Privacy Policy

This Privacy Policy explains how BookVAC collects, uses, shares, and protects information when HVAC businesses use BookVAC's website, dashboard, AI receptionist, phone integrations, lead capture tools, notifications, and billing features.

BookVAC is built for businesses. If you are a caller speaking with a BookVAC-powered AI receptionist, the HVAC business you contacted may also control how your information is used.

We collect account information, basic business profile information, trial and subscription status, and support communications.

We may collect caller and lead information, including caller name, phone number, email, address, city, state, ZIP code, service type, issue description, urgency, preferred appointment time, summaries, transcript text, call metadata, recording links, and message history.

We may collect technical information such as IP address, browser type, device information, browser push subscription endpoints, log data, authentication events, API activity, webhook payloads, and error diagnostics.

We use information to operate BookVAC, authenticate users, create and manage business profiles, receive call and AI webhooks, generate lead summaries, create booking requests, send owner alerts, process billing, prevent abuse, provide support, improve the product, and comply with legal obligations.

We may use AI providers to classify calls, summarize transcripts, extract structured lead details, and improve the usefulness of BookVAC's receptionist workflow.

BookVAC uses essential cookies and similar browser storage to keep users signed in, protect dashboard sessions, remember cookie notice and legal acknowledgement choices for about 30 days, and support security controls such as CSRF protection.

The BookVAC session cookie is HttpOnly, which means browser JavaScript cannot read it. BookVAC also uses Google Analytics and Google Ads measurement with storage denied until you allow cookies where the notice is shown. BookVAC does not sell cookie-based browsing data.

We share information with service providers that help operate BookVAC, such as hosting, database, phone, voice AI, email, mobile notification, payment, security, analytics, and AI-processing providers.

Examples may include Fly.io, Render, Twilio, Retell AI, Vapi, OpenAI, Resend, Stripe, and similar providers used to deliver the service.

We may also share information if required by law, to protect rights and safety, to prevent fraud or abuse, or as part of a business transfer such as a merger, financing, acquisition, or asset sale.

BookVAC may send transactional owner alerts about calls, leads, and account events to the browsers or installed web apps you authorize.

On supported phones, owners may need to add BookVAC to the Home Screen or install it as a web app before mobile notifications can appear.

Notification permission choices stay under your control in your browser or device settings.

BookVAC does not sell mobile notification permission data or share it with third parties for their marketing or promotional purposes.

BookVAC may receive transcripts, recording links, call metadata, and AI-generated summaries from connected voice providers. Availability depends on provider settings and the HVAC business configuration.

HVAC businesses are responsible for providing any call recording, AI, or consent notices required for their customers, employees, and service areas.

We keep information for as long as needed to provide BookVAC, maintain business records, resolve disputes, enforce agreements, improve security, and comply with legal obligations.

After subscription cancellation, BookVAC may retain account, dashboard, lead, call, and AI phone-number records for a grace period or as otherwise needed for billing, security, support, legal, and business-continuity purposes.

Businesses may request deletion of account or lead data, subject to legal, billing, security, backup, abuse-prevention, and legitimate business retention needs.

We use reasonable technical and organizational safeguards designed to protect information, including environment-based secrets, encrypted transport where available, access controls, password hashing, and hosted infrastructure controls.

No internet, telecom, AI, hosting, payment, or communications service can be guaranteed to be completely secure, available, or error-free.

You are responsible for using strong passwords, protecting login credentials and devices, limiting account access, and protecting any exported lead, call, transcript, message, or customer data.

If BookVAC becomes aware of a security incident involving personal information, BookVAC will investigate and provide notices required by applicable law.

You can update business profile information in the dashboard. You can manage trial, subscription, and cancellation settings through BookVAC billing tools, and payment methods through Stripe where available. You can contact BookVAC to request access, correction, export, or deletion of personal information.

Depending on where you live, you may have additional privacy rights under applicable law.

BookVAC is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last updated date.

Privacy questions can be sent to privacy@bookvac.net.