legal · privacy
Privacy Policy
Last updated: 2026-07-18
DefiningSystem provides AI voice and messaging employees for service businesses. This policy explains what data we collect, why we collect it, how it is stored and protected, and the choices you have. It applies to business customers who use DefiningSystem and to callers who interact with our AI agents.
1. Data we collect
Customer account data. When you sign up, we collect your name, business name, email address, phone number, and billing information. Billing is handled by our payment processor; we do not store full card numbers.
Call and message data. When your AI Employee handles a call, SMS, or WhatsApp message, we process the call audio, a transcript, caller phone number, call metadata (time, duration, outcome), and any booking or lead information captured. This data is necessary to deliver the service you asked us to perform.
CRM integration data. If you connect a CRM or calendar, we exchange the lead, booking, and contact data needed to sync your AI Employee's activity with those systems. We access only the scopes you authorize.
Usage and diagnostic data. We collect basic product usage telemetry and technical logs needed to operate, secure, and improve the service.
2. How we use data
- To answer calls and messages on your behalf and book appointments.
- To sync captured leads and bookings to your CRM and calendar.
- To provide human-escalation handoffs when you or your team step in.
- To operate, secure, and troubleshoot your account.
- To bill you and manage your month-to-month subscription.
- To improve our AI quality, with your data handled per Section 6.
3. Legal bases (GDPR / CCPA)
Where applicable, we process data on the basis of contract performance (delivering the service you signed up for), your consent, our legitimate interest in operating and securing the service, and legal obligation. California residents and EU/UK residents may exercise the rights described in Section 7.
4. Data retention
Call recordings, transcripts, and message logs are retained for the life of your account so you can review interactions and we can support you. You may request deletion of specific interactions at any time. After account closure, we delete customer data within 30 days unless a longer retention is required by law or to resolve a dispute.
5. Security
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is role-based and logged. We maintain an audit trail of account activity. We do not sell your data, and we do not share it with third parties for cross-context advertising.
6. Subprocessors and AI providers
To deliver the AI voice and messaging service, we engage subprocessors for telephony, speech-to-text, large-language-model inference, and hosting. Each processor is bound by data-processing terms and limited to the data necessary to perform the function. Your call and message data is used to serve your account; we do not contribute your customer data to third-party model training datasets.
A current list of subprocessors is available on request.
7. Your rights and choices
You may, at any time:
- Request access to or a copy of your data.
- Request correction or deletion of your data.
- Object to or restrict certain processing.
- Withdraw consent where processing relied on it.
- Export your account data in a portable format.
California residents may exercise rights under the CCPA/CPRA, and EU/UK residents under the GDPR. To exercise any right, contact us at privacy@definingsystem.com. We respond within 30 days.
8. Regulated industries (HIPAA)
If your business operates in a regulated industry such as healthcare or dental, contact us before activation so we can determine whether a Business Associate Agreement (BAA) and a dedicated compliant configuration are appropriate for your use case.
9. International transfers
Your data may be processed in the United States or other regions where our subprocessors operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses for international transfers.
10. Children's privacy
DefiningSystem is a business service and is not directed to children. We do not knowingly collect personal information from children.
11. Changes to this policy
We update this policy as our service evolves. Material changes will be posted here with a new “Last updated” date. Continued use after a change constitutes acceptance.
12. Contact
Questions or requests? Email privacy@definingsystem.com or use the contact form.