ServiceAgent launches soon. Register for the waitlist now to earn rewards at launch — Join the waitlist

See how it works
Try for free

Legal

Privacy Policy

Last updated:

This Privacy Policy explains how SaaS Labs US, Inc. (“ServiceAgent”, “we”, “our” or “us”) collects, uses, shares, and protects personal information when you use serviceagent.ai, our mobile and web applications, and the related products and services we offer (collectively, the “Services”).

ServiceAgent is committed to protecting your privacy and safeguarding your personal information.

We collect only the information necessary to provide and improve our services, including account details, contact information, and communication preferences.

Messaging Consent

By opting into SMS or RCS communications, you consent to receive messages from ServiceAgent related to your account, onboarding, reminders, support updates, product notifications, and promotional communications.

Message frequency varies.

Message and data rates may apply.

You can opt out at any time by replying STOP. For assistance, reply HELP or contact us at support@serviceagent.ai.

SMS/RCS opt-in data and consent will not be shared, sold, or disclosed to third parties or affiliates for marketing or promotional purposes.

We implement industry-standard security measures to protect customer information from unauthorized access, disclosure, or misuse.

We provide an AI-powered customer-engagement and operations platform for service businesses, including AI voice and messaging agents, scheduling, CRM, billing, and marketing features. This Privacy Policy is incorporated by reference into our Terms of Service. Capitalized terms that are not defined in this Policy have the meanings given to them in the Terms of Service.

1. Key Definitions

  • Customer” means a business or organization that has subscribed to or otherwise uses the Services to communicate with its own end users.
  • User” means an individual who accesses the Services on behalf of a Customer (for example, an employee, contractor, or agent), typically through an authenticated account.
  • End User” means an individual with whom a Customer communicates through the Services, such as the Customer’s customers, leads, or prospects.
  • Visitor” means an individual who visits our public marketing website without logging in to the Services.
  • Personal Data” means information that identifies or reasonably could be linked to an identified or identifiable natural person, as defined under Applicable Law.
  • Customer Data” means Personal Data and other content that Customers and Users upload to, transmit through, or generate within the Services in the course of using the Services to communicate with their End Users.

2. Information We Collect

2.1 Information you provide to us

  • Account and billing information. When you create an account or sign up for a paid Plan, we collect your name, business name, email address, phone number, username, password, billing address, and payment-method information (which is processed by our payment processor and not stored on our servers in full).
  • Profile and configuration information. Settings, brand assets, knowledge-base content, scripts, prompts, integrations, calendars, contacts, and other information you choose to configure within the Services.
  • Communications with us. Information you provide when you contact support, request a demo, respond to a survey, post on community channels, or otherwise communicate with us.
  • Marketing. Information you submit through marketing forms, including newsletter sign-ups, lead-generation forms, and waitlist registrations, including the consents you provide to receive SMS, email, or other marketing communications.

2.2 Information collected through your use of the Services

When Customers and Users operate the Services, we collect or process information about End Users on behalf of the Customer. Depending on the features used, this may include:

  • Communications content and metadata. Call audio, recordings, transcripts, summaries, SMS and chat messages, emails, voicemails, and the metadata associated with those communications (such as phone numbers, timestamps, duration, direction, and routing information).
  • Contact records. Names, phone numbers, email addresses, addresses, appointment history, billing history, notes, tags, and other CRM fields that Customers choose to maintain in the Services.
  • Scheduling and operations. Appointment details, technician dispatch information, job statuses, invoice and payment details, and similar operational records.
  • AI Feature inputs and outputs. Prompts, instructions, audio, and other inputs that Customers submit to AI Features, together with the outputs those features return.

For Customer Data, the Customer is the “data controller” or “business” and ServiceAgent acts as a “data processor” or “service provider” (or equivalent role) under Applicable Law. See Section 9 below.

