Privacy Policy
Last reviewed: 2026-05-13
Effective date: 2026-05-13 Last reviewed: 2026-05-13
Early-access draft. This Policy is a v1 working version that has not yet been reviewed by counsel. We will update this page when our attorney completes review.
TenFour Pro LLC, a California limited liability company (“TenFour Pro,” “we,” “us,” or “our”), operates the website at https://tenfourpro.com and provides an AI assistant service (“Service”) for small service-trade businesses. This Privacy Policy describes the personal information we collect, how we use and retain it, and your rights under California law.
Who this Policy covers
This Policy applies to: visitors to https://tenfourpro.com, prospective customers who request a demo, customers of the Service (“Customer”), and individuals whose calls are answered by the Service on a Customer’s behalf (“Callers”). For Caller information, TenFour Pro acts as a service provider under the California Privacy Rights Act (“CPRA”), processing on the Customer’s behalf. The Customer is the controller-equivalent for that information.
Categories of personal information we collect
Using the categories defined in California Civil Code Section 1798.140(v):
| Category | Examples | Source |
|---|---|---|
| Identifiers | Business name, contact name, phone number, email, IP address (hashed) | You, your Customers, Callers, Twilio caller-ID |
| Commercial information | Subscription tier, billing history | You, our payment processor |
| Internet or network activity | Pages viewed, referrer, country-level location (Plausible analytics, cookieless) | Your browser |
| Geolocation (coarse) | City- or area-code-level inferred from caller phone number | Twilio |
| Audio, electronic information | Call recordings, transcripts, call summaries | Inbound calls to your forwarded number |
| Inferences | Per-trade urgency scores, lead-quality signals | Service models |
| Sensitive personal information | Potentially: precise location if a Caller reads their address aloud, or health-adjacent information if a Caller mentions a medical condition during triage | Inbound calls |
We do not collect: Social Security numbers, driver’s license numbers, payment card numbers (handled by our payment processor under PCI scope), genetic information, biometric identifiers, or any racial, religious, sexual-orientation, or union-membership data.
Sensitive personal information
The Service may, incidentally, record a Caller mentioning a medical condition during a triage call (for example, “my elderly mother is in the house and the heat is out”). We treat this as sensitive personal information under Cal. Civ. Code § 1798.140(ae). We use it only to deliver the Service (specifically, to classify urgency) and we do not retain health-adjacent inferences beyond the underlying call recording’s retention period. We do not sell or share sensitive personal information for cross-context behavioral advertising. The “Limit the Use of My Sensitive Personal Information” right under § 1798.121 does not currently apply because we do not use sensitive personal information for purposes other than delivering the Service.
How we use personal information
We use the personal information described above to:
- Operate, maintain, and improve the Service
- Respond to demo requests and contact prospective customers
- Send owner-approval SMS notifications to the Customer’s designated phone number
- Schedule non-emergency appointments to a Customer-authorized calendar
- Comply with legal obligations, defend legal claims, and prevent fraud and abuse
- Generate aggregated, de-identified analytics (no individual is identifiable)
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use personal information to train third-party AI models.
Who we share personal information with
We share personal information only with the following subprocessors, each bound by a contractual service-provider obligation to process only on our instructions:
- Vapi (voice orchestration)
- Twilio (SMS delivery and inbound voice routing)
- Google (Calendar API)
- Anthropic (AI urgency classification, primary)
- OpenAI (AI urgency classification, fallback)
- Cloudflare (Turnstile anti-spam, CDN)
- Railway (US-region hosting and database infrastructure)
- Resend (transactional outbound email)
We may also disclose personal information when legally required (subpoena, court order, government request).
Retention
| Data | Retention period |
|---|---|
| Lead-form submissions | Until you request deletion |
| Call recordings | 60 days from call, then deleted |
| Call transcripts and summaries | 12 months from call, then deleted |
| Subscription, billing, and tax records | 7 years (California Business and Professions Code requirements) |
| Plausible analytics | Aggregated, no individual records retained |
Customer can shorten any retention period for their account by request to support@tenfourpro.com.
