Hearthline
Log inBook a demo

Legal

Privacy Policy

Last updated October 1, 2026

This Privacy Policy explains how Hearthline ("we", "our", "us") collects, uses, and protects information when you use our hosted product, our website, or any integrations we provide. We are committed to handling your data and your customers' data responsibly.

1. Information we collect

  • Account information. Business name, contact email, phone number, billing address, and the names and emails of users you invite to the dashboard.
  • Customer interactions. Call audio, transcripts, SMS / chat messages, photos uploaded for quoting, and any structured data Anna extracts (name, phone, address, project description, estimated value).
  • Usage data. Anonymous logs of how you use the dashboard (pages visited, actions taken) to improve the product.
  • Integration data. When you connect a CRM, calendar, or payment provider we receive only the scopes you grant.

2. How we use it

  • To answer calls, qualify leads, draft quotes, and book jobs on your behalf.
  • To sync structured data into the CRMs and tools you connect.
  • To bill you accurately (per-minute call usage, monthly platform fee).
  • To detect abuse, debug issues, and improve the platform.

We do not sell your data. We do not use your customer interactions to train our underlying AI models.

3. Subprocessors

To deliver Hearthline, we share specific data with the following providers:

  • Anthropic (Claude) — transcript → structured lead extraction.
  • OpenAI — vision pipeline for photo-based quoting.
  • Vapi + Twilio — voice and SMS handling.
  • Stripe — payment processing for deposits and invoices.
  • AWS — hosting and storage (eu-west-3 / us-east-1, your choice).

All subprocessors are bound by data-processing agreements consistent with GDPR and CCPA.

4. Retention

Call audio is retained for 30 days by default and then deleted; transcripts are retained for 12 months. You can request earlier deletion at any time, and you can configure tighter retention in your dashboard settings.

5. Your rights

You and your customers have the right to access, correct, export, or delete personal data we hold. Contact privacy@hearthline.example and we will respond within 30 days.

6. Security

  • TLS 1.3 in transit, AES-256 at rest.
  • SOC 2 Type II audited annually.
  • Single-tenant Postgres available on Enterprise plans.
  • Quarterly third-party penetration tests.

7. Cookies

We use a minimum of strictly-necessary cookies for authentication and a single first-party analytics cookie to count page visits in aggregate. We do not load third-party advertising trackers.

8. Changes to this policy

If we make material changes we will notify all account owners by email at least 30 days before the change takes effect.

9. Contact

Questions? Reach the data-protection team at privacy@hearthline.example.