Last updated: May 1, 2025
Summary: PalmRoute collects data necessary to provide our AI phone assistant and automation services. We do not sell your personal data. We use industry-standard security practices and comply with applicable privacy laws including CCPA and GDPR.
PalmRoute LLC ("PalmRoute," "we," "us," or "our") operates the PalmRoute platform, including our website at palmroute.com and all associated products and services (collectively, the "Services"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our Services. Please read this policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.
If you are a business customer using PalmRoute to handle calls and data on behalf of your own clients, see also our HIPAA Compliance page and request our Data Processing Agreement if applicable to your industry.
1. Information We Collect
We collect information in several ways depending on how you interact with our Services:
A. Information You Provide Directly
- Account information: Name, business name, email address, phone number, billing address, and payment details when you sign up.
- Business configuration: Services offered, staff names, calendar availability, scripting preferences, and operational hours you configure in our platform.
- Communications: Messages you send us via email, chat, or support tickets.
B. Information Collected Automatically
- Usage data: Pages visited, features used, time spent, click patterns, and navigation paths within the platform.
- Device & technical data: IP address, browser type, operating system, device identifiers, and time zone.
- Log files: Server logs recording access requests, error events, and system activity.
- Cookies and tracking technologies: As described in Section 4 below.
C. Call & Conversation Data
- Voice recordings: Calls handled by the PalmRoute AI assistant may be recorded for quality assurance, AI training, dispute resolution, and compliance purposes. Call parties are notified of recording via an automated disclosure at the start of each call.
- Transcripts: We generate transcripts of AI-handled calls to populate booking records, analytics, and client history features.
- Caller information: Phone numbers, names, and appointment details shared by callers during AI-handled conversations.
D. Third-Party Sources
- Calendar integrations (Google Calendar, Calendly, Square) that you authorize us to connect.
- Payment processors (Stripe) for billing information.
- Analytics providers for aggregated usage insights.
2. How We Use Your Data
We use the information we collect for the following purposes:
- Providing the Services: Operating the AI phone assistant, executing automated workflows, managing appointment bookings, and delivering all features described in your subscription plan.
- Billing & account management: Processing payments, sending invoices, managing your subscription, and handling renewals or cancellations.
- AI training and improvement: Anonymized call recordings and transcripts may be used to improve the accuracy, naturalness, and performance of our AI models. You may opt out of AI training use by contacting us at privacy@palmroute.com.
- Customer support: Responding to support requests, diagnosing technical issues, and providing account assistance.
- Communications: Sending service announcements, product updates, feature releases, and — with your consent — marketing emails. You may unsubscribe from marketing at any time.
- Analytics and product development: Understanding how our platform is used to improve features and user experience.
- Security and fraud prevention: Detecting and preventing unauthorized access, abuse, and other harmful activities.
- Legal compliance: Meeting our obligations under applicable law, responding to legal requests, and enforcing our Terms of Service.
We do not sell, rent, or trade your personal data or your clients' data to third parties for marketing or advertising purposes — ever.
3. Sharing & Disclosure
We share your information only in the following limited circumstances:
- Service providers (sub-processors): We engage trusted third-party vendors who process data on our behalf — including cloud hosting (AWS), payment processing (Stripe), SMS delivery (Twilio), and email delivery (SendGrid). All sub-processors are contractually bound to protect your data and use it only to provide services to us.
- Calendar and business tool integrations: When you connect third-party tools (e.g., Google Calendar), we share the minimum data necessary to perform the requested sync or action.
- Business transfers: If PalmRoute is acquired, merges with another company, or undergoes a similar business transaction, your data may be transferred to the successor entity. We will notify you before any such transfer occurs.
- Legal requirements: We may disclose your information if required to do so by law or in response to valid requests from public authorities (court orders, subpoenas, government agencies).
- Protection of rights: We may disclose information when we believe in good faith it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, safety threats, or violations of our Terms of Service.
- With your consent: We may share your information for any other purpose with your explicit consent.
4. Cookies & Tracking Technologies
We use cookies, web beacons, pixels, and similar technologies to operate and improve our Services. These may include:
- Essential cookies: Required for the platform to function. Cannot be disabled.
- Analytics cookies: Help us understand how users interact with our platform (e.g., Google Analytics). Anonymized where possible.
- Preference cookies: Remember your settings and preferences to personalize your experience.
- Marketing cookies: Used to deliver relevant advertisements on third-party platforms. Only set with your consent where required by law.
You can control cookies through your browser settings and our in-platform cookie preferences center. Note that disabling certain cookies may affect platform functionality.
5. Data Retention
We retain your personal data for as long as your account is active or as needed to provide our Services. Specifically:
- Account data: Retained for the duration of your subscription plus 90 days after account closure, then deleted or anonymized.
- Call recordings: Retained for 12 months from the date of the call, unless you request earlier deletion or a longer retention period is required by law.
- Call transcripts and booking records: Retained for 24 months to support analytics, dispute resolution, and service continuity.
- Billing records: Retained for 7 years as required by applicable tax and financial regulations.
- Support communications: Retained for 3 years.
You may request early deletion of your data at any time by contacting privacy@palmroute.com, subject to our legal retention obligations.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal data:
For California Residents (CCPA/CPRA)
- Right to know what personal information we have collected, used, disclosed, and sold.
- Right to delete your personal information (subject to certain exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information (we do not sell data).
- Right to limit use and disclosure of sensitive personal information.
- Right to non-discrimination for exercising your privacy rights.
For EEA/UK Residents (GDPR/UK GDPR)
- Right of access to your personal data.
- Right to rectification of inaccurate data.
- Right to erasure ("right to be forgotten").
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing.
- Right to withdraw consent at any time.
- Right to lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us at privacy@palmroute.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.
7. Security
We implement commercially reasonable administrative, technical, and physical security measures to protect your data, including:
- AES-256 encryption for data at rest
- TLS 1.2+ encryption for all data in transit
- SOC 2 Type II certified infrastructure (AWS)
- Role-based access controls and multi-factor authentication
- Regular security audits and penetration testing
- Incident response procedures with prompt notification protocols
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using industry best practices, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you as required by applicable law.
8. Children's Privacy
Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe we have collected data from a minor, please contact us at privacy@palmroute.com.
9. Third-Party Links
Our website and platform may contain links to third-party websites, services, or integrations that are not operated by us. We have no control over and assume no responsibility for the privacy practices of those third parties. We encourage you to review the privacy policy of every third-party service you connect or interact with through our platform.
10. International Data Transfers
PalmRoute is based in the United States. If you access our Services from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our servers or service providers are located. These countries may have different data protection laws than your home country.
Where required by applicable law (e.g., GDPR), we implement appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Post the updated policy on this page with a new "Last Updated" date.
- Send an email notification to the account holder email address on file at least 30 days before the changes take effect.
- For significant changes, we may require you to affirmatively acknowledge the updated policy before continuing to use the Services.
Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy.