Privacy Policy

Overview

PromoPilot AI is a service of Palmetto Digital Ventures LLC ("Company," "we," "us," or "our"), a South Carolina limited liability company with its principal place of business in Anderson, South Carolina.

This Privacy Policy describes how we collect, use, disclose, and safeguard information obtained through our website at promopilotai.com (the "Site") and through our AI-powered business communication services, including Missed Call Text-Back (MCTB) and AI Voice Agent (AIVA) (collectively, the "Services").

This Policy also describes our obligations as a service provider processing data on behalf of our business clients ("Clients") and, where applicable, our Clients' customers and callers ("End Users").

By accessing our Site or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of our Site and Services.

Information We Collect

We collect information in three primary contexts: from visitors to our Site, from our business Clients, and from End Users who interact with our Services on behalf of our Clients.

2.1 Information You Provide Directly

• Contact and inquiry information: Name, business name, email address, phone number, and business type when you submit a form on our Site.
• Client onboarding information: Business name, legal entity name, EIN, physical address, business hours, service descriptions, and authorized representative information collected during the client setup process.
• Communications: Records of correspondence with our team via email, phone, or other channels.

2.2 Information Collected Through the Services

• Call data: Inbound and missed call records, caller identification information, call timestamps, and call duration associated with a Client's business phone number.
• SMS conversation data: Text message content, timestamps, opt-in and opt-out status, and conversation transcripts generated through our MCTB service.
• Voice interaction data: Call recordings, voice transcripts, and AI-generated summaries produced through our AIVA service, where applicable and permitted by law.
• Lead and contact information: Names, phone numbers, email addresses, and other information captured from End Users during AI-assisted conversations conducted on behalf of our Clients.

2.3 Information Collected Automatically

• Usage data: IP address, browser type, operating system, referring URLs, pages visited, and time spent on our Site.
• Device information: Device identifiers, hardware model, and network information.
• Cookies and similar technologies: See Section 12 for full details.

2.4 Information from Third Parties

• Platform data: Information processed through our technology platform provider, GoHighLevel (HighLevel Inc.), in connection with delivering our Services.
• Carrier data: Call and SMS delivery confirmations, carrier registration identifiers, and compliance data associated with our A2P 10DLC registration.

How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To set up, configure, operate, and maintain our MCTB and AIVA services on behalf of our Clients, including routing calls, sending automated text responses, and capturing lead information.
• Client communications: To respond to inquiries, send service updates, share performance reports, and communicate about account matters.
• Compliance and registration: To complete A2P 10DLC brand and campaign registration with federal telecommunications carriers, including submission of required business identification and use-case information.
• Billing and account management: To process payments, manage subscriptions, and maintain accurate account records.
• Service improvement: To analyze usage patterns, diagnose technical issues, and improve the performance and reliability of our Services.
• Legal compliance: To comply with applicable laws, respond to lawful requests from government authorities, enforce our agreements, and protect our rights and the rights of others.
• Safety and fraud prevention: To detect, investigate, and prevent fraudulent transactions, spam, and other prohibited activities.

SMS Communications & TCPA Compliance

Our Services involve the transmission of automated text messages on behalf of our Clients. We operate under registered A2P 10DLC brand and campaign credentials with major U.S. telecommunications carriers and take SMS compliance seriously.

4.1 Consent

Text messages sent through our Services are initiated only in connection with a prior business relationship or communication event (such as a missed call to a Client's business), or based on explicit opt-in consent. We do not send unsolicited commercial text messages.

SMS consent is optional and not required to submit our website contact form or use our services. By submitting your information through our Site's contact form and checking one or both independent SMS consent boxes, you agree to receive the corresponding category of text messages from PromoPilot AI. SMS consent is not a condition of purchase, and your AI demo will be delivered via email regardless of SMS consent status.

4.2 Opt-Out

You may opt out of receiving text messages at any time by replying STOP to any message we send (text STOP to opt out at any time). You will receive a single confirmation message and no further messages will be sent. To request help, reply HELP for assistance. Message and data rates may apply. Message frequency varies.

4.3 Message Frequency and Costs

Message frequency varies based on your interactions with our Services. Standard message and data rates may apply depending on your wireless carrier and service plan.

