SmartScale AI logoSmartScale AIBack to home

LEGAL · PRIVACY POLICY

Privacy Policy

Effective Date: May 15, 2026

1. Introduction

SmartScale AI (“SmartScale AI,” “we,” “our,” or “us”) is an AI automation agency that provides subscription-based AI tools and services to small and mid-sized businesses, with a focus on HVAC and plumbing contractors. We are committed to protecting the privacy of our clients, their employees, their end users, and visitors to our website.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard personal information in connection with:

  • Our website (smartaiscaling.com)
  • Our client portal at dashboard.smartaiscaling.com
  • Our calendar application at calendar.smartaiscaling.com
  • Our AI voice receptionist product and related AI-powered services

This Policy applies to all users located in the United States and Canada.

By accessing our website, using our client portal, or engaging our services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our services.

2. Information We Collect

2.1 Business Contact Information

When you sign up, contact us, or engage our services, we may collect:

  • Full name and job title
  • Business email address
  • Phone number
  • Business name and address

2.2 Payment and Billing Information

To process subscription payments, we collect billing-related information such as billing address and payment method details. Payment card data is processed directly by our payment processor, Stripe, Inc., and is not stored on our systems.

2.3 Call Recordings and Transcripts

Our AI voice receptionist product processes inbound phone calls on behalf of our clients. This may result in the recording and transcription of calls between our AI agent and callers (end users). These recordings and transcripts are used solely to provide and improve the services.

Clients are responsible for ensuring their end users are notified of call recording in accordance with applicable law (see Section 10 — Client Responsibilities).

2.4 End-User and Customer Data

In the course of delivering AI automation services, we may process personal information about our clients’ customers or end users, such as names, phone numbers, appointment details, service addresses, and responses to AI-driven interactions. We process this data solely as a service provider acting on behalf of our clients.

2.5 Google User Data

When a client connects their Google Calendar to our calendar application, we receive access to specific Google user data necessary to provide our appointment booking services. See Section 5 for full details on how we access, use, store, and protect Google user data.

2.6 Usage and Analytics Data

We automatically collect technical and behavioral data when you interact with our website, client portal, or calendar application, including:

  • IP address and approximate location
  • Browser type and operating system
  • Pages visited, time on site, and clickstream data
  • Referring URLs and search terms

This data is collected via cookies and third-party analytics tools to help us improve our platform and user experience.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve our AI tools and services
  • Process payments and manage your subscription
  • Communicate with you about your account, updates, and support
  • Train and refine AI models that power our services (using de-identified or aggregated data where possible)
  • Monitor and analyze usage trends to improve platform performance
  • Comply with our legal obligations and enforce our agreements
  • Detect and prevent fraud, abuse, or security incidents

4. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of third parties:

4.1 Sub-Processors and Service Providers

We share information with vendors who process data on our behalf to deliver and improve our services. These providers are contractually bound to protect your data. Our key sub-processors include:

  • ChatDash — White-label client portal infrastructure. Stores client account data, agent configurations, call logs, and analytics data. Privacy policy: https://chat-dash.com/privacy
  • Retell AI — AI voice agent infrastructure. Processes inbound call audio, generates transcripts, and performs post-call analysis. Privacy policy: https://retellai.com/privacy
  • Stripe, Inc. — Payment processing and billing management. Privacy policy: https://stripe.com/privacy
  • Supabase — Database hosting for our calendar application. Stores encrypted OAuth tokens, booking records, and call-to-booking linkages. Privacy policy: https://supabase.com/privacy
  • Vercel — Hosting infrastructure for our calendar application at calendar.smartaiscaling.com. Privacy policy: https://vercel.com/legal/privacy-policy
  • Google LLC — Google Calendar API access for appointment booking and availability checking, when a client has explicitly connected their Google Calendar. Privacy policy: https://policies.google.com/privacy

Each of these providers maintains their own privacy and security practices. We encourage you to review their policies.

4.2 Legal and Compliance Disclosures

We may disclose your information when required by law, court order, or government authority, or when we reasonably believe disclosure is necessary to protect the rights, property, or safety of SmartScale AI, our clients, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a materially different privacy policy.

4.4 No Use for Advertising

We do not use Google user data, call recordings, transcripts, or end-user customer data to serve advertisements. We do not share this data with advertising networks or data brokers.

5. Google User Data and API Services

This section provides specific disclosures about our access to and use of Google user data through Google APIs.

5.1 Google APIs Used

Our calendar application uses the Google Calendar API to enable AI-booked appointments to be created on a client’s Google Calendar and to check availability before booking. We do not access any other Google APIs.

5.2 OAuth Scopes Requested

When a client connects their Google Calendar to our calendar application, we request the following OAuth scopes:

  • https://www.googleapis.com/auth/calendar.events — to create new calendar events when our AI voice receptionist books an appointment with a customer, and to read, update, or cancel those events as needed
  • https://www.googleapis.com/auth/calendar.readonly — to check the client’s existing calendar availability (free/busy data) before our AI voice receptionist offers a time slot to a caller, preventing double-bookings

We request only the minimum scopes necessary to provide our appointment booking and availability features.

5.3 How We Use Google User Data

We access Google Calendar data exclusively to:

  • Check the client's calendar availability when an inbound caller requests an appointment, so the AI voice receptionist only offers genuinely open time slots
  • Create new calendar events on the client's Google Calendar when the AI voice receptionist successfully books an appointment with a caller
  • Display the client's AI-booked appointments inside their SmartScale AI calendar view

We do not access Google Calendar data for any other purpose. We do not use Google user data to train AI models, profile users, or for any purpose unrelated to providing appointment booking functionality.

5.4 How We Store Google User Data

When a client completes the Google OAuth flow, we receive an access token and a refresh token. We store the refresh token in our Supabase database, encrypted using Supabase Vault. Access tokens are short-lived (one hour) and are refreshed as needed using the stored refresh token.

Calendar event data fetched from the Google Calendar API is rendered in the client’s calendar view in real time and is not cached or stored on our servers beyond the duration of the user’s session.

Booking records that we create through the Google Calendar API are stored in our Supabase database with limited fields necessary for our service (event time, customer name, customer phone number, appointment type, and a reference to the originating voice call). These records are stored for as long as the client relationship is active, plus 90 days.

5.5 How We Share Google User Data

We do not share Google user data with any third party except:

  • Our infrastructure sub-processors (Supabase and Vercel) who host the data on our behalf under contractual data protection obligations
  • As required by law, court order, or other valid legal process

We do not share Google user data with advertising networks, data brokers, or any party not listed in Section 4.1.

5.6 Limited Use Disclosure

SmartScale AI’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5.7 Revoking Google Calendar Access

A client may revoke our calendar application’s access to their Google Calendar at any time by:

When access is revoked, we will delete the associated refresh token from our database within 30 days. The client’s AI voice receptionist will no longer be able to book appointments to their Google Calendar after revocation.

6. Call Recording Notice

Our AI voice receptionist may record and transcribe telephone calls. Call recordings may be subject to federal and state/provincial consent laws. In the United States, federal law generally requires one-party consent, but many states (including California and Illinois) require all-party consent. In Canada, consent requirements vary by province.

Clients deploying our AI receptionist are solely responsible for ensuring proper disclosures are made to callers and that applicable recording consent laws are followed in their jurisdiction. SmartScale AI is not liable for client failures to obtain required consents.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze traffic, and support platform functionality. These may include:

  • Essential cookies — required for the site to function
  • Analytics cookies — used to understand how visitors interact with our site
  • Preference cookies — used to remember your settings and choices

You may control cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our website or portal.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, maintain your account, and comply with our legal obligations. When data is no longer needed, we delete or anonymize it in a secure manner.

Specific retention periods include:

  • Call recordings and transcripts: 90 days from the date of the call, unless a longer retention period is required by law or specifically requested in writing by the client
  • Booking records: Retained for the duration of the client relationship, plus 90 days after termination
  • Google Calendar OAuth tokens: Deleted within 30 days of client offboarding or upon written request from the user whose Google account is connected
  • Billing and payment records: Retained for 7 years to comply with applicable U.S. tax and financial regulations
  • Business contact information: Retained for the duration of the client or prospect relationship, plus 2 years
  • Usage and analytics data: Retained for 24 months in identifiable form, then anonymized or deleted

9. Your Rights and Choices

Depending on your location and applicable law, you may have the following rights with respect to your personal information:

  • Access — Request a copy of the personal information we hold about you
  • Correction — Request that we correct inaccurate or incomplete information
  • Deletion — Request that we delete your personal information, subject to legal retention requirements
  • Opt-Out — Opt out of non-essential data collection or marketing communications
  • Data Portability — Request your data in a structured, machine-readable format
  • Revoke Google Calendar Access — See Section 5.7 for instructions specific to Google Calendar data

To exercise any of these rights, please contact us at privacy@smartaiscaling.com or at the address listed in Section 12. We will respond to verified requests within 30 days. We do not discriminate against individuals who exercise their privacy rights.

10. Client Responsibilities

Our clients (businesses that subscribe to SmartScale AI services) are responsible for:

  • Ensuring their end users and customers are informed about how their data is collected and used through SmartScale AI-powered tools
  • Obtaining all required consents for call recording and AI-driven interactions
  • Complying with all applicable privacy laws in their industry and jurisdiction, including PIPEDA in Canada and relevant U.S. state privacy laws

SmartScale AI acts as a data processor on behalf of its clients with respect to end-user data. Clients are the data controller and bear primary responsibility for lawful data processing under applicable law.

11. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Our security measures include:

  • Encryption of OAuth refresh tokens at rest using Supabase Vault
  • TLS encryption for all data transmitted between our systems and third parties
  • Access controls limiting employee access to personal data to those with a legitimate business need
  • Secure password storage for all account credentials
  • Regular review of our infrastructure and security posture

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage clients to use strong passwords and secure their own systems.

In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SmartScale AI

8 Lazy Girls Lane

Elkton, MD 21921

United States

Privacy-related inquiries: privacy@smartaiscaling.com

General contact: tyler@smartaiscaling.com

Website: www.smartaiscaling.com

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes we will update the Effective Date at the top of this document and, where appropriate, notify clients by email or through the client portal.

Your continued use of our services after any updates constitutes your acceptance of the revised Policy.