Privacy Policy
ServQore LLC ("ServQore," "we," "our," or "us") respects your privacy. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit servqore.com, interact with our services, receive outreach from us, or become a customer. Related policies are listed in our Legal Center.
This policy is designed to comply with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), and similar US state privacy laws.
Our Role in Your Data
For personal information we collect through our marketing website, prospect outreach, and sales operations, ServQore acts as a business (also called a controller) that decides how that information is used. For personal information we process solely to host and operate a paying customer's website, capture form leads, and provide AI features under our customer agreement, ServQore acts as a service provider and processes that information only on the customer's behalf and as instructed in our contract. We do not use service-provider data for our own marketing. Paying customers are generally responsible for privacy notices and rights requests relating to their own website visitors and callers.
1. Categories of Personal Information We Collect
In the past 12 months, we have collected the following categories of personal information (CCPA categories in parentheses):
| Category | CCPA | Examples |
|---|---|---|
| Identifiers | A | Name, email address, phone number, IP address, device identifiers |
| Customer records | B | Business name, billing address, payment confirmation (via Stripe) |
| Commercial information | D | Subscription tier, purchase history, domain selections |
| Internet/network activity | F | Pages viewed, referral URLs, click tracking on outreach links, cookie data |
| Geolocation data | G | Approximate location derived from IP address or business address |
| Professional information | I | Business type, industry, Google Business Profile data |
| Inferences | K | Lead qualification scores, engagement likelihood |
We do not knowingly collect sensitive personal information (SSN, precise geolocation, health data, etc.) or information from children under 16.
2. Sources of Personal Information
- Directly from you: When you fill out forms, complete checkout, contact us, or use our chat widget.
- Publicly available sources: Google Maps / Google Business Profile data used to create proactive website previews.
- Automatically: Cookies, analytics tools, and server logs when you visit our website.
- Third-party service providers: Email delivery confirmations, payment processing, and enrichment tools.
3. Customer account portal sign-in
Paying customers manage subscriptions and site settings at account.servqore.com. To protect your account, we verify identity through Supabase Auth (our authentication provider). Depending on what you choose at sign-in, we may process:
- Email and password — your email address and a password you create (stored by Supabase using industry-standard hashing; we do not store your password in plain text).
- Google sign-in — when enabled, Google shares basic profile information (such as name and email) with Supabase so we can match your account. We do not receive your Google password.
- Password reset and order magic links — time-limited links sent to your email to recover access or open the portal after checkout.
Sessions are maintained via secure, HttpOnly cookies on account.servqore.com. We may use Cloudflare Turnstile on the login form to reduce automated abuse. This portal authentication is separate from our internal operator tools and from SMS-based sign-in used by field sales agents.
4. Business and Commercial Purposes
We use personal information to:
- Provide, operate, and improve our website design and hosting services
- Generate proactive website previews and outreach communications
- Process payments and manage subscriptions
- Respond to inquiries and provide customer support
- Analyze site traffic and measure marketing campaign performance
- Detect fraud, enforce our terms, and comply with legal obligations
- Develop and offer future products and services (for prospect and account data we control). If we materially change how we use previously collected prospect data, we will update this policy and, where required, provide additional notice before the new use.
5. Categories Sold or Shared
We do not sell personal information for monetary consideration. However, when we use analytics and advertising tools (Google Analytics, PostHog, Meta Pixel, Google Ads), certain data may be shared with those partners for cross-context behavioral advertising, which qualifies as "sharing" under CPRA.
Categories shared: Identifiers (A), Internet activity (F), and Inferences (K).
You may opt out at any time via our Your Privacy Choices page, by enabling Global Privacy Control in your browser, or by emailing privacy@servqore.com.
6. Categories Disclosed for Business Purposes
We disclose personal information to the following categories of recipients for business purposes:
| Recipient type | Categories disclosed | Purpose |
|---|---|---|
| Cloud infrastructure (Cloudflare, Supabase) | A, B, F | Hosting, database, edge delivery |
| Payment processing (Stripe) | A, B, D | Checkout and subscription billing |
| Communications (Resend, Twilio) | A, B, F | Email and SMS outreach |
| Data enrichment (Google Places, Serper, Hunter) | A, I | Lead discovery and qualification |
| AI services (Google Gemini) | A, B, F, I | Website previews, chatbot responses, content generation |
| Voice AI (Vapi, ElevenLabs), when enabled | A, F | AI voice agent calls, transcripts, recordings |
| Analytics (Google, PostHog), planned | A, F, K | Site analytics |
| Advertising (Meta, Google Ads), planned | A, F, K | Ad measurement and targeting |
7. Your Privacy Rights
Depending on your state of residence, you may have the following rights:
- Right to Know: Request what personal information we collect, use, disclose, and share.
- Right to Delete: Request deletion of personal information we hold about you, subject to legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: Opt out of the sharing of your data for cross-context behavioral advertising.
- Right to Limit Use of Sensitive PI: We do not use sensitive personal information beyond permitted purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
How to Exercise Your Rights
- Visit our Your Privacy Choices page to manage cookie preferences and opt out of sharing.