2.3 Information collected automatically

When you visit our website, use the Services, or interact with our communications, we and our service providers automatically collect certain technical information, which may include:

  • Device and connection data. IP address, device identifiers, operating system, browser type and version, language, time zone, screen size, mobile carrier, network type, and similar information.
  • Usage data. Pages or screens you view, links clicked, features used, errors encountered, session duration, referrer URLs, search terms used to reach our site, and timestamps.
  • Cookies and similar technologies. Cookies, pixels, SDKs, web beacons, and local-storage entries used to remember preferences, authenticate sessions, measure performance, and analyze usage. See Section 6 for details and your choices.
  • Mobile-application telemetry. When you use our mobile apps (available on the Apple App Store and Google Play), we may collect crash reports, performance metrics, push-notification tokens, and, with your permission, microphone, camera, or location data needed to operate features you have enabled.

2.4 Information from third parties

We may receive information about you from third parties, including:

  • Single sign-on and integrations. If you log in using a third-party identity provider (for example, Google) or connect an integration (for example, a CRM, calendar, payment processor, or messaging platform), we receive the information that you authorize that integration to share with us.
  • Service providers and analytics partners. Providers that help us run, secure, and analyze the Services.
  • Marketing and enrichment sources. Publicly available sources, sales intelligence providers, partners, and referral sources for the purpose of marketing and improving our outreach to prospective customers.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google Workspace API data to develop, improve, or train generalized AI or ML models.

3. How We Use Information

We use the information described above for the following purposes:

  • Provide the Services. Operate, maintain, secure, and improve the Services; authenticate accounts; route calls and messages; transcribe and summarize communications; process payments; deliver scheduled jobs and invoices.
  • Customer support. Respond to inquiries, troubleshoot issues, and provide technical support.
  • Service improvement and analytics. Understand usage trends; detect and fix bugs; measure feature performance; design and develop new features.
  • AI Features. Use inputs and outputs to generate responses and to operate AI Features for the Customer that submitted them. We do not use Customer Data to train generally-available foundation models without the Customer’s opt-in. We may use de-identified or aggregated data to monitor, secure, debug, and improve AI Features.
  • Security and abuse prevention. Detect, investigate, prevent, and respond to fraud, abuse, security incidents, and other harmful activity, and enforce our policies and Terms of Service.
  • Marketing and communications. Send service announcements, product updates, newsletters, and, where permitted, promotional communications and personalized marketing. You can opt out of promotional communications at any time using the methods described in Section 7.
  • Compliance and legal. Comply with Applicable Law and legal process; respond to lawful requests from public authorities; protect our rights, property, and safety, and that of our users and third parties.
  • Business operations. Maintain records, conduct audits, and pursue legitimate business interests, such as preventing fraud and ensuring the security and continuity of our systems.

Legal bases (EEA/UK/Switzerland). Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services); our legitimate interests (such as securing the Services, preventing fraud, and improving the Services), provided those interests are not overridden by your rights; compliance with a legal obligation; and consent, where required (for example, certain marketing communications and cookies). You may withdraw consent at any time.

4. How We Share Information

We do not sell Personal Data in exchange for monetary consideration. We may share information as described below.

  • Customers and Users. When you communicate with a Customer through the Services, your information (including call recordings, transcripts, and messages) is made available to that Customer’s authorized personnel.
  • Service providers and sub-processors. We share information with vendors that perform services on our behalf, including cloud infrastructure and hosting (for example, Amazon Web Services and Supabase), telephony carriers, SMS aggregators, email-delivery providers, payment processors (for example, Stripe), AI providers (for example, large-language-model and speech-to-text providers), customer-support tools, and analytics providers (for example, PostHog and, where applicable, Google Analytics). These vendors are contractually required to protect Personal Data and to use it only as necessary to provide their services to us. A current list of sub-processors is available upon request from privacy@serviceagent.ai.
  • Integrations you enable. When you connect a Third-Party Service to the Services, we share information with that service as needed to provide the integration. Use of that service is governed by its own terms and privacy policy.
  • Affiliates. We may share information within our corporate group, subject to this Policy.
  • Legal and safety. We may disclose information when we believe it is required or appropriate to (i) comply with Applicable Law or a valid legal process, (ii) protect our or others’ rights, property, or safety, (iii) detect, prevent, or address fraud or security issues, or (iv) enforce our agreements and policies.
  • Corporate transactions. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to obligations of confidentiality and to commitments by the recipient consistent with this Policy.
  • With your consent or at your direction. We may share information for any other purpose disclosed to you at the time we collect the information or with your consent.
  • Aggregated or de-identified information. We may share information that has been aggregated or de-identified so that it cannot reasonably be used to identify you, for any business purpose.

