Privacy Policy

This Privacy Policy explains how Gestalt Systems, Inc. ("Hotline," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with our public website, landing pages, and our service channels (text/SMS, email, and real‑time voice calls) (collectively, the "Services").

1. Scope and Definitions

   Personal Information

   means information that identifies, relates to, describes, or can reasonably be linked with an individual or household.

   Sensitive Personal Information

   includes, for example, government identifiers, financial account numbers, precise geolocation, and health information.

   This Policy covers the Personal Information we collect through the Services. It does not apply to websites or services that we do not control, even if we link to them.

2. Information We Collect

   1. Information You Provide

      Account and sign‑up details. Name, email address, phone number, and mailing address.

      Payments. We use Stripe to process payments. Stripe collects payment card details directly; we receive limited billing information (e.g., last four digits and card type) to manage your subscription, detect fraud, and provide support.

      Support and correspondence. Messages you send us, including by email or SMS.

   2. Content You Send Through the Services

      Messages and attachments. SMS/text and email threads, including any files or photos you choose to send.

      Calls and transcripts. Real‑time voice interactions and associated audio and transcripts.

      Please do not send Sensitive Personal Information. Do not transmit health or medical records, Social Security numbers, government IDs, bank or full card numbers, or similar highly sensitive data. We are not a medical, legal, or financial advisory service and are not a HIPAA covered entity or business associate.

   3. Information Collected Automatically

      Usage and device data. IP address, device and browser type, operating system, referring and exit pages, timestamps, and pages or features you use.

      Approximate location. Derived from IP address.

      Cookies and similar technologies. See Section 5.

3. How We Use Personal Information

   We use Personal Information for the following purposes:

   1. Provide and operate the Services

      Including routing requests, generating responses, and customer support.

   2. Account, billing, and administration

      Including subscription management, payments, receipts, and fraud prevention.

   3. Communications

      Service‑related notices and, if you opt in, marketing emails you can unsubscribe from at any time.

   4. Security and integrity

      Detecting, preventing, and responding to fraud, abuse, and security incidents; troubleshooting and diagnostics.

   5. Analytics and improvement

      Measuring and improving performance and quality of the Services.

   6. AI improvement (aggregated/anonymized)

      We do not use your identifiable conversations to train third‑party AI models. We may use aggregated and/or anonymized information to improve quality, safety, and performance of our services.

4. How We Disclose Personal Information

   We disclose Personal Information to service providers and partners that perform services on our behalf, under contracts that limit their use to our instructions and prohibit their own marketing or model training. The categories of recipients include:

   • Cloud hosting, storage, databases, and content delivery (to operate and scale the Services);
   • Communications and real‑time voice providers (to enable SMS, email, and calls);
   • Email delivery providers (for transactional messages);
   • Payments and subscription management providers (to process payments and manage billing);
   • Analytics, measurement, and advertising partners (to understand usage and, where permitted, to show ads about Hotline with opt‑out);
   • Security, fraud prevention, logging, and monitoring providers (to protect the Services);
   • Professional advisors (such as auditors and legal counsel) under confidentiality obligations.

   We may change specific providers from time to time. Our categories of disclosure and purposes remain consistent with this Policy. We do not permit providers to retain, use, or disclose Personal Information for any purpose other than providing services to us or as otherwise permitted by law.

   We may also disclose Personal Information:

   • a) if required by law or legal process;
   • b) to protect rights, safety, and property; or
   • c) in connection with a corporate transaction (e.g., merger, financing, acquisition, or transfer of assets).

   We do not sell Personal Information. For details on targeted advertising and your opt‑out choices, see Section 5.1.

5. Cookies, Analytics, and Advertising

   We use cookies and similar technologies to operate the Services and understand usage. On our website, we may use:

   • Google Analytics for measurement; and
   • Meta Pixel and Nextdoor Pixel to measure campaign performance and to show ads about Hotline (retargeting).

   We do not upload customer lists to ad platforms. You can control cookies via your browser settings and, where available, our on‑site cookie controls.

   1. Targeted Advertising; No Sale; Opt‑Out

      We do not sell Personal Information.

      We may share limited identifiers and online activity with advertising partners to show you ads about Hotline ("cross‑context behavioral advertising" or "targeted advertising" in some laws).

      California residents can opt out at any time through our Do Not Sell/Share control. We honor Global Privacy Control (GPC) signals.

6. Data Location

   We store and process Personal Information in the United States.

7. Data Security

   We implement administrative, technical, and physical safeguards designed to protect Personal Information, including:

   • Encryption in transit and at rest (HTTPS/TLS for APIs; encrypted databases and object storage);
   • Access controls (row‑level security, least‑privilege IAM roles, authenticated access with session management, webhook signature verification for Stripe and Twilio);
   • Monitoring and audit measures (structured logging, access tracking, and error monitoring with PII sanitization).

   No method of transmission or storage is 100% secure; however, we work to protect your information.

8. Retention

   We retain Personal Information for the periods below, then delete or de‑identify it, unless a longer period is required by law or necessary to resolve disputes or enforce agreements. Backup copies may persist for a limited period after deletion.

   • Website logs: 90 days.
   • SMS/email threads: up to 7 years (business records).
   • Call recordings and transcripts: 1 year.
   • Billing and payment records: 7 years (tax/legal compliance).
   • Support emails or inquiries: as needed to respond and for up to 2 years thereafter.

9. Your Privacy Choices and Rights

   1. Marketing Communications

      If you opt in, we may send marketing emails. You can unsubscribe at any time using the link in the email.

   2. California Privacy Rights (CCPA/CPRA)

      If you are a California resident, you may have the right to: (a) know/access specific pieces and categories of Personal Information we have collected; (b) delete Personal Information; (c) correct inaccuracies; (d) limit the use and disclosure of Sensitive Personal Information (if applicable); and (e) opt out of sale or sharing for cross‑context behavioral advertising.

      How to exercise your rights. Email legal@hotline.net. and specify your request and the state you live in. We will verify your identity (and, if applicable, the authority of your agent) before acting on a request. We will respond within 45 days, or notify you if we need additional time (up to an additional 45 days). We will not discriminate against you for exercising your rights. We do not offer financial incentives related to the collection or retention of Personal Information.

      Do Not Sell/Share. We do not sell Personal Information. We may share limited identifiers and online activity with advertising partners for retargeting; you may opt out using our Do Not Sell/Share control or by using a supported GPC signal, which we honor.

10. Children's Privacy

    The Services are intended for use by adults. We do not knowingly collect Personal Information from children under 13. If you believe a child has provided Personal Information to us, contact us and we will delete it.

11. HIPAA and Professional Advice

    We are not a HIPAA covered entity or business associate. Do not send protected health information (PHI). We do not provide medical, legal, or financial advice that requires a licensed professional.

12. Third‑Party Sites and Services

    The Services may contain links to or integrations with third‑party websites, services, or platforms. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

13. Changes to This Policy

    We may update this Policy from time to time. We will post the updated Policy with a new Effective date at the top. If we make material changes, we will also provide additional notice (for example, by email or on‑site notice).

14. Contact Us

    For questions about this Policy or to exercise your privacy rights, contact legal@hotline.net.