Privacy Policy.
Regulance, Inc. ("Regulance," "we," "us") runs an AI voice agent service for small businesses. This policy tells you, in plain English, what data we handle on your behalf, how we use it, who we share it with, and the rights you have over it. If anything here is unclear, write services@regulance.ai and we’ll explain it.
1. Who this applies to
This policy covers the people we interact with through our product:
- Operators — the business owners who pay us a subscription so our AI receptionist answers their phone.
- Operators’ customers — the people who call an Operator’s number and end up speaking with our AI agent.
- Website visitors — anyone who reads regulance.ai, requests a demo, or submits a phone audit.
2. What we collect
From Operators (the people paying us)
- Account information: business name, owner name, billing email, phone number, billing address, payment method (handled by Stripe — we never store full card numbers).
- Service configuration you give us during onboarding: hours of operation, service area, trades, emergency rules, scheduler choice, brand voice notes.
- Tokens and credentials you grant us so our agent can act on your behalf — Google Calendar refresh tokens, Calendly API keys, scheduler-specific tokens for ServiceTitan / Housecall Pro / Jobber / Clio / NexHealth / Mindbody, etc. We store these encrypted at rest and use them only to perform the actions you authorized.
From your customers (the callers)
- Caller phone number (when carrier provides it), name they give, address, the content of the call (transcript), call audio recording, the booking they made if any.
- We surface a clear AI-disclosure on every call when your industry requires it (medical, legal) or when you turn it on. Where state law requires two-party consent for recording, recording is disclosed before transcription begins.
Automatically
- Standard web logs: IP address, browser type, pages visited, referring URL, timestamps. Used for debugging and abuse prevention.
- Minimal cookies. We do not use third-party advertising trackers on regulance.ai.
3. How we use it
- To run the service you paid for — answer calls, book appointments, send confirmations, route emergencies, generate weekly ROI reports.
- To improve service quality. Anonymized call transcripts may be used internally to tune voice models and conversation prompts. We do not use your customers’ call content, your Google data, or your CRM data to train third-party AI models.
- To bill you and handle support requests.
- To comply with the law and resolve disputes.
4. Google API Services User Data Policy — Limited Use
When you connect your Google Calendar, Regulance requests these scopes:
calendar.events— to create and update events the AI agent books on your behalf.calendar.readonly— to check your availability before offering a slot.userinfo.email+openid— only to confirm which Google account you connected, so we display it on your account page.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use your Google data only to provide and improve the user-facing features you connected the integration for (calendar availability + event booking on your behalf).
- We do not transfer your Google data to third parties except as necessary to provide or improve the service, comply with the law, or as part of a merger, acquisition, or asset sale (in which case the acquiring party will be bound by this policy).
- We do not use your Google data for serving advertisements.
- We do not allow humans to read your Google data unless we have your affirmative agreement for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or our use is for internal operations and the data has been aggregated and anonymized.
You can revoke our access at any time from your Google account at myaccount.google.com/permissions. When you revoke, our agent stops booking on your calendar and your refresh token is deleted from our database within 7 days.
5. Who we share with
We share the minimum data required with the service providers that power the product. They process data on our behalf under data processing agreements. None of them sells your data.
- VAPI — voice agent runtime (call audio + transcripts).
- Twilio — telephony (call routing, recordings, SMS).
- Anthropic — language model (transcripts + conversation context, used per-request only, not retained for training under our Zero Data Retention configuration).
- Resend — email delivery.
- Stripe — payments (your billing info; we never see full card numbers).
- Supabase — our database (everything we store).
- Google — calendar (when you connect it).
- Vercel / Railway — hosting (web traffic + logs).
We do not sell personal information. We do not use it for behavioral advertising.
6. How long we keep it
- Account data: as long as you have an account, plus 24 months for tax and audit purposes after cancellation.
- Call recordings and transcripts: 12 months by default. You can request shorter or longer.
- Google refresh tokens: deleted within 7 days of access revocation or account closure.
- Aggregated metrics (no personal info): retained indefinitely for product improvement.
7. Your rights
- Access — get a copy of your data.
- Correction — fix anything inaccurate.
- Deletion — remove your data (where we’re not legally required to keep it).
- Portability — export your data in a machine-readable format.
- Opt-out — California residents have additional rights under the CCPA, including the right to opt out of any "sale" or "sharing" of personal information (we don’t do either, but the right is yours).
Email services@regulance.ai with any request and we’ll respond within 30 days.
8. Security
We encrypt data in transit (TLS 1.2+) and at rest. Refresh tokens and API credentials are encrypted with provider-managed keys. Access to production data is restricted to a small set of authorized employees and logged. SOC 2 Type I is in progress — target completion Q3 2026.
9. International transfers
Regulance is operated from the United States. If you access the service from outside the U.S., your data will be transferred to and processed in the U.S. We rely on Standard Contractual Clauses where applicable.
10. Children
Regulance is a B2B service. It is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16.
11. Changes
We’ll update this policy when our practices change. The date at the top reflects the most recent material update. For material changes that reduce your rights, we’ll email active Operators 14 days before the change takes effect.
12. Contact
Privacy questions, requests, or complaints: services@regulance.ai. Postal mail: Regulance, Los Angeles, CA.