5. AI Features and Automated Decision-Making

Some Services use AI Features that rely on third-party AI providers as well as our own proprietary technology. When you interact with an AI Feature:

  • We process the prompts, audio, transcripts, and other inputs you submit (or that Customers submit about you) to generate the requested output.
  • We may apply automated routing, classification, summarization, scoring, or sentiment analysis to support the Services. These features do not produce decisions that have legal or similarly significant effects on individuals without human review on the Customer’s side.
  • We do not use Customer Data to train generally-available foundation models without the Customer’s opt-in. AI Providers’ processing of inputs and outputs is governed by their respective agreements with us, which require them to use that data only to provide their services and not to train their models.
  • Customers are responsible for disclosing the use of AI Features to End Users where required by Applicable Law (for example, California Bus. & Prof. Code § 17941 and the EU AI Act).

6. Cookies and Similar Technologies

We use cookies and similar technologies that fall into the following categories:

  • Strictly necessary. Required to operate the Services (for example, authentication, session management, load balancing, and security).
  • Functional. Remember your preferences (for example, language) and personalize your experience.
  • Analytics and performance. Help us understand how the Services are used so we can improve them. We use first-party and third-party analytics tools (for example, PostHog and, where applicable, Google Analytics).
  • Advertising. Where we run advertising campaigns, we and our partners may use cookies and similar technologies to measure campaign effectiveness and to present relevant ads. We do not currently run Google AdSense on our site.

You can manage cookies through your browser settings and, where available, our cookie preference controls. Disabling certain cookies may affect the functionality of the Services. You can also opt out of Google Analytics using the Google Analytics opt-out browser add-on.

7. Your Choices

  • Account information. You can update your account information through your settings or by contacting us. Some information is required to use the Services and cannot be deleted without closing your account.
  • Marketing communications. You can opt out of marketing emails by clicking “unsubscribe” in the footer of any marketing email, or by contacting us at help@serviceagent.ai. You can opt out of marketing SMS by replying STOP to a message or by contacting us. You may continue to receive transactional or service-related communications.
  • End-user requests. If you are an End User of a Customer, the Customer is the data controller / business with respect to Customer Data about you. Please direct access, correction, deletion, and similar requests to the Customer. We will assist Customers in responding to verified End-User requests as required by Applicable Law.
  • Do-Not-Track. Our Services do not currently respond to browser Do-Not-Track signals because there is no industry consensus on how to honor them. We respect Global Privacy Control signals where Applicable Law requires.

8. Data Retention

We retain Personal Data for as long as needed to provide the Services and to satisfy the purposes described in this Policy, unless a longer retention period is required or permitted by Applicable Law. Retention periods vary by category, for example:

  • Account data: retained while the account is active and for a limited period afterward to enable account recovery, comply with legal obligations, and resolve disputes.
  • Customer Data: retained in accordance with the Customer’s configuration and instructions. After termination of a Customer’s subscription, we will delete or return Customer Data within a reasonable period, subject to backup and legal retention requirements.
  • Backups: retained for a limited period for disaster-recovery purposes.
  • Billing and tax records: retained for the period required by Applicable Law.

9. Roles for Customer Data

For Customer Data, the Customer determines the purposes and means of processing and is the “data controller” or “business” under Applicable Law. ServiceAgent processes Customer Data on the Customer’s behalf as a “data processor” or “service provider”. Where required by Applicable Law (including the GDPR, UK GDPR, and CCPA/CPRA), we enter into a Data Processing Addendum with Customers that governs that processing. End Users who wish to exercise rights with respect to Customer Data should contact the relevant Customer directly; we will support Customers in responding to verified requests.

10. Security

We implement and maintain commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Data, including encryption in transit using TLS/SSL, encryption at rest for designated data stores, role-based access controls, audit logging, multi-factor authentication, regular vulnerability scanning, and least-privilege principles. Payment-card information is processed by a PCI-compliant payment processor (Stripe), and we do not store full payment-card numbers on our servers. No method of transmission over the internet or method of electronic storage is fully secure; we cannot guarantee absolute security. In the event of a personal-data breach, we will notify affected parties and authorities as required by Applicable Law.

11. International Data Transfers

We are headquartered in the United States and process Personal Data there and in other jurisdictions where we or our service providers operate. When we transfer Personal Data out of the European Economic Area, the United Kingdom, or Switzerland, we use legally recognized transfer mechanisms, including the European Commission’s Standard Contractual Clauses (and the UK Addendum or equivalent for UK transfers), supplementary safeguards where appropriate, and reliance on data-protection frameworks where they apply. A copy of the relevant transfer mechanism can be requested at privacy@serviceagent.ai.

12. Region-Specific Rights

12.1 EEA, UK, and Switzerland

Subject to conditions and exceptions under Applicable Law, you may have the right to (a) access the Personal Data we hold about you, (b) request correction or deletion, (c) object to or restrict certain processing, (d) request portability of the data you have provided to us, and (e) withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your supervisory authority. To exercise these rights, contact privacy@serviceagent.ai.

EU Representative. IT Governance Europe Limited has been appointed as our representative in the EU under Article 27 of the GDPR. You can contact our representative at eurep@itgovernance.eu.

12.2 California (CCPA / CPRA)

If you are a California resident, you have the right to (a) know the categories and specific pieces of Personal Information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it; (b) request deletion of your Personal Information; (c) request correction of inaccurate Personal Information; (d) opt out of the “sale” or “sharing” of your Personal Information; (e) limit the use and disclosure of sensitive Personal Information; and (f) not be discriminated against for exercising your rights. We do not sell Personal Information for monetary consideration. We may “share” Personal Information (as defined under the CPRA) for cross-context behavioral advertising; you can opt out by contacting privacy@serviceagent.ai or by sending a Global Privacy Control signal where supported. To submit a request, email privacy@serviceagent.ai. We will verify your request consistent with Applicable Law. You may use an authorized agent to submit a request on your behalf.

12.3 Other U.S. State Privacy Laws

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have rights similar to those described above, including the rights to access, correct, delete, port, and opt out of targeted advertising, sale, or certain profiling. To exercise these rights, contact privacy@serviceagent.ai. If we deny a request, you may appeal that decision by replying to our denial.

13. Children’s Privacy

The Services are not directed to, and we do not knowingly collect Personal Data from, children under the age of sixteen (16). If you believe that a child has provided Personal Data to us, please contact privacy@serviceagent.ai and we will take appropriate steps to delete that information.

14. Third-Party Sites and Services

The Services may contain links to third-party websites and services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any Personal Data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or Applicable Law. When we make a material change, we will notify you by updating the date at the top of this page and, where appropriate, by additional notice (such as email or an in-product notice). Your continued use of the Services after the update becomes effective constitutes acceptance of the updated Policy.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

SaaS Labs US, Inc.
Attn: Privacy
355 Bryant Street, #403
San Francisco, CA 94107
United States of America
Email: privacy@serviceagent.ai
General support: help@serviceagent.ai

Our registered office is 355 Bryant Street, #403, San Francisco, CA 94107, United States of America. We will respond to your inquiry within the timeframes required by Applicable Law.