Staffee← Back to home

Privacy Policy

Last updated: June 2026

Staffee (“we,” “us,” or “our”) operates an AI-powered front desk platform for service businesses. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and services (collectively, the “Platform”).

1. Information We Collect

From Business Owners (our customers)

  • Account details: name, email address, phone number, business name, and business address
  • Business configuration: services offered, staff/stylist details, operating hours, booking policies, and AI employee personality settings
  • Payment information: processed and stored by Stripe — we retain only your Stripe customer ID and subscription status, never full card numbers
  • Usage data: pages visited, features used, and interactions with the dashboard

From End Customers (your clients)

When customers interact with your AI employee via WhatsApp, SMS, web chat, or voice, we process:

  • Phone number and/or name (as provided in the conversation)
  • Message content and conversation history
  • Appointment details (date, time, service, stylist preference)
  • Communication channel and timestamp metadata

This data is collected on behalf of the business owner to deliver the service. Business owners are the data controllers for their customer data; we act as a data processor.

2. How We Use Information

  • Operate the Platform: power AI conversations, schedule appointments, capture leads, and send notifications
  • Process payments and manage subscriptions via Stripe
  • Send transactional emails (welcome, trial reminders, billing confirmations) via Resend
  • Deliver SMS and WhatsApp messages on your behalf via Twilio
  • Generate AI responses using OpenAI's language models
  • Improve service quality, debug issues, and develop new features
  • Enforce our Terms of Service and prevent misuse

3. AI Processing

We use OpenAI's API to generate conversational responses for your AI employee. Conversation content is sent to OpenAI for processing and is subject to OpenAI's API data usage policies. OpenAI does not use API data to train their models. We do not use customer conversations to train any internal models.

4. Third-Party Service Providers

We share data with the following providers solely to operate the Platform:

  • Supabase — database hosting, authentication, and serverless functions
  • Stripe — payment processing and subscription management
  • Twilio — SMS, WhatsApp, and voice messaging delivery
  • OpenAI — AI language model processing for conversations
  • Resend — transactional email delivery
  • Vercel — web application hosting

We do not sell, rent, or trade personal information to third parties for marketing purposes.

5. SMS and Messaging Communications

Our Platform enables businesses to communicate with their customers via SMS and WhatsApp. Please see our SMS Consent & Messaging Policy for complete details on messaging practices, consent, opt-out procedures, and compliance.

6. Data Retention

  • Business account data is retained while your account is active and for 30 days after deletion
  • Conversation data and leads are retained while the business account is active
  • Payment records are retained as required by law and Stripe's policies
  • After account deletion, we remove personally identifiable information within 30 days, except where retention is required by law

7. Data Security

We implement security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security (RLS) ensuring businesses can only access their own data
  • Secure authentication with password hashing and session management
  • Environment-based secret management (API keys are never exposed client-side)
  • Webhook signature verification for all inbound integrations

No system is 100% secure. We cannot guarantee absolute security but take commercially reasonable steps to protect your data.

8. Your Rights

You may:

  • Access and update your account information through the dashboard settings
  • Export your data by contacting us
  • Request deletion of your account and associated data
  • Cancel your subscription at any time through the billing portal

If you are an end customer of a business using Staffee and wish to exercise data rights, please contact the business directly. They control your data and can instruct us to delete it.

9. Cookies and Analytics

We use essential cookies for authentication and session management. We do not currently use third-party analytics or advertising trackers.

10. Children's Privacy

The Platform is not directed to individuals under 18. We do not knowingly collect information from children. If we learn that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Platform. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at the email address associated with your Staffee account or through the Platform's support channels. Staffee is a product of Modern IT Consulting Group Inc.