Privacy Policy
Effective Date: [EFFECTIVE_DATE] Last Updated: [EFFECTIVE_DATE]
This Privacy Policy explains how Loopcall LLC ("Loopcall," "we," "us," or "our") collects, uses, discloses, and protects information when you (a) use our website at loopcall.io (the "Site"), (b) use the lead-recovery automation service we provide to home-services businesses (the "Service"), or (c) exchange SMS messages with a business that uses our Service.
This Policy is written to comply with the Telephone Consumer Protection Act (TCPA), CTIA A2P messaging guidelines, the FCC's rules for text marketing and automated outreach, and applicable state privacy laws (including the California Consumer Privacy Act / CPRA where relevant).
1. Who this policy applies to
We provide services to two distinct groups:
- Business Customers — the home-services companies (e.g., HVAC and plumbing shops) who subscribe to our Service so we can recover their missed calls and follow up on their leads.
- End Recipients — the homeowners, prospects, or customers of those Business Customers, who interact with our Service primarily through SMS text messages sent on behalf of a Business Customer.
When you receive a text message from one of our Business Customers, the Business Customer is the data controller of that conversation. We act as a data processor under their direction. This Policy tells you what we do as a processor and what data we collect directly.
2. Information we collect
2.1 From Business Customers (the trades shops who pay us)
- Account data: business name, owner name, business email, business phone, mailing address, EIN (where required for A2P 10DLC carrier registration), website URL.
- Billing data: payment method (processed by Stripe — we do not store full card numbers), invoices, subscription tier.
- Integration data: API tokens and OAuth credentials for connected systems (e.g., Jobber, Housecall Pro, Workiz, Google Business Profile, QuickBooks Online).
- Configuration data: business hours, escalation phone numbers, service area, brand voice settings, review-request templates.
2.2 From End Recipients (homeowners/leads texting our Business Customers)
When you call or text a phone number operated through our Service on behalf of a Business Customer, we collect:
- Phone number (yours, and the business's number you contacted).
- Message content of SMS messages you send and receive.
- Call metadata for inbound calls — caller ID, date/time, call duration, whether the call was answered. We do not record voice content in the Service today. If voice recording is added, you will be notified at the start of the call and your consent will be required.
- Consent records — when, where, and how you opted in to receive messages (e.g., by calling the business, by submitting a web form, by checking an opt-in box at the time of service).
- Engagement events — message delivery status, replies, opt-outs (STOP/UNSUBSCRIBE), help requests (HELP).
2.3 Automatically from the Site
- Standard server logs (IP address, user agent, pages visited).
- Cookies and similar technologies for session management and product analytics (see Section 9).
3. How we use information
3.1 To deliver the Service
- Send SMS replies to missed calls on behalf of a Business Customer.
- Run AI-powered text conversations to qualify a lead (e.g., job type, urgency, address, preferred contact time) and pass the qualified lead to the Business Customer.
- Send estimate follow-ups, review requests, and reactivation messages on behalf of a Business Customer, only where consent permits.
- Maintain audit logs for compliance defense.
3.2 To operate our business
- Bill subscriptions, process payments (via Stripe), and prevent fraud.
- Provide customer support to Business Customers.
- Monitor service health (error rates, deliverability, system uptime).
- Comply with applicable laws and respond to lawful requests.
3.3 What we DO NOT do
- We do not sell personal information.
- We do not share SMS opt-in data, phone numbers, or message content with third parties for those third parties' marketing purposes.
- We do not use SMS opt-in consent obtained for one Business Customer to message you on behalf of another Business Customer.
- We do not use customer message content or call metadata to train external AI models. Our AI provider (Anthropic) does not use commercial API inputs/outputs to train its models by default.
- We do not generate fake reviews, send deceptive offers, or impersonate humans without AI disclosure.
4. SMS / text messaging program disclosures
If you receive a text from a phone number operated by our Service on behalf of a Business Customer, the following applies:
- Consent: You are receiving messages because you (a) called the business and we are responding to your inbound call, (b) provided your phone number at the time of service, (c) submitted an online form or web chat, or (d) otherwise gave prior express consent to be contacted.
- AI disclosure: Some replies you receive are generated or assisted by an AI system. The AI will identify itself in its first reply (e.g., "Quick AI assistant here on behalf of [BUSINESS]"). You can always ask to speak with a human and we will route you to the Business Customer's owner or staff.
- Message frequency: Message frequency varies based on the conversation, your responses, and the type of service interaction. Typical lead-recovery conversations involve 2–8 messages over 24–72 hours; lifecycle messages (estimate follow-up, review request, reactivation) may add additional messages.
- Message and data rates: Standard message and data rates may apply from your wireless carrier. We do not charge you for messages.
- Opt-out: Reply STOP to any message at any time to opt out. Opt-out is free and effective within seconds. Once you opt out, you will not receive further SMS messages from that Business Customer through our Service unless you opt back in.
- Help: Reply HELP to receive contact information for the Business Customer and instructions on how to opt out.
- Supported carriers: Messaging is supported across major U.S. wireless carriers. Carriers are not liable for delayed or undelivered messages.
- No medical, financial, legal, or other regulated advice: Messages from our Service are operational (e.g., "we'll have a tech out Thursday") and do not constitute medical, legal, financial, or other professional advice.
5. How we share information
We share information only with the following categories of recipients:
| Recipient | Purpose | Type of data |
|---|---|---|
| The Business Customer (the trades shop) | Delivering qualified leads, conversation transcripts, and lifecycle events to them | Phone numbers, messages, call metadata, consent records pertaining to their customers |
| Twilio, Inc. | Carrier-grade SMS and voice infrastructure | Phone numbers, message content, call metadata |
| Anthropic, PBC | AI model used to draft SMS replies (Claude) | Message content (transient, not retained for training under commercial API terms) |
| Supabase, Inc. | Cloud database and storage for Service data | All Service data |
| Stripe, Inc. | Payment processing for Business Customer subscriptions | Business Customer billing data |
| Sentry, Better Stack, PostHog | Error monitoring, uptime monitoring, product analytics | Limited operational/technical data; not full message content |
| Connected FSM/CRM systems (Jobber, Housecall Pro, Workiz, Google Business Profile, QuickBooks Online) | Lead handoff, job updates, review-link delivery — only where Business Customer has authorized the connection | Customer and job data per the Business Customer's authorization |
| Government authorities / lawful requests | When legally required (subpoena, court order, valid law-enforcement request) | As required by the request |
| Successor entity | In the event of a merger, acquisition, or sale of substantially all assets, with continued protection under this Policy or notice provided to affected users | As applicable |
We require each processor to handle data consistently with this Policy and applicable law.
6. Data retention
- SMS message content, consent records, and audit logs: retained for at least four (4) years to meet TCPA statute-of-limitations defense requirements, and longer where state law or regulation requires.
- Call metadata: retained for at least four (4) years.
- Account and billing records: retained for the life of the Business Customer relationship plus seven (7) years for tax and accounting compliance.
- Suppression lists (opted-out numbers): retained indefinitely so that we never message a number that has opted out, even if the original consent record is purged.
- Analytics/log data: retained on a rolling basis according to vendor defaults (typically 30–90 days for error logs, 12 months for product analytics).
When a Business Customer terminates their subscription, we retain compliance-critical records (audit logs, consent records, suppression lists) for the retention periods above and delete other data within 90 days, subject to legal hold requirements.
7. Your choices and rights
7.1 If you are an End Recipient (a homeowner / lead)
- Opt out of SMS at any time by replying STOP. We will honor the opt-out across all automations for the Business Customer who messaged you.
- Request information about messages we have sent or received on your behalf by emailing support@loopcall.io. Because the Business Customer is the data controller, we may direct you to them for some requests.
- Right to know / delete / correct (California and similar state laws): Where applicable, you may request access to, correction of, or deletion of your personal information. Requests are routed to the relevant Business Customer.
7.2 If you are a Business Customer (a trades shop)
- Manage account, billing, integrations, and configuration through your dashboard or by emailing support@loopcall.io.
- Export your data at any time.
- Cancel your subscription per the Terms of Service.
7.3 Do Not Track
Our Site does not respond to "Do Not Track" browser signals at this time.
8. Security
We use commercially reasonable safeguards to protect information, including:
- Encryption in transit (TLS) and at rest for sensitive fields.
- Role-based access controls for staff who need access to perform their duties.
- Row-Level Security in our database to isolate each Business Customer's data from every other Business Customer's data.
- Vendor SOC 2 / equivalent reviews for major processors (Twilio, Anthropic, Supabase, Stripe).
- Audit logging of administrative actions.
No method of internet transmission or electronic storage is 100% secure. We make no guarantee of absolute security and recommend you use strong passwords and good account hygiene.
9. Cookies and tracking
We use a minimal set of cookies and similar technologies on the Site:
- Strictly necessary cookies for session management.
- Analytics (e.g., PostHog) to measure how the Site is used.
- No third-party advertising cookies.
You can disable cookies through your browser settings; some Site functions may not work as a result.
10. Children's privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has submitted personal information, please contact us at support@loopcall.io and we will delete it.
11. International users
The Service is intended for use in the United States. If you access the Service from outside the United States, you consent to the processing of your information in the United States, which may have data-protection rules different from those of your country.
12. Changes to this policy
We may update this Policy from time to time. Material changes will be communicated via email (to Business Customers) and via an updated "Effective Date" at the top of this page. Continued use of the Service after an update constitutes acceptance.
13. Contact
Loopcall LLC [LROS_MAILING_ADDRESS] Email: support@loopcall.io Web: loopcall.io
For SMS-related opt-out or messaging questions, reply STOP to any message you've received, or email support@loopcall.io.
14. State-specific disclosures
14.1 California (CCPA/CPRA)
California residents have the right to:
- Know the categories and specific pieces of personal information we collect.
- Delete personal information we have collected (subject to legal retention).
- Correct inaccurate personal information.
- Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information for cross-context behavioral advertising.
- Non-discrimination for exercising any of the above rights.
To exercise these rights, contact support@loopcall.io.
14.2 Other states
If you live in a state with a comprehensive consumer-privacy law (e.g., Colorado, Connecticut, Virginia, Utah, Texas, Oregon), you may have similar rights. Contact support@loopcall.io to exercise them.
15. Placeholders to replace before launch
Before this Policy is published live, replace:
Loopcall LLC— the legal entity name (e.g., "Lead Recovery OS LLC")Loopcall— the public brand name (e.g., "Lead Recovery OS")loopcall.io— the public domain (e.g., "leadrecovery.io")support@loopcall.io— the support inbox (e.g., "support@leadrecovery.io")[LROS_MAILING_ADDRESS]— the LLC's registered or business mailing address[EFFECTIVE_DATE]— date this Policy is first published (e.g., "2026-05-25")
These placeholders are intentional. Twilio's A2P 10DLC review will check that this URL is publicly accessible and that it contains SMS-specific consent and opt-out language. Both are present in Sections 3, 4, and 7.