Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Avansa ("Avansa", "we", "us") collects, uses, stores, and shares information when you use our AI front-office service for service businesses (the "Service"), and when end customers of those businesses interact with our Service via voice or chat. It also describes how we handle Google user data accessed through Google APIs.

1. Who this policy applies to

Avansa is a B2B service. Our direct customers are business owners and operators who sign up for an Avansa account ("Business Customers"). End consumers who call or chat with an Avansa-powered receptionist on behalf of a Business Customer ("End Users") interact with us indirectly.

This policy covers both Business Customers and End Users.

2. Information we collect

2.1 Business Customer account information

Name, email address, and password (managed via Supabase Auth).
Business name, address, phone number, vertical, and service catalog.
Payment information (processed by our payment provider; Avansa does not store full card numbers on its own systems).
OAuth tokens you grant us for integrated services such as Google Calendar.

2.2 End User information (call & chat data)

Caller name, phone number, and any details provided during a voice or chat conversation (e.g., service requested, address, preferred appointment time, equipment details).
Transcripts of voice calls and chat conversations.
Booking and lead records created from the conversation.

We do not store raw call audio. Voice calls are handled by our voice infrastructure provider, which processes the audio for transcription; Avansa retains only the resulting transcript and structured lead/booking records. Retention for transcripts and structured records is described in Section 7.

2.3 Google user data

When a Business Customer connects their Google Calendar to Avansa, we request access to the following Google OAuth scope:

https://www.googleapis.com/auth/calendar.events — "View and edit events on all your calendars"

We use this scope to:

Read calendar events on the Business Customer's connected calendar to determine availability when offering appointment slots to End Users.
Create new calendar events when bookings are confirmed.
Update or cancel calendar events when a booking is rescheduled or cancelled.

Limited Use Disclosure.

Avansa's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We use Google user data only to provide and improve user-facing features of the Service (appointment availability, booking, reschedule, cancel).
We do not transfer Google user data to others except as necessary to provide those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.
We do not use Google user data to serve advertisements.
We do not allow humans to read Google user data unless we have obtained the user's affirmative consent for specific messages, doing so is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or for limited internal operations (e.g., debugging an issue affecting the specific user, with reasonable safeguards).
We do not use Google user data to train, develop, or improve generalized or non-personalized artificial intelligence or machine learning models.

3. How we use information

To provide the Service: answering calls and chats, qualifying leads, booking appointments, and syncing with the Business Customer's calendar.
To communicate with Business Customers about their account, billing, and product updates.
To debug, secure, and improve the Service.
To comply with applicable law.

4. How we share information

We share information only with the following categories of recipients:

Business Customers receive the lead, booking, and conversation data generated by End Users who interact with their Avansa receptionist.
Service providers we use to operate the Service, under contracts that restrict their use of the data:
- Hosting and database: Railway, Supabase
- Voice agents: Vapi (which uses ElevenLabs for voice synthesis)
- Language models: OpenAI and/or Anthropic, depending on configuration
- Email and identity: Google Workspace
Legal requirements — when required by law, regulation, valid legal process, or to protect the rights, property, or safety of Avansa, our users, or the public.

We do not sell personal information.

5. Google user data — sharing and storage

Calendar event data accessed through the Google Calendar API is stored on Avansa's databases (hosted on Railway and Supabase Postgres in U.S. data centers) solely to power the Service for the Business Customer who authorized the connection. We do not share this data with other Business Customers or external parties except as described in Section 4.

6. How to revoke Google access

Business Customers can disconnect Google Calendar at any time:

From the Avansa dashboard at app.avansa.ai/settings → Integrations → Disconnect Google Calendar.
From your Google Account at myaccount.google.com/permissions, by removing Avansa's access.

After disconnect, Avansa stops making calls to the Google Calendar API for that account. Calendar event data previously stored in our database is retained per Section 7 and deleted on schedule (or sooner upon written request).

7. Retention

Account information — retained while the account is active, plus 90 days after account closure, then deleted.
Call audio — not stored by Avansa; handled transiently by our voice infrastructure provider during the call.
Call and chat transcripts, lead records, booking records — retained for the life of the account, then deleted within 90 days of account closure.
OAuth tokens — deleted immediately upon disconnect.
Calendar event data fetched from Google — retained only as needed to provide the Service. Deleted within 30 days of disconnect.
Backups — encrypted backups are retained for up to 30 days and then overwritten.

8. Security

We use industry-standard practices to protect information: encryption in transit (TLS), encryption at rest, role-based access controls, multi-factor authentication for staff, tenant isolation enforced at the database and application layers, and audit logging of all access to user data. No system can be guaranteed 100% secure; we will notify affected users of a confirmed breach as required by applicable law.

9. Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export information we hold about you, and to object to certain processing. To exercise any of these rights, email privacy@avansa.ai. We will respond within 30 days.

10. Children

Avansa is not directed to children under 16, and we do not knowingly collect information from children.

11. International transfers

Avansa operates in the United States. If you access the Service from outside the United States, you understand and agree that your information may be transferred to and processed in the United States.

12. Text messaging (SMS) program and consent

Avansa sends SMS text messages to End Users on behalf of our Business Customers. These messages are transactional — most commonly a booking or scheduling link, and related messages about an appointment request the End User initiated. Avansa does not send marketing or promotional text messages.

12.1 How consent (opt-in) is obtained

End Users provide express consent verbally during an inbound phone call to a Business Customer's published phone number. During that call, the End User states their mobile number and requests that a booking link (or related appointment information) be sent to them by text message. Avansa records this consent — including the time and basis ("verbal, inbound call") — for each conversation. We do not text individuals who have not called and requested contact, and we do not purchase or upload phone-number lists.

12.2 Message types, frequency, and rates

Message types: appointment booking links and related transactional messages tied to the End User's request.
Frequency: messages are triggered by the End User's request; frequency varies and is typically one or a few messages per inquiry.
Message and data rates may apply, depending on the End User's mobile carrier and plan.

12.3 Opt-out and help

End Users can opt out at any time by replying STOP to any message; they will receive a confirmation and no further texts. Reply HELP for assistance, or contact us at support@avansa.ai or (888) 618-8356.

12.4 No sharing of mobile information for marketing

Mobile information (including phone numbers and SMS opt-in consent) is used solely to deliver the messages described above. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Phone numbers and consent records are shared only with the messaging service providers needed to deliver the texts (see Section 4) and never sold or rented.

13. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify Business Customers by email and update the "Last updated" date above. Continued use of the Service after the effective date of an update constitutes acceptance of the updated policy.

14. Contact

Avansa, a sole proprietorship operated by Hon Seng David Long
Bellevue, WA, USA
Privacy questions: privacy@avansa.ai
General contact: info@avansa.ai