Your rights under California law
If you are a California resident, you have the right to:
- Know what personal information we have collected about you (Cal. Civ. Code § 1798.100, § 1798.110)
- Delete the personal information we hold about you (§ 1798.105)
- Correct inaccurate personal information (§ 1798.106)
- Opt out of sale or sharing for cross-context behavioral advertising (§ 1798.120)
- Limit the use of sensitive personal information (§ 1798.121)
- Non-discrimination for exercising any of these rights (§ 1798.125)
- Designate an authorized agent to exercise any of these rights on your behalf, subject to identity verification (§ 1798.135 regs)
We do not currently sell or share personal information for cross-context behavioral advertising. The “Your Privacy Choices” link in our site footer reflects the current state.
To exercise any of these rights, contact us using either of the following methods:
- Email privacy@tenfourpro.com
- Mail a written request to TenFour Pro LLC, San Francisco Bay Area, CA (mailing address available on request)
We will respond within 45 days of a verified request, with one possible 45-day extension if needed and disclosed. We may need to verify your identity before responding. We will not discriminate against you for exercising any right.
For Caller information (information we hold on your callers as a service provider for our Customer), the right of deletion may also require the Customer’s coordination because they control the underlying account.
Call recording details
Calls to the TenFour Pro demo line and to your phone numbers using the Service are recorded for quality and product purposes after an audible disclosure at the start of each call. California is a two-party-consent state (Cal. Penal Code §§ 631, 632, 632.7); continuing the call after the disclosure constitutes consent under California case law (Kearney v. Salomon Smith Barney, 39 Cal. 4th 95 (2006)). If a Caller refuses consent, the Service ends the call cleanly and does not retain a recording.
Recordings are stored on US infrastructure operated by Railway. Access is limited to TenFour Pro personnel on a need-to-know basis and the Customer for their own calls. Recordings are deleted on the retention schedule above or sooner on request.
Children
The Service is not directed to individuals under 16, and we do not knowingly collect personal information from children under 13 (Children’s Online Privacy Protection Act). If you believe we have inadvertently collected such information, contact us at privacy@tenfourpro.com and we will delete it.
Security
- Data in transit is protected by TLS.
- Customer credentials (Twilio auth tokens, Vapi webhook secrets) are encrypted at rest with a key managed by TenFour Pro.
- Access to production systems is limited to authorized personnel and logged.
- We do not currently maintain a published security certification (SOC 2, ISO 27001) and we are in early access; certification is on our roadmap.
Cookies and tracking technologies
- Plausible Analytics runs on the Site. It is cookieless and collects only aggregated, non-identifying page-view and referrer data.
- Cloudflare Turnstile runs on our lead-capture form. It may set a short-lived challenge token in the browser to prevent automated abuse. The token is not used for tracking.
- We do not use Google Analytics, Facebook Pixel, or any other ad-targeting cookies.
Changes to this Policy
We may update this Privacy Policy. We will revise the “Last reviewed” date at the top and email account holders for any material change. Continued use after the effective date of a change constitutes acceptance.
Contact us
- Email: privacy@tenfourpro.com
- General questions: support@tenfourpro.com
- Mail: TenFour Pro LLC, San Francisco Bay Area, CA (mailing address available on request)
Sources consulted in preparing this draft: Cal. Civ. Code §§ 1798.100 et seq. (CPRA, as amended by CPRA regs at Cal. Code Regs. tit. 11, §§ 7010-7028); Cal. Penal Code §§ 631-632.7; Kearney v. Salomon Smith Barney, 39 Cal. 4th 95 (2006); 47 U.S.C. § 227 (TCPA); Twilio A2P 10DLC guidance. This document is a v1 draft and is not a substitute for advice of counsel.