4.4 SMS Opt-In Data — Non-Disclosure

4.5 Client Obligations

Our Clients who use our MCTB service to send text messages to their own customers are independently responsible for ensuring they have obtained all legally required consents under the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and all applicable state and federal laws. We provide the technology platform; our Clients are responsible for the legality of their own communications with their customers.

4.6 SMS Consent — Exact Form Language (A2P 10DLC Compliance Reference)

This section reproduces verbatim the SMS consent language presented on our website lead capture form. Visitors may affirmatively check one or both of the following independent consent boxes to receive text messages from PromoPilot AI. Both consent boxes are unchecked by default. SMS consent is not a condition of any purchase.

Non-Marketing (Transactional) Consent — Checkbox 1:

By checking this box, I consent to receive non-marketing text messages from PromoPilot AI about appointment reminders, account updates, and service notifications. This is optional. Your demo will be delivered via email. Message frequency varies. Message & data rates may apply. Text HELP for assistance, reply STOP to opt out.

Marketing and Promotional Consent — Checkbox 2:

By checking this box, I consent to receive marketing and promotional messages including service announcements, new feature notifications, special offers, and discounts from PromoPilot AI at the phone number provided. Message frequency varies. Message & data rates may apply. Text HELP for assistance, reply STOP to opt out.

Universal Compliance Notice: All text messages sent by PromoPilot AI, regardless of category, include clear sender identification. To stop receiving messages at any time, reply STOP to any message you receive (text STOP to opt out). For assistance, reply HELP for assistance. Message frequency varies. Message and data rates may apply. SMS opt-in data and consent records are not shared with third parties for marketing or advertising purposes.

Voice & AI Interactions

Our AI Voice Agent (AIVA) service uses artificial intelligence to conduct live telephone conversations on behalf of our Clients. The following disclosures apply to all voice-related data collection and processing.

5.1 AI Disclosure

Our AI Voice Agent identifies itself as an AI assistant at the outset of any call interaction. This disclosure is consistent with Federal Trade Commission (FTC) guidance on AI transparency and applicable state laws governing automated communications.

5.2 Call Recording

Calls handled by our AIVA service may be recorded and transcribed for quality assurance, service delivery, and Client reporting purposes. Our Clients are responsible for ensuring compliance with applicable state call recording notification laws, including requirements in two-party consent states. By calling a business that uses our AIVA service, callers may be subject to recording as disclosed by the Client's business.

5.3 Transcript and Summary Data

Call transcripts and AI-generated summaries are stored securely and made available to the applicable Client through their service dashboard. This data is retained in accordance with Section 8 of this Policy.

5.4 No Sale of Voice Data

We do not sell, license, or otherwise commercially exploit call recordings, transcripts, or voice interaction data for any purpose beyond delivering our contracted Services to our Clients.

How We Share Your Information

We do not sell personal information. We share information only in the following limited circumstances:

6.1 Technology Platform Provider

GoHighLevel / HighLevel Inc. serves as our primary technology platform and data processor. GoHighLevel processes data on our behalf to enable CRM, communication, workflow automation, and AI capabilities that power our Services. Their privacy policy governs their own data practices and is available at gohighlevel.com/privacy-policy.

6.2 Other Service Providers

We may share information with vetted third-party service providers who assist in operating our business, including telecommunications carriers and A2P 10DLC registries, cloud hosting and infrastructure providers, payment processors, and analytics tools. All service providers are contractually bound to use information only for the purposes of providing services to us and to maintain appropriate data security standards.

6.3 Our Clients

End User data collected through our Services — including call records, SMS conversations, and lead information — is shared with the Client on whose behalf we are operating. Clients receive this data as a core component of the Services we provide.

6.4 Legal Requirements

We may disclose information when required by applicable law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of any person, investigate fraud, or respond to a lawful government request.

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, personal information may be transferred as part of that transaction. We will provide notice of any such transfer and describe any choices you may have.

6.6 We Do Not Sell Your Data

Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and destruction. Our security measures include encrypted data transmission via SSL/TLS protocols, access controls limiting data access to authorized personnel only, enterprise-grade infrastructure through our technology platform provider, and regular review of our data collection, storage, and processing practices.

No method of transmission over the internet or electronic storage is completely secure. While we employ commercially reasonable security measures, we cannot guarantee absolute security of your information. In the event of a data breach that poses a risk to your rights, we will notify affected parties as required by applicable law.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, maintain our service relationships, comply with legal obligations, resolve disputes, and enforce our agreements.

