1. Scope and Designation of Parties
This Policy applies to our SaaS platform, website, and API infrastructure (collectively, the "Service"). For the purposes of international and domestic data protection laws (including GDPR and CCPA):
-
MissedCallGuard LLC acts strictly as a Data Processor. We process data entirely on behalf of our Clients generated by the Service.
-
You (The Subscribed Business) act strictly as the Data Controller. You are legally responsible for acquiring the appropriate consent under the Telephone Consumer Protection Act (TCPA) to gather, retain, and process the communications of your end-customers ("End-Users").
2. The "No PHI / No HIPAA" Exemption Clause
Liability Waiver
MissedCallGuard LLC is NOT a HIPAA-compliant BAA (Business Associate Agreement) provider. The Service is engineered for standard Home Services (e.g., plumbing, HVAC, electrical). You are strictly prohibited from soliciting, routing, or processing Protected Health Information (PHI) through our Twilio-backed SMS pipelines. If an End-User spontaneously transmits medical information (e.g., "Our oxygen machines are failing due to the power outage"), you explicitly agree that MissedCallGuard LLC assumes liability only to the maximum extent permitted by law for the non-HIPAA compliant transmission or storage of that data sequence.
3. Data Acquisition Matrix
To physically execute our autonomous dispatch engine, we receive and process the following explicit data vectors:
3.1. Client-Side (Controller) Data
We collect structured profile data to execute your subscription, including but not limited to:
- Corporate entity designations and principal operator identities.
- Encrypted financial instrumentation (tokenized entirely via Stripe; we never touch raw PCI/credit card integers).
- Operational routing logic (Business hours, fleet capacity matrices, customized emergency directives).
3.2. End-User (Customer) Data
When an End-User triggers a system event (e.g., a missed inbound communication), we extract:
- Originating telecommunication metadata (Phone numbers, carrier ID).
- Time-series execution logs (Exact UTC timestamps of the dropped call).
- Raw SMS transcript logs required to parse context and extract physical geo-locations for dispatching.
4. Sub-Processor Transit and Zero Data Retention Protocols
MissedCallGuard functions as the cognitive routing layer connecting your business to your customer. To achieve sub-second latency, we transit your data through highly secure third-party pipelines.
| Sub-Processor | Designated Purpose | Data Retention Policy |
|---|---|---|
| Twilio, Inc. | Provides bare-metal telecom intake, SIP trunking, and SMS transmission. | Standard 10DLC compliance logging. Twilio retains transit logs required by federal carriers. |
| OpenAI / Anthropic | Executes Large Language Model (LLM) inference to extract addresses and determine emergency status. | Strict Zero Data Retention. By enterprise API agreement, no End-User SMS data is ever retained or used to train public foundational neural networks. |
| Supabase (AWS) | Durable PostgreSQL database executing physical cluster storage and Row-Level Security isolation. | Stored securely at-rest via AES-256 encryption. Fully deleted upon account termination. |
5. Catastrophic Infrastructure Breach & Liability Cap
We design our platform defensively, employing rigid Row Level Security (RLS) to ensure multi-tenant isolation. However, you acknowledge that no internet infrastructure is mathematically unhackable.
In the event of a global, systemic breach of underlying infrastructures (e.g., vulnerabilities within AWS, Stripe, or Twilio enabling catastrophic data exfiltration), you explicitly agree that MissedCallGuard LLC shall be shielded from class-action torts, statutory damage multipliers, and consequential financial losses. The maximum legal and financial liability borne by MissedCallGuard LLC in the event of a third-party cyber breach shall literally be capped at the total subscription revenue you paid us in the twelve (12) months preceding the incident.
6. Jurisdiction-Specific Defenses (CCPA, CPRA, GDPR)
Depending on local statutes, you and your End-Users may possess granular data rights. We process inbound communications strictly under a "Legitimate Business Interest" and "Fulfillment of Contract" mandate.
6.1. For California Residents (CCPA / CPRA)
We do NOT sell (monetarily or via "share" agreements) your End-User's personal information to third parties, data aggregators, or marketing syndicates. We do not sell or share End-User personal data with third parties for marketing or advertising purposes. You have the right to request a "Targeted Data Wipe" of all stored communication logs, which we will execute computationally within 30 days via algorithmic purge.
6.2. For European Union Residents (GDPR)
Our platform is hosted on United States infrastructure. If a European citizen engages a localized US business utilizing our service, they accept the international transit of their interaction data. They retain full Right to Erasure ("Right to be Forgotten") which can be triggered by contacting the Data Protection Officer specified below.
7. Class Action Waiver & Binding Individual Arbitration
Dispute Resolution Protocol
Any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the explicit handling of End-User telecommunication data shall be settled by binding arbitration in the State of incorporation of MissedCallGuard LLC, preventing public litigation.
CLASS ACTION WAIVER: YOU AND MISSEDCALLGUARD LLC AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.
8. Cookie and Telemetry Manifest
We deploy strict, functional-only JSON Web Tokens (JWT) and required telemetry cookies to maintain session architecture and mitigate API-level abuse (e.g., DDoS attacks). We explicitly reject the use of cross-site marketing tracking pixels (e.g., Meta Pixel) on authenticated, post-login Application environments.
9. Data Retention
We retain End-User communication data only for as long as necessary to provide the Service and fulfill legal or operational obligations. Clients may request deletion of stored data at any time by contacting us. Upon account termination, all stored data is deleted within a commercially reasonable timeframe, unless retention is required by law.
10. Security Measures
We implement commercially reasonable technical and organizational safeguards to protect data processed through the Service, including:
- Encryption of data in transit and at rest.
- Access controls and authentication safeguards.
- Secure cloud infrastructure hosted by trusted providers.
- Monitoring systems designed to detect unauthorized access.
While we take reasonable steps to protect data, no system can be guaranteed to be completely secure.
11. Data Breach Notification
In the event of a confirmed data breach affecting Client or End-User data, we will notify affected Clients within a commercially reasonable timeframe and take appropriate steps to contain, investigate, and remediate the incident.
12. Children's Data
The Service is not intended for individuals under the age of 13. We do not knowingly collect or process personal data from children. If we become aware that such data has been collected, we will take steps to delete it.
MissedCallGuard LLC • Office of Data Protection
For data access, deletion requests, or privacy-related inquiries, contact:
Email: info@missedcallguard.comOr physically via USPS at: [Insert Business Address]