Plain language. No legal maze. Last updated: May 28, 2026.
Frontli is a Vancouver, BC–based business that provides AI receptionist services to local trades, dental, and medical practices. If you have questions about this policy, contact us at pat@frontli.space.
From client businesses (the trades, dental, and medical practices we serve):
From callers (the customers who phone our clients' businesses):
Callers may voluntarily share sensitive information — such as health details — during a call. When this happens, the transcript captures it. This data is handled under the same obligations as all other caller data: retained for 90 days, then securely deleted. It is never shared with any third party.
We collect information only for these three purposes:
Frontli uses the following third-party services to operate. Each is listed with its data location and the security standard it maintains.
| Service | Location | Data stored | Security |
|---|---|---|---|
| VAPI | United States | Call recordings, transcripts | Industry-standard security practices |
| Twilio | United States | SMS delivery logs | SOC 2 |
| Make.com | European Union | Automation workflow logs | ISO 27001 |
| Hetzner VPS | Germany (EU) | Chat widget leads, chat transcripts | GDPR-compliant |
| Google Calendar / Sheets | United States / Canada | Appointment bookings, client data | SOC 2, ISO 27001 |
| Netlify | United States | Website files (no personal data) | SOC 2 |
Data stored on Hetzner's EU servers is processed under GDPR — a globally recognized privacy standard. This applies to Hetzner as a data processor.
Frontli does not use tracking cookies or third-party analytics on this website.
Under BC's Personal Information Protection Act (PIPA) and Canada's PIPEDA, you have the right to:
To exercise any of these rights, email pat@frontli.space. We respond within 30 days.
If a data breach poses a real risk of significant harm, Frontli will notify the affected client businesses as soon as feasible and report to the Office of the Privacy Commissioner of Canada as required under PIPEDA. For data held on EU-based infrastructure (Hetzner), GDPR breach notification timelines also apply to Hetzner as the data processor.
Material changes to this policy are communicated to active clients by email before they take effect. The date at the top of this page reflects when it was last updated.