customer (service type, location, scope).
• Outbound call audio, transcripts, and call metadata (start time, duration, outcome).

Automatically

• Usage analytics (page views, feature use, error logs) — pseudonymized.
• Standard server logs (IP, user agent, timestamps) for security and debugging.

3. How we use information

• To pull a Pro's leads and conversations from connected platforms via their official APIs.
• To draft suggested replies using large language models, conditioned on the Pro's business profile.
• To send replies, place outbound calls, and send SMS only when the Pro has authorized that action (manually or via a written automation rule the Pro configured).
• To detect and prevent abuse, fraud, and platform-rule violations.
• To improve the service. We do not train third-party LLMs on Pro or customer data.

4. Subprocessors

ReplyHawk uses the following service providers to deliver the service. We have a data-processing agreement in place with each.

• Anthropic (AI reply drafting). Data is sent under no-training terms.
• ElevenLabs (voice agent for outbound calls).
• Twilio (PSTN voice + SMS).
• Cloudflare (CDN, DDoS, transit security).
• Cloud hosting provider for application + database (US region).

5. How we share information

We do not sell personal information. We share data only:

• With the Pro who controls the lead.
• With the subprocessors listed above, strictly to deliver the service.
• With the third-party platform (Yelp, Thumbtack, Google) when sending a reply to that platform on the Pro's behalf.
• When required by law, valid legal process, or to protect rights and safety.

6. Retention

Lead and conversation data is retained while the Pro's account is active and for up to 90 days after deletion to allow recovery. Call audio is retained for 30 days unless the Pro extends the period. Audit logs are retained 12 months for security.

7. Security

Data in transit is encrypted via TLS 1.2+. Data at rest is encrypted with AES-256. Access to production systems requires SSO with hardware security keys. We follow industry standard practices for vulnerability management and incident response.

8. Your choices

• Pros can disconnect any third-party platform at any time, revoking ReplyHawk's access.
• Pros can delete their account; we will remove personal data within 30 days subject to legal retention obligations.
• Customers (consumers contacted by the Pro through ReplyHawk) can request access to or deletion of their data by contacting us at privacy@replyhawk.ai. We will route the request to the controlling Pro and assist as required by law.

9. California, EU, and other jurisdictions

California residents have additional rights under the CCPA/CPRA (access, deletion, correction, opt-out of sale — note: we do not sell personal information). EU/UK residents have rights under GDPR/UK GDPR (access, rectification, erasure, restriction, portability, objection). Submit requests to privacy@replyhawk.ai.

10. Children

ReplyHawk is not directed to children under 13 and we do not knowingly collect their data.

11. Changes

We may update this policy. Material changes will be announced via in-product notice or email 30 days before they take effect.

12. Contact

Privacy questions: privacy@replyhawk.ai
General: hello@replyhawk.ai