HEYFIELD

Privacy Policy

Last updated: February 25, 2026

1. Introduction

Heyfield ("we," "us," or "our") operates the heyfield.app website and provides AI phone receptionist services for home service businesses (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service.

By using Heyfield, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information through our authentication provider (Clerk), including:

  • Name and email address
  • Profile information (avatar, display name)
  • Authentication credentials (managed by Clerk)

2.2 Business Information

During onboarding and through account settings, you provide:

  • Business name, type (e.g., plumber, electrician, HVAC), and owner name
  • Service area and services offered
  • Business hours of operation
  • Notification phone number for receiving SMS alerts
  • Forwarding phone number (if Smart Forwarding is enabled)

2.3 Call Data

When the AI receptionist handles calls on your behalf, we collect and store:

  • Caller name, phone number, and address (as provided by the caller)
  • Call recordings and AI-generated transcripts
  • AI-generated call summaries, urgency classification, and service requests
  • Call duration, timestamp, and status
  • Appointment booking details (if scheduling is enabled)

2.4 Payment Information

We use Stripe to process payments. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles all payment processing in compliance with PCI-DSS standards. We store your Stripe customer ID and subscription status for billing purposes.

2.5 Usage Data

We automatically collect:

  • Minutes used per billing period and overage calculations
  • Website usage analytics (pages visited, session duration) through PostHog
  • Error and performance data through Sentry
  • IP address, browser type, and device information

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service — answer calls on your behalf, generate summaries, send SMS notifications, and display call data in your dashboard.
  • Process payments — manage subscriptions, calculate usage-based billing, and handle overage charges.
  • Configure your AI receptionist — customize the AI agent with your business name, services, hours, and greeting.
  • Improve the Service — analyze usage patterns, diagnose errors, and improve AI call quality and accuracy.
  • Communicate with you — send transactional emails (account confirmations, billing receipts), service updates, and respond to support inquiries.
  • Ensure security — detect fraud, prevent abuse, enforce rate limits, and protect against unauthorized access.

4. Call Recording Disclosure

Heyfield records all phone calls handled by the AI receptionist. Recordings are used to generate transcripts, summaries, and to provide the call playback feature in your dashboard. Recordings are stored securely and are accessible only to the business account owner.

Your responsibility: You are solely responsible for complying with applicable call recording consent laws in your jurisdiction. Some states and countries require all-party consent for call recording. Heyfield provides tools to include a recording disclosure in the AI greeting, but compliance with local law is your obligation.

5. How We Share Your Information

We do not sell your personal information or your customers' data. We share information only with the following categories of service providers, strictly as necessary to operate the Service:

  • Retell AI — processes voice calls and generates AI responses. Receives caller audio and your business configuration.
  • Twilio — provides telephony infrastructure for phone numbers, call routing, and SMS delivery. Receives caller phone numbers and SMS content.
  • Clerk — manages user authentication. Receives account credentials and profile information.
  • Stripe — processes payments. Receives billing information and usage data for metered billing.
  • Neon (PostgreSQL) — hosts our database. Stores all business and call data in encrypted form.
  • Vercel — hosts the web application. Processes HTTP requests containing usage data.
  • Sentry — monitors application errors. May receive anonymized technical data when errors occur.
  • PostHog — provides product analytics. Receives anonymized usage events.
  • Resend — sends transactional emails. Receives email addresses for delivery.
  • Upstash — provides rate limiting. Receives anonymized request identifiers.

We may also disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encrypted database connections via Neon serverless driver
  • Authentication and role-based access control via Clerk
  • Webhook signature verification for all inbound integrations
  • Rate limiting to prevent abuse and brute-force attacks
  • Organization-scoped data isolation — each business can only access its own data

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential.

7. Data Retention

  • Call recordings and transcripts — retained for the duration of your active subscription. Deleted within 30 days of account termination.
  • Account and business data — retained while your account is active. Deleted within 30 days of account termination unless retention is required by law.
  • Payment records — retained as required for tax and accounting purposes (typically 7 years) in accordance with Stripe's retention policies.
  • Usage analytics — anonymized and aggregated data may be retained indefinitely for product improvement.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data, subject to legal retention requirements.
  • Data portability — request an export of your data in a machine-readable format.
  • Opt-out of analytics — you can disable analytics tracking in your browser settings.

To exercise any of these rights, contact us at support@heyfield.app. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

10. Caller Privacy

Callers who interact with your Heyfield AI receptionist should be aware that:

  • Their calls are recorded and transcribed by an AI system.
  • Their name, phone number, address, and service request details are collected and shared with you (the business owner).
  • Their information is stored securely and not sold to third parties.

As the business owner, you are responsible for informing your callers about data collection practices as required by applicable law.

11. Cookies and Tracking

We use essential cookies for authentication (via Clerk) and session management. We use PostHog for product analytics, which may set cookies to track anonymous usage patterns. We do not use third-party advertising cookies.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

13. International Data Transfers

Heyfield operates in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure our service providers maintain appropriate data protection safeguards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top indicates the most recent revision.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: