Privacy Policy

For personal data about website visitors and our own customers (such as account and billing information), we act as a “controller” and this Policy applies directly.

For the personal data of our customers' leads and contacts that flows through the Service (such as the content of messages, names, and contact details), we act as a “processor” on behalf of the customer, who is the controller. We process that data only to provide the Service and on the customer's instructions, as set out in our Data Processing Addendum. If you are a lead or contact and have questions about how your data is used, please contact the business that is messaging you.

We collect the following categories of information:

• Account and profile data: name, email, password, business name, and the configuration and preferences you set up in your workspace.
• Business and onboarding data: the information you provide about your business so the Service can work your leads in your voice.
• Connected-channel data: when you connect a channel, we access and process the content and metadata needed to run the Service, including inbound and outbound messages, contact names and handles, phone numbers, email addresses, and conversation history.
• Booking and calendar data: meeting details created when the Service books a call.
• Usage and device data: log data, IP address, browser and device information, pages visited, and feature usage, collected automatically when you use our website or app.
• Billing data: information needed to process payments, which may be handled by a third-party payment processor.
• Communications: messages you send us and support requests.

We use personal data to:

• Provide, operate, secure, and maintain the Service, including running the AI setter, qualifying and replying to leads, and booking meetings.
• Authenticate users, manage workspaces, and enforce permissions and isolation between customers.
• Improve and develop the Service, troubleshoot issues, and analyze usage in aggregate.
• Communicate with you about your account, security, updates, and support.
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms.
• Comply with legal obligations and enforce our agreements.

To qualify leads and generate replies, the Service sends relevant message content and context to third-party AI model providers for processing. We use this processing only to deliver the Service. We do not sell personal data, and we do not use your private conversations or your leads' data to train AI models that serve other customers. Per-workspace learning that improves your own setter stays within your workspace.

We share personal data only as needed and as described below. We do not sell personal data.

• Subprocessors and service providers: we use trusted vendors to host data, run AI models, deliver messages, schedule meetings, transcribe audio, and process payments. They may process personal data only on our instructions and under appropriate confidentiality and data-protection obligations.
• Connected platforms: to deliver and receive messages, we exchange data with the platforms you connect (for example, Meta, your email provider, your SMS provider, and your calendar provider).
• Legal and safety: we may disclose data to comply with law, respond to lawful requests, enforce our terms, or protect the rights, property, and safety of Settr, our users, and others.
• Business transfers: if we are involved in a merger, acquisition, financing, or sale of assets, data may be transferred as part of that transaction, subject to this Policy.

We engage subprocessors in categories including cloud hosting and database infrastructure, AI and large-language-model providers, messaging and telephony providers, email infrastructure, calendar and scheduling tools, voice and audio processing, analytics, and payment processing. We maintain appropriate agreements with each and remain responsible for their handling of personal data.

We retain personal data for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it. Customers can request deletion of their workspace data as described in our Data Processing Addendum, subject to legal retention requirements.

We implement technical and organizational measures designed to protect personal data, including encryption of channel credentials and sensitive data at rest, encryption in transit, isolation between customer workspaces, access controls, and least-privilege practices. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We and our subprocessors may process personal data in countries other than the one in which you are located. Where required, we put in place appropriate safeguards for cross-border transfers, such as standard contractual clauses.

Depending on your location, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, to data portability, and to withdraw consent. You may also have the right to lodge a complaint with a supervisory authority.

If we act as controller, you can exercise these rights through the methods we publish. If your data is processed on behalf of a customer (you are a lead or contact), please direct your request to that business, and we will assist them as their processor.

Our website uses a small number of cookies and similar technologies that are necessary for the site and app to function, to keep you signed in, and to remember preferences such as theme. We may use limited analytics to understand site usage in aggregate. You can control cookies through your browser settings, though disabling some may affect functionality.

The Service is not directed to, and not intended for use by, children. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please let us know so we can delete it.

We may update this Policy from time to time. We will revise the “last updated” date and, where appropriate, provide additional notice. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

Contact details for privacy enquiries and data requests will be published here.