• Client account data: Retained for the duration of the service relationship plus up to 36 months thereafter.
• Call records and SMS transcripts: Retained for the duration of the Client's active service agreement. Upon termination, data is retained for up to 90 days before deletion or anonymization, unless earlier deletion is requested.
• Site visitor and analytics data: Retained for up to 24 months.
• Legal hold: We may retain information for longer periods if required by law or in connection with active or anticipated legal proceedings.

Clients may request export of their data at any time during their active service agreement. Deletion requests are honored subject to our legal retention obligations and will be completed within 30 days of verification.

Your Rights & Choices

Depending on your location and applicable law, you may have certain rights with respect to your personal information. We honor all legally required requests and strive to respond promptly.

9.1 Access and Correction

You may request access to the personal information we hold about you and request correction of any inaccurate data. Active Clients may update most account information directly through their service dashboard.

9.2 Deletion

You may request deletion of your personal information, subject to our legal obligations to retain certain data. We will respond to verified deletion requests within 30 days.

9.3 SMS Opt-Out

Reply STOP to any text message to immediately opt out of further SMS communications from us (text STOP to opt out). Reply HELP for assistance. For Site inquiry follow-up messages, contact us at [email protected] to be removed from our contact list.

9.4 Opt-Out of Marketing Communications

You may opt out of marketing emails at any time by clicking the unsubscribe link in any email or by contacting us directly. Transactional and service-related communications are not subject to marketing opt-out.

9.5 California Residents (CCPA)

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion of personal information, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your California privacy rights, contact us using the information in Section 15.

9.6 South Carolina Residents

We are committed to honoring applicable rights under South Carolina privacy laws, including the South Carolina Consumer Privacy Act (SCPA), as those laws become effective. This Policy will be updated accordingly.

9.7 Submitting a Request

To exercise any of the rights described in this Section, contact us at [email protected]. We will verify your identity before processing any request and will respond within 30 days of receipt.

Children's Privacy

Our Services are intended solely for use by businesses and business professionals. We do not knowingly collect personal information from individuals under the age of 18, and our Site and Services are not directed to minors.

If we become aware that we have inadvertently collected personal information from a person under 18, we will take prompt steps to delete that information from our records. If you have reason to believe we may have collected information from a minor, please contact us immediately at [email protected].

Third-Party Services & Data Processors

We use the following primary third-party services in connection with operating our business and delivering our Services. Each processes data subject to their own privacy policies and data processing agreements:

• GoHighLevel / HighLevel Inc. — CRM, workflow automation, AI, and communication platform. Acts as our primary data processor.
• Cloudflare Inc. — Website hosting, content delivery network (CDN), and security infrastructure.
• U.S. Telecommunications Carriers — SMS and voice call delivery through A2P 10DLC registered channels, including AT&T, Verizon, T-Mobile, and others.

Our Site may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those external sites and encourage you to review their privacy policies independently before providing any personal information.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Site, understand how visitors interact with our content, and support our marketing activities.

Types of Cookies We Use

• Essential cookies: Necessary for the Site to function properly. These cannot be disabled without affecting Site functionality.
• Analytics cookies: Help us understand how visitors interact with our Site, including pages visited and time on site. Data is aggregated and used to improve our content and user experience.
• Marketing cookies: Used to measure the effectiveness of our marketing campaigns and deliver relevant content to interested visitors.

Your Cookie Choices

Most web browsers allow you to control cookies through their settings preferences. You may also use browser extensions or opt-out tools provided by analytics services. Please note that disabling certain cookies may affect the functionality of our Site.

We do not currently respond to browser "Do Not Track" signals, as no uniform industry standard for honoring such signals has been established.

International Data Transfers

Our Services are operated and based in the United States. If you are located outside the United States, please be aware that any information you provide to us will be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country of residence.

By using our Site or Services, you consent to this transfer. We take reasonable steps to ensure that any international transfer of personal information complies with applicable legal requirements and that your information continues to be protected in accordance with this Policy.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, applicable legal requirements, or business operations. When we make changes, we will update the "Effective Date" at the top of this page.

For material changes that significantly affect your rights or our data practices, we will make reasonable efforts to notify active Clients via email. Your continued use of our Site or Services after any update constitutes acceptance of the revised Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below. We take all privacy inquiries seriously and will respond within 30 days of receipt.