How we handle
your information.

Plain language. No legal maze. Last updated: May 28, 2026.

1. Who We Are

Frontli is a Vancouver, BC–based business that provides AI receptionist services to local trades, dental, and medical practices. If you have questions about this policy, contact us at pat@frontli.space.

2. What We Collect

From client businesses (the trades, dental, and medical practices we serve):

  • Business name, phone number, and address
  • Google Calendar access — scoped via OAuth to appointment creation only, not full account access
  • Billing information — processed by Stripe or PayPal; Frontli does not store card numbers

From callers (the customers who phone our clients' businesses):

  • Name and phone number
  • Reason for calling (booking intent)
  • Voice call recording
  • Call transcript

Callers may voluntarily share sensitive information — such as health details — during a call. When this happens, the transcript captures it. This data is handled under the same obligations as all other caller data: retained for 90 days, then securely deleted. It is never shared with any third party.

3. Why We Collect It

We collect information only for these three purposes:

  • To answer calls and book appointments on behalf of client businesses
  • To send SMS follow-up messages via Twilio
  • To improve service quality using aggregate, non-identifiable usage patterns only

4. Where It's Stored

Frontli uses the following third-party services to operate. Each is listed with its data location and the security standard it maintains.

Service Location Data stored Security
VAPI United States Call recordings, transcripts Industry-standard security practices
Twilio United States SMS delivery logs SOC 2
Make.com European Union Automation workflow logs ISO 27001
Hetzner VPS Germany (EU) Chat widget leads, chat transcripts GDPR-compliant
Google Calendar / Sheets United States / Canada Appointment bookings, client data SOC 2, ISO 27001
Netlify United States Website files (no personal data) SOC 2

Data stored on Hetzner's EU servers is processed under GDPR — a globally recognized privacy standard. This applies to Hetzner as a data processor.

5. How Long We Keep It

  • Call recordings: 90 days, then deleted
  • Call transcripts: 90 days, then deleted
  • Chat widget leads: 90 days, then deleted
  • Appointment booking data: 30 days after the appointment date
  • Client billing records: until cancellation plus one year (required for tax and accounting purposes)

6. Who Has Access

  • Frontli staff — currently one person: Pat, founder
  • Third-party processors listed in Section 4 — no others
  • No data is sold to third parties
  • No data is shared with advertisers
  • No client call data is used to train AI models
  • No subcontractors are granted access without a written data processing agreement

7. Cookies and Analytics

Frontli does not use tracking cookies or third-party analytics on this website.

8. Your Rights

Under BC's Personal Information Protection Act (PIPA) and Canada's PIPEDA, you have the right to:

  • Access the personal information Frontli holds about you
  • Request corrections to inaccurate information
  • Withdraw consent for collection or use
  • Request deletion of your data

To exercise any of these rights, email pat@frontli.space. We respond within 30 days.

9. Breach Notification

If a data breach poses a real risk of significant harm, Frontli will notify the affected client businesses as soon as feasible and report to the Office of the Privacy Commissioner of Canada as required under PIPEDA. For data held on EU-based infrastructure (Hetzner), GDPR breach notification timelines also apply to Hetzner as the data processor.

10. Updates to This Policy

Material changes to this policy are communicated to active clients by email before they take effect. The date at the top of this page reflects when it was last updated.