Privacy Policy

Information We Collect

We collect information you provide directly to us when you:

• Complete our contact or consultation request form (name, email, company, phone, message)
• Use our ROI Calculator (email, industry, business metrics you enter)
• Subscribe to email communications
• Communicate with us by email, phone, or social media

We also automatically collect certain technical information when you visit our website, including your IP address, browser type and version, pages visited, time spent on pages, referring URLs, and device information. This data is collected via standard web server logs and analytics tools.

How We Use Your Information

We use the information we collect to:

• Respond to consultation requests and inquiries
• Provide, maintain, and improve our AI automation services
• Send service-related communications, updates, and support messages
• Send marketing communications (only where you have opted in or we have a legitimate interest)
• Analyze website usage to improve user experience
• Comply with legal obligations and enforce our terms

We do not use your data for automated decision-making that produces significant legal effects without human review.

Information Sharing

We do not sell your personal information to third parties. We may share your information with:

• Service providers who assist us in operating our website and services (e.g., email platforms, CRM systems, analytics providers) — subject to confidentiality obligations
• Professional advisors (lawyers, accountants) where necessary and under confidentiality
• Law enforcement or government bodies when required by applicable law, court order, or governmental authority
• Successor entities in the event of a merger, acquisition, or sale of all or a portion of our assets

Any third-party service providers we use are contractually obligated to handle your data securely and only for the purposes we specify.

AI-Powered Communications & TCPA Notice

AI Voice Agents. We build and deploy AI-powered voice agents that may handle inbound calls on behalf of our clients. Where required by applicable law, AI voice agents should be configured to disclose their AI nature at the start of a conversation. We provide AI disclosure configuration options to all clients deploying voice agents. Responsibility for ensuring compliant disclosures in your specific deployment rests with you as the client.

TCPA Considerations. The Telephone Consumer Protection Act (TCPA) and FCC regulations apply to certain automated voice and messaging communications. The FCC has confirmed that AI-generated voice calls can trigger TCPA consent requirements. If you are using our services to conduct outbound calls or automated follow-up to consumers, you are responsible for obtaining appropriate prior express written consent and maintaining consent records. We can assist with consent workflow design upon request.

Call Recording. Calls handled by AI voice agents may be recorded for quality assurance, training, and audit purposes. Recording obligations vary by state — some require all-party consent (e.g., California, Illinois). Where we deploy call recording for clients, we provide configurable disclosure and notification options. Clients operating in multi-party consent states are responsible for ensuring compliant recording notices are in place.

SMS & Automated Messaging. If we build SMS follow-up automations as part of your service, the following applies:

• You are responsible for collecting and maintaining opt-in consent from message recipients before sending commercial or marketing SMS
• All automated SMS sequences we build must include a STOP opt-out mechanism and we configure this by default
• Quiet hours (typically 8am–9pm recipient local time) should be observed — we can configure time-based send restrictions upon request
• Message logs are retained as part of your deployment records and available upon request

For questions about AI communication compliance in your specific deployment, contact [email protected].

Healthcare Data & HIPAA Considerations

Protected Health Information (PHI). We do not collect, store, or process Protected Health Information (PHI) through this website. For client engagements in healthcare or dental settings, PHI handling scope is defined in the individual Service Agreement and any applicable Business Associate Agreement (BAA).

Business Associate Agreements. Where Apex AI Pilot LLC acts as a Business Associate under HIPAA (e.g., when our automation systems access or process PHI on behalf of a Covered Entity), we are prepared to enter into a BAA prior to deployment. Clients in healthcare, dental, or other HIPAA-regulated settings should request a BAA before sharing any PHI with our systems. Contact [email protected] to initiate the BAA process.

Supported HIPAA-Ready Tools. For healthcare deployments, we prioritize tools with established HIPAA-compliance programs where available (e.g., HIPAA-eligible configurations within n8n, Make, and Supabase). Specific tool selection is confirmed at the engagement scoping stage based on your data environment and compliance requirements.

Data Minimization. For all healthcare engagements, we apply a data minimization principle — we only access, process, or store the minimum data necessary to deliver the contracted service. PHI is not retained in our systems beyond what is required for the specific workflow and agreed retention period.

ROI Calculator. Our ROI Calculator tool collects business metrics you enter voluntarily (e.g., call volume, deal value, team size). It does not request or store PHI. Email addresses submitted through the calculator are used solely for follow-up communications and are not shared with healthcare-specific third parties.

Third-Party Subprocessors

We use third-party service providers (subprocessors) to help operate our website and deliver services. The following tools may process personal data or business data on our behalf:

• GoHighLevel (GHL) — CRM, contact management, form submissions, and follow-up automation. Processes contact data submitted through our website forms.
• Retell AI — AI voice agent platform used in client deployments. Processes call audio and transcripts as scoped in client Service Agreements.
• Voiceflow — Conversational AI design tool used to build chatbot and voice agent flows. Processes workflow configuration data.
• n8n / Make — Workflow automation platforms. May process business data as part of client-specific automation pipelines as scoped in Service Agreements.
• Supabase — Database and vector storage used in AI memory and retrieval systems. Processes structured data as scoped in client deployments.
• Google Analytics — Website analytics. Processes anonymized usage and behavioral data from website visitors.
• Google Fonts / Font CDN — Typeface delivery. May log IP addresses as part of font file requests.

Each subprocessor is subject to data processing agreements or terms of service consistent with their role. We do not permit subprocessors to use client or visitor data for their own independent purposes.

This list reflects our current subprocessors and will be updated when material changes occur. To request the most current subprocessor list or raise questions about a specific tool, contact [email protected].

Cookies & Tracking

Our website may use cookies and similar tracking technologies to enhance your browsing experience and analyze site traffic. Types of cookies we may use:

• Essential cookies: Required for the website to function correctly
• Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics)
• Marketing cookies: Used to deliver relevant advertising — only where permitted

You can control and delete cookies through your browser settings. Disabling certain cookies may affect website functionality. We do not respond to Do Not Track signals at this time, though we respect opt-out preferences where legally required.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encrypted data transmission (HTTPS/TLS)
• Access controls limiting data access to authorized personnel only
• Regular security assessments of our systems and third-party providers

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

• Contact form submissions: retained for up to 3 years from the date of submission
• Client project data: retained for the duration of the engagement plus 5 years
• Analytics data: typically retained in aggregate for up to 26 months

When data is no longer needed, we securely delete or anonymize it.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information held by us (with certain exceptions)
• The right to opt out of the sale of personal information — we do not sell personal information
• The right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, contact us at [email protected] or use our contact page.

European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

• Consent: Where you have given explicit consent (e.g., marketing emails)
• Contract: Where processing is necessary to fulfill a contract with you
• Legitimate interests: Where our interests (or those of a third party) are not overridden by your rights
• Legal obligation: Where required to comply with applicable laws

You have the right to lodge a complaint with your local data protection authority. Our data processing activities may involve transfers outside the EEA — where this occurs, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

Children's Privacy

Our services are not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new “Last updated” date
• Sending an email notification to active clients and subscribers where required by law

We encourage you to review this policy periodically. Your continued use of our website after changes constitutes acceptance of the updated policy.

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• General inquiries: [email protected]
• Business address: Apex AI Pilot LLC, Milwaukee, WI, United States
• Website: apexaipilot.com/contact

We aim to respond to all privacy-related inquiries within 5 business days.