Privacy Policy

1. Introduction

AgenticFlo, Inc. ("AgenticFlo," "we," "our," or "us") is a Nevada Corporation located at 6725 S Eastern Ave., Ste 3, Las Vegas, NV 89119. This Privacy Policy describes how we collect, use, share, and protect personal data in connection with our AI agent service, which provides advanced call management, callback services, inbound call answering, and messaging capabilities to U.S.-based business clients.

2. Data Collection & Usage

2.1 Information We Collect

We collect the following categories of information:

• Personal Information: Name, email address, phone number, business information, and other contact details provided during account creation or service use.
• Call & Voice Data: Call recordings, caller ID, call metadata (e.g., duration, timestamps), voicemail transcriptions, and other telephony data.
• Messaging Data: SMS and text campaign information, including delivery status, opt-in/opt-out responses, and message content.
• Usage Data: IP addresses, session logs, device/browser metadata, and other analytics data related to your interactions with our platform.
• Payment Information: Billing and payment data collected and processed via third-party payment processors.
• Integration Data: Data collected via integrations with CRMs, Google Workspace, email accounts, business phone systems, and similar third-party platforms. This may include customer contacts or third-party data uploaded by our clients.

2.2 How We Use Your Data

We use collected data to:

• Provide, maintain, and enhance our AI agent services and communication features
• Facilitate account management, subscription billing, and usage-based charges
• Deliver technical support and respond to inquiries
• Monitor platform performance, detect fraud, and ensure service integrity
• Develop new features and improve user experience
• Send service-related notifications, updates, and, where permitted, marketing communications
• Comply with legal obligations and industry regulations (e.g., messaging registration requirements)

2.3 Legal Basis for Processing

Although we operate solely within the United States, we rely on the following legal bases where applicable:

• Consent – For sending marketing communications or storing call recordings when required
• Contractual Necessity – To provide and manage our services under client agreements
• Legitimate Interests – For service quality, business analytics, fraud prevention, and product development

3. Data Sharing & Protection

3.1 Data Sharing

We may share your personal data with:

• Service Providers: Including payment processors (e.g., Authorize.net), telephony and messaging vendors (e.g., Twilio, mobile campaign registry), hosting infrastructure (e.g., AWS), analytics services, and integration partners. All are contractually obligated to safeguard data.
• Legal Authorities: When required by law, subpoena, or other valid legal processes.
• Business Transfers: In the event of a merger, sale, or acquisition, your data may be transferred as part of our business assets.
• Messaging Registries: For compliance with industry requirements related to registered messaging campaigns.

3.2 Data Protection Measures

We implement industry-standard safeguards to protect your data, including:

• Encryption: All data is encrypted in transit and at rest using modern encryption protocols.
• Access Controls: Internal data access is restricted to authorized personnel based on job role.
• Monitoring & Audits: We regularly assess systems and conduct internal reviews to ensure compliance and integrity.
• Incident Response: A formal incident response plan is in place to address and notify of potential breaches.

We also rely on OpenAI's large language models for AI processing. OpenAI maintains compliance with CCPA, GDPR, SOC 2, and CSA STAR standards. However, AgenticFlo itself has not yet completed independent security certifications.

3.3 Data Retention

We retain personal data only as long as necessary for service delivery, compliance, and legitimate business purposes. Call recordings, usage logs, and integration data may be retained for up to 24 months unless a shorter or longer period is legally required or contractually agreed upon. Data may be anonymized and stored for analytics beyond this period.

4. Compliance with Privacy and Messaging Regulations

We comply with all applicable U.S. privacy laws and industry standards, including:

• The California Consumer Privacy Act (CCPA)
• Federal Communications Commission (FCC) regulations
• Carrier and industry requirements for business messaging campaigns

4.1 Messaging Compliance

To maintain trust and compliance, our messaging services follow best practices:

• Campaign Registration: All outbound messaging campaigns are registered with appropriate authorities and telecom partners.
• Consent Management: Users must explicitly opt in to receive messages, and may opt out at any time.
• Content Standards: Messages are subject to review for regulatory and ethical standards.
• Transparency: Recipients are informed about messaging frequency, purpose, and any associated costs.

5. User Rights & Choices

You have rights regarding your data, including the right to:

• Access or correct your personal data
• Request deletion of your personal data, subject to retention obligations
• Withdraw consent for marketing or communications at any time
• Opt-out of messaging by following the instructions in each message or contacting us directly

To exercise any of these rights, please email us at support@agenticfloai.com with the subject line: Privacy Request. We may verify your identity before responding.

6. Children's Data

AgenticFlo's services are intended for use by business clients only. We do not knowingly collect or process data from individuals under the age of 13. If we learn that data has been inadvertently collected from a child under 13, we will delete it promptly.

7. Geographic Scope

AgenticFlo's AI services are currently intended for use only by customers and businesses operating within the United States of America. We do not market, offer, or support our services to users located in other countries.

If you access or use our services from outside the U.S., you do so at your own risk, and you are responsible for compliance with local laws and regulations. We make no representations that our AI systems or policies comply with non-U.S. data protection or AI regulatory frameworks.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When significant changes are made, we will notify users via our website or direct communication through registered channels. The "Last Updated" date at the top reflects the most recent revision.

9. Contact Us

For questions about this Privacy Policy or how we handle your data, contact us: