Privacy Policy

Last Updated: June 10, 2025

Table of Contents

Introduction

At ThermaTalk ("we", "our", or "us"), we are committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered communication services for heating and cooling businesses.

By using ThermaTalk services, you consent to the data practices described in this Privacy Policy. We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, we may provide you with additional notice.

This Privacy Policy applies to all services offered by ThermaTalk, including our AI voice assistant, chat widgets, email response systems, and any other related services.

Information Collection

We collect several types of information from and about users of our services, including:

Personal Information

  • Contact information (such as name, email address, phone number, and mailing address)
  • Business information (such as business name, industry, and size)
  • Payment information (such as credit card details and billing address)
  • Account credentials (such as username and password)
  • Customer service inquiries and communications

Conversation Data

  • Voice recordings and transcripts from calls handled by our AI assistant
  • Chat logs and message content from website chat interactions
  • Email content from automated email responses
  • Customer inquiries, questions, and service requests

Technical Information

  • Device information (such as IP address, browser type, operating system)
  • Usage data (such as pages visited, features used, time spent on service)
  • Location data (such as general geographic location based on IP address)
  • Cookies and similar tracking technologies

Important Note About Sensitive Information

Our systems may process information that could include sensitive personal data such as health information when discussing heating and cooling needs. We handle such information in accordance with applicable laws, including HIPAA where relevant.

Data Usage

We use the information we collect for various purposes, including:

Service Provision

  • • Providing and maintaining our services
  • • Processing transactions and payments
  • • Fulfilling customer service requests
  • • Managing customer accounts

AI Improvement

  • • Training our AI models
  • • Improving response accuracy
  • • Enhancing natural language processing
  • • Developing new features

Analytics & Improvement

  • • Analyzing usage patterns
  • • Monitoring service performance
  • • Conducting research and development
  • • Generating business insights

Communication

  • • Sending service updates
  • • Providing customer support
  • • Marketing and promotional messages
  • • Responding to inquiries

We may also use your information for other purposes with your consent or as permitted or required by applicable law. We will always seek to ensure that our use of your personal information is proportionate and respectful of your privacy rights.

Data Minimization Commitment

We follow the principle of data minimization, collecting and retaining only the information necessary for the purposes described in this Privacy Policy. We regularly review our data retention practices to ensure we're not keeping data longer than needed.

Security Measures

We implement a variety of security measures to maintain the safety of your personal information when you use our services. These include:

Encryption

End-to-end encryption for all data in transit and at rest

Access Controls

Strict access controls and authentication requirements

Regular Audits

Continuous security monitoring and vulnerability assessments

Our infrastructure is hosted on secure servers with appropriate safeguards, and we maintain SOC 2 Type II certification. We regularly review and update our security practices to address new threats and vulnerabilities.

While we implement these security measures, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.

Data Breach Procedures

In the event of a data breach that compromises your personal information, we will:

  1. Notify affected users promptly as required by applicable law
  2. Provide clear information about what data was affected
  3. Take immediate steps to contain and remediate the breach
  4. Cooperate with regulatory authorities as required
  5. Review and update our security measures to prevent similar incidents

Third-Party Sharing

We may share your information with third parties in certain circumstances:

Category Purpose Data Shared
Service Providers To help us provide and improve our services Contact information, usage data, technical information
Business Partners For integrated services and joint offerings Contact information, business information
Legal Requirements To comply with laws, regulations, legal process Any information as legally required
Business Transfers In connection with a merger, acquisition, or sale All information related to the transferred assets

When we share information with service providers, we require them to use your information only for the purpose of providing services to us and to implement appropriate data security measures.

Third-Party Services

Our services may integrate with or contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our services.

Examples of third-party integrations may include:

  • Payment processors
  • CRM systems
  • Calendar applications
  • Analytics providers
  • Cloud storage services

User Rights

Depending on your location, you may have certain rights regarding your personal information. These may include:

Right to Access

You can request a copy of the personal information we hold about you.

Right to Rectification

You can request that we correct inaccurate or incomplete information.

Right to Erasure

You can request that we delete your personal information in certain circumstances.

Right to Restriction

You can request that we restrict processing of your personal information.

Right to Data Portability

You can request a copy of your data in a structured, commonly used format.

Right to Object

You can object to the processing of your personal information in certain circumstances.

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below. We will respond to your request within the timeframe required by applicable law.

How to Exercise Your Rights

You can submit a request to exercise your data rights by:

  • Emailing our privacy team at privacy@thermatalk.com
  • Contacting our customer support team at 1-800-THERMA-TALK
  • Using the privacy settings in your account dashboard (for certain rights)

We may need to verify your identity before processing your request. We will respond within 30 days in most cases, though some complex requests may take longer.

GDPR & CCPA Compliance

We are committed to complying with applicable data protection laws, including the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

GDPR Compliance

For users in the European Economic Area (EEA), we serve as both a data controller and a data processor, depending on the circumstances.

  • We process data only with a lawful basis
  • We implement appropriate technical and organizational measures
  • We honor data subject rights
  • We maintain records of processing activities

CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act (CCPA) and its requirements.

  • We disclose categories of personal information collected
  • We honor consumer rights to access and delete data
  • We provide a "Do Not Sell My Personal Information" option
  • We do not discriminate against consumers exercising their rights

International Data Transfers

We may transfer your personal information to countries other than the one in which you live. When we transfer personal information across borders, we take appropriate safeguards to protect your information in accordance with this Privacy Policy and applicable law.

Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal information based on one or more of the following legal bases:

  • Performance of a Contract: Processing necessary to fulfill our contractual obligations to you
  • Legitimate Interests: Processing necessary for our legitimate business interests
  • Consent: Processing based on your specific consent
  • Legal Obligation: Processing necessary to comply with our legal obligations

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using the information below:

Privacy Team

  • Email: privacy@thermatalk.com
  • Phone: 1-800-THERMA-TALK ext. 2
  • Address: 123 Tech Plaza, Suite 400
    San Francisco, CA 94105

Data Protection Officer

Need Help With Privacy Concerns?

Our dedicated privacy team is here to assist you with any questions or concerns about your data. We aim to respond to all privacy-related inquiries within 2 business days.

Contact Privacy Team