Privacy Policy

Last updated: January 28, 2025

FrontDeskOS, Inc. ("FrontDeskOS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Services, including:

  • Account Information: Name, email address, phone number, company name, and password when you create an account.
  • Billing Information: Payment card details, billing address, and transaction history processed through our secure payment processors.
  • Communication Data: Messages, emails, and other communications you send to us or through our Services.
  • Business Data: Information about your business, including FAQs, scheduling rules, staff details, and custom greetings you configure in the platform.

1.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Call Data: Phone numbers, call duration, call recordings, transcripts, and metadata associated with calls processed through our platform.
  • Usage Data: Pages viewed, features used, actions taken, time spent, and interaction patterns within our platform.
  • Device Information: IP address, browser type, operating system, device identifiers, and general location data.
  • Cookies and Tracking: Information collected through cookies, pixels, and similar technologies as described in our Cookie Policy.

1.3 Information from Third Parties

We may receive information from third-party services you integrate with FrontDeskOS, including CRM systems (Salesforce, HubSpot), calendar platforms (Google Calendar, Outlook), and other business applications. This data is governed by both this Privacy Policy and the privacy policies of those third-party services.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the FrontDeskOS platform, including call answering, scheduling, and lead capture functionality.
  • Improvement: To analyze usage patterns, improve our Services, and develop new features.
  • Communication: To send service-related notifications, respond to inquiries, and provide customer support.
  • Marketing: To send promotional communications (with your consent) and personalize your experience.
  • Security: To detect, prevent, and address fraud, abuse, and security issues.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: With vendors who perform services on our behalf, such as payment processing, cloud hosting, and analytics. These providers are contractually bound to protect your data.
  • Integrations: With third-party applications you choose to connect, such as CRM systems and calendar platforms.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • Legal Requirements: When required by law, subpoena, or other legal process, or to protect our rights, privacy, safety, or property.
  • With Your Consent: In other circumstances where you have provided explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
  • Access Controls: Role-based access controls and multi-factor authentication protect access to sensitive data.
  • Monitoring: Continuous security monitoring and regular penetration testing by independent auditors.
  • Infrastructure: Data is hosted on secure cloud infrastructure with redundancy across multiple availability zones.

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide Services. Specific retention periods include:

  • Account Data: Retained until you delete your account, then removed within 30 days.
  • Call Recordings: Retained for 90 days by default, configurable up to 7 years for compliance purposes.
  • Audit Logs: Retained for 7 years to comply with regulatory requirements.
  • Billing Records: Retained for 7 years as required by tax and accounting regulations.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a portable, machine-readable format.
  • Opt-Out: Unsubscribe from marketing communications at any time.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise these rights, contact us at privacy@frontdeskos.co. We will respond within 30 days.

7. HIPAA Compliance

For healthcare clients, FrontDeskOS operates as a Business Associate under HIPAA. We execute a Business Associate Agreement (BAA) with each healthcare client, which governs our use and protection of Protected Health Information (PHI). Our HIPAA compliance measures include:

  • Signed BAA at no additional cost
  • End-to-end encryption of all PHI
  • Immutable audit logs with 7-year retention
  • Regular security training for all employees
  • Incident response procedures compliant with HIPAA breach notification rules

For more information, see our HIPAA Compliance page.

8. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

To exercise your CCPA rights, contact us at privacy@frontdeskos.co.

9. International Data Transfers

FrontDeskOS is based in the United States. If you access our Services from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

10. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: