Privacy Policy
Last updated: April 27, 2026
VigilDesk LLC ("VigilDesk", "we", "us", "our") provides AI-powered phone answering, scheduling, and SMS messaging services for small businesses. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have regarding your information.
This policy applies to two groups of people: End Customers (individuals who call a business that uses VigilDesk) and Business Clients (the businesses that contract with VigilDesk to provide these services).
1. Information We Collect
From End Customers
- Phone number (caller ID and any number you provide for callback or SMS)
- Full name (when provided during a call or booking)
- Service address (when booking an appointment)
- Email address (when provided)
- Audio recording and transcript of your phone call
- Appointment details (service type, urgency, preferred date/time, special notes)
- SMS messages exchanged with the business via VigilDesk
From Business Clients
- Business name, address, and EIN
- Contact name, email, and phone of the owner / authorized signer
- Calendar availability, pricing rules, and service area
- Payment information (processed by Stripe; we do not store full card numbers)
Automatically
- Date and time of each phone call and SMS message
- Call duration, AI agent version, and outcome (booked, transferred, callback requested)
- Standard server logs (IP address, browser type) when you visit vigildesk.ai
2. How We Use Information
- To provide the service: answer your call, book your appointment, send SMS confirmations, notify the business owner, and update calendars.
- For quality and dispute resolution: review call recordings and transcripts when there is a customer complaint, an incorrect quote, or a missed booking.
- For internal operations: billing, customer support, fraud prevention, troubleshooting.
- To comply with law: respond to lawful subpoenas, court orders, or regulatory requests.
We do not use end-customer information to train public AI models. We do not sell or rent your personal information to anyone.
3. Who We Share Information With
We share information only with the parties needed to deliver the service ("sub-processors") and only to the extent necessary:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Twilio Inc. | Telephony & SMS delivery | Phone numbers, message content, call recordings |
| Retell AI Inc. | Voice AI processing | Call audio, transcripts, intent data |
| Google LLC | Calendar booking | Appointment date, time, customer name, address |
| Supabase Inc. | Database hosting | Booking records, call logs, business config |
| n8n GmbH | Workflow automation | Booking metadata routed between services |
| Stripe Inc. | Payment processing (clients only) | Business name, billing email, card token |
Each sub-processor is contractually bound to use the data only for the specified purpose and to protect it with reasonable security measures.
We may also disclose information if required by law, or if necessary to protect the rights, property, or safety of VigilDesk, our clients, our customers, or others.
4. Data Retention
- Call recordings: 90 days, then auto-deleted.
- Call transcripts and booking records: retained for the duration of the client business's contract, plus 12 months for dispute resolution and tax records, then deleted.
- SMS message contents: 12 months from the date of the message, then deleted.
- Account and billing records: retained as long as required by tax and accounting law (typically 7 years).
When a Business Client's contract ends, we export their data to them in standard formats within 7 business days and delete our copies within 30 days, except where retention is required by law.
5. Your Rights — California Residents (CCPA / CPRA)
If you are a California resident, you have the following rights regarding your personal information:
- Right to know what personal information we collect and how we use it.
- Right to access a copy of the personal information we hold about you.
- Right to delete your personal information, subject to limited exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of your personal information. VigilDesk does not sell or share personal information for cross-context behavioral advertising.
- Right to non-discrimination for exercising any of these rights.
To exercise these rights, email hello@vigildesk.ai with the subject line "CCPA Request". We will respond within 45 days.
6. Security
We use industry-standard administrative, technical, and physical safeguards to protect your information, including TLS encryption in transit, encrypted storage at rest, role-based access control, and logging of administrative access. No system is perfectly secure; we will notify affected individuals and applicable regulators in the event of a data breach as required by law.
7. Children
VigilDesk's services are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.
8. International Users
VigilDesk operates exclusively in the United States. If you are accessing our services from outside the US, please be aware that your information will be transferred to and processed in the United States.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The effective date at the top of this page reflects the most recent revision. Material changes will be communicated by email to active customers and clients.
10. Contact Us
Questions about this Privacy Policy or our data practices?
VigilDesk LLC
1098 Foxhurst Way
San Jose, CA 95120
Email: hello@vigildesk.ai
Phone: (844) 731-3674