- Use our automated request endpoints (email or phone OTP verification):
- Access / Know:
POST https://links.servqore.com/api/privacy/access-request - Delete:
POST https://links.servqore.com/api/privacy/delete-request
{"email":"you@example.com"}or{"phone":"5551234567"}to receive a verification code, then resubmit with{"email":"…","code":"123456"}. - Access / Know:
- Or email privacy@servqore.com with your request. Include enough information for us to verify your identity (name, email, or phone associated with your account).
- We will respond within 45 days. If we need more time, we will notify you (up to 90 days total).
Authorized Agents
You may designate an authorized agent to submit a request on your behalf. The agent must provide proof of authorization and we may require you to verify your identity directly.
8. Global Privacy Control (GPC)
We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of the sale or sharing of personal information. When GPC is detected, analytics and marketing cookies are automatically disabled.
9. Proactive Outreach and Preview Sites
Our business model includes identifying local businesses that may benefit from a website and sending proactive outreach. We use publicly available information (such as Google Maps / Google Business Profile data) to create initial website previews. Preview sites are private, marked noindex, watermarked, and state that ServQore is not affiliated with the business until checkout.
Public data disclaimer: Preview content may include business names, addresses, hours, and truncated review excerpts from public sources. Review text is third-party user-generated content and is not endorsed by ServQore or the business unless the business later subscribes and approves the live site. Where Google or other platform data is shown, it remains subject to those providers' terms.
All outreach emails include an unsubscribe link. If you receive an email from us, you may opt out at any time. We remove preview sites and stop outreach within five (5) business days of a verified opt-out, unsubscribe, or deletion request.
10. Website Visitors (End Users of Customer Sites)
If you submit a form, use a chat widget, or call an AI phone line on a customer's website (not servqore.com), that business is generally the data controller for your information. ServQore processes your submission on the business's behalf as a service provider.
- Who to contact: For access, correction, or deletion requests, contact the business whose site you used first (their phone or email is usually on the site).
- If you contact ServQore: Email privacy@servqore.com with the business name and site URL. We will forward your request to the business and respond to you within ten (10) business days with confirmation or next steps.
- What we store: Form and chat data are described in our Data Retention Policy and the customer's agreement with us.
11. Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. You can manage preferences via the cookie banner or our Privacy Choices page.
12. AI Chatbot and Voice Agent Data
When you use ServQore AI features (on servqore.com or on your customer website/phone line), we process conversation data as follows:
- What we collect: Message text, session metadata (IP address, user agent, timestamps), lead information submitted through the assistant, and, for voice features, call audio recordings and transcripts when enabled.
- Who it is about: Visitors to your website, callers to your AI phone line, and you (as the business configuring the assistant).
- How we use it: To operate the assistant, deliver leads to you, detect abuse, improve safety filters, and, with your consent in intake forms, review conversations during onboarding and tuning periods.
- AI processing: Conversation content may be sent to third-party AI providers (e.g., Google Gemini for text; Vapi and related voice providers for telephony) solely to generate responses. We contractually require providers to process data for service delivery, not for their own unrelated advertising.
- Accuracy disclaimer: AI responses may be wrong. Do not rely on stored transcripts as legal proof of a binding commitment unless reviewed by a human. See our Terms of Service Section 6.
- Your obligations as a customer: If you enable AI on your site, you are responsible for informing your end users that they are interacting with AI and (for voice) recorded systems, consistent with applicable law and your ServQore intake configuration.
13. Data Retention
Feature-level retention details are published in our Data Retention Policy. Summary:
- Prospect and outreach data: Retained for our business operations (including future products and services) until deleted upon verified request, unsubscribe, or manual review. We do not automatically delete prospect records solely because a fixed time period has passed.
- Lead data (contacted): Retained for up to 24 months from last activity unless deleted earlier upon request.
- Customer data: Retained for the duration of the subscription plus 12 months.
- Chat sessions (servqore.com care chat): IP and device metadata scrubbed after 90 days; message content retained per customer subscription terms.
- Customer-site AI chatbot sessions: Conversation logs retained for at least 90 days for review and incident investigation; deleted per your intake retention settings or upon account cancellation.
- Voice call recordings: Retained per your voice intake selection (default 90 days), then automatically deleted. Transcripts may be retained up to 24 months for billing audit and operational analytics unless you opt out in intake.
- SMS send logs: Retained for up to 5 years (legal compliance).
- Email send logs: Retained for up to 12 months.
- OTP verification codes: Retained for up to 24 hours.
14. Financial Incentives
We do not offer financial incentives in exchange for the collection, sale, or sharing of personal information.
15. Children Under 16
Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it promptly.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes may also be communicated via email or a site notice.
17. Data Processing Agreement (Business Customers)
If you are a ServQore business customer subject to GDPR, UK GDPR, CCPA, or other privacy laws, review the Data Processing Addendum. To request a countersigned DPA, email legal@servqore.com. Our current subprocessor list is at subprocessors.html.
18. Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@servqore.com
- Mail: ServQore LLC, Atlanta, GA, USA