Privacy Policy — NightDesk

NightDesk ("we," "our," or "us") operates an AI-powered after-hours answering service for small businesses. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have. If you have questions, reach us at hello@nightdeskapp.com.

1. Data We Collect

Account & Business Information

Business name, owner name, and email address (collected via Clerk authentication)
Subscription plan and billing history
Forwarding phone number you provide

Phone & Call Data

The NightDesk phone number assigned to your account
Caller phone numbers and call timestamps
Call recordings and AI-generated transcripts
Caller-provided information (e.g., name, reason for calling, requested appointment time)

Calendar Data

Read access to your Google Calendar availability (free/busy status) to determine open appointment slots
Event creation on your behalf when a caller books an appointment
We do not read event titles, descriptions, attendees, or any other event content beyond availability

Usage & Technical Data

Dashboard activity logs and feature usage
Browser type, IP address, and device identifiers for security purposes
Error logs and performance diagnostics

2. How We Use Your Data

Operate and deliver the NightDesk answering service on your behalf
Answer after-hours calls using your AI receptionist configuration
Check calendar availability and book appointments into your Google Calendar
Transcribe calls and surface summaries in your dashboard
Send call notification emails to you via Resend
Process subscription payments via Stripe
Improve accuracy, reduce errors, and develop new features
Comply with legal obligations and respond to lawful requests

3. Google Calendar Integration

Google OAuth Disclosure: NightDesk's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect your Google Calendar, NightDesk requests the following permissions:

Read availability only — we check whether calendar slots are free or busy so the AI can offer open appointment times to callers. We do not read event titles, descriptions, or attendee information.
Create events — when a caller books an appointment, we create a calendar event on your behalf with the caller's name, phone number, and requested service.

We do not use Google Calendar data for advertising, analytics beyond service delivery, or share it with any third party not listed in this policy. You may revoke calendar access at any time from your Google account settings or NightDesk dashboard.

4. Third-Party Service Providers

We share data with the following sub-processors solely to operate the NightDesk service. Each provider is bound by their own data protection terms.

Twilio

Phone number provisioning & call routing

Vapi

AI voice agent & call transcription

Stripe

Subscription billing & payment processing

Resend

Transactional email notifications

Clerk

User authentication & account management

Railway

Cloud infrastructure & hosting

Google

Calendar integration (OAuth)

We do not sell your personal data. We do not share data with advertisers or data brokers.

5. Caller Data & Your Responsibility

When NightDesk answers calls on your behalf, it collects information from your callers (names, phone numbers, appointment details). You are the data controller for this caller data. You are responsible for ensuring your use of NightDesk complies with applicable laws in your jurisdiction, including any requirements to disclose call recording or AI interaction to callers.

NightDesk provides you with tools to configure disclosure messages. We strongly recommend enabling them.

6. Data Retention

Active accounts: Call transcripts, recordings, and calendar data are retained while your account is active.
After cancellation: Your data is retained for 30 days after your subscription ends, during which you may export it. After 30 days, all personal data is permanently deleted from our systems.
Billing records: Stripe retains payment records as required by financial regulations; we do not control their retention schedule.
Aggregated analytics: Non-identifiable aggregate usage statistics may be retained indefinitely.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data.
Export: Download your call transcripts and data from the dashboard before account closure.
Revoke consent: Disconnect Google Calendar or other integrations at any time.

To exercise any of these rights, email us at hello@nightdeskapp.com. We will respond within 30 days.

8. Security

We use industry-standard safeguards including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. No method of transmission over the internet is 100% secure. We will notify you of any data breach affecting your account as required by applicable law.

9. Children's Privacy

NightDesk is a business service not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a dashboard notice. Continued use of NightDesk after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

Questions or requests about this Privacy Policy? We'd love to hear from you:

📧 hello@nightdeskapp.com
🌐 nightdeskapp.com