Privacy Policy

Huffman AI Solutions LLC ("Company," "we," "us," or "our") provides AI-powered business assistance services ("Service") to small businesses across any industry.

This Privacy Policy explains:

• What personal information we collect
• How we use and protect that information
• Your rights regarding your information
• How we comply with privacy laws

By using the Service, you consent to the practices described in this Privacy Policy.

If you do not agree with this Privacy Policy, do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name, email address, phone number
• Company name and business details
• Payment information (processed by third-party payment processor)

Service Configuration:

• Email account credentials (via OAuth — we do not store your password)
• Calendar access permissions
• Integration credentials for your business tools (if applicable)
• Communication preferences and workflow settings

1.2 Information Collected Automatically Through the Service

Email Data: Email messages (subject, body, attachments, sender, recipients, timestamps), email metadata (folder, labels, read/unread status), and draft emails created by you or the AI.

Calendar Data: Calendar events (title, attendees, location, time, description), availability and scheduling preferences.

Business & Client Data: Client and customer records, communication history, contact information, business data from connected systems, and any other information your business systems contain that are connected to the Service.

Usage Data: Service usage patterns (features used, frequency, duration), error logs and diagnostic information, and performance metrics (time saved, tasks completed).

1.3 Information We Do NOT Collect

• We do NOT record phone calls or video meetings (unless you add a third-party integration)
• We do NOT track your location
• We do NOT access files outside of your connected email, calendar, and explicitly authorized business systems

2. How We Use Your Information

2.1 To Provide the Service

• Email & Communication Management: Read, categorize, and draft responses to emails
• Scheduling: Coordinate meetings and manage calendar availability
• Follow-Up & Outreach: Send follow-ups and manage communication cadences
• Daily Briefings: Summarize your schedule, priorities, and urgent action items
• Style Training: Train the AI to match your communication style (using your data only — never shared with other clients)

2.2 To Improve the Service

• Analyze usage patterns to improve features (anonymized and aggregated)
• Debug errors and optimize performance
• Develop new capabilities based on user needs

2.3 To Communicate With You

• Send service updates, feature announcements, and maintenance notices
• Provide customer support
• Send billing and payment notifications
• Request feedback and conduct user research (opt-in only)

2.4 To Comply With Legal Obligations

• Respond to subpoenas, court orders, or legal processes
• Investigate fraud, security incidents, or violations of our Terms of Service
• Comply with data protection laws and regulations

3. How We Share Your Information

3.1 Service Providers

Anthropic (Claude API): We send content and context to Anthropic's Claude AI to generate responses. Under Anthropic's data policy, API-tier data is not used to train their models.

Hosting & Infrastructure: Cloud hosting providers for data storage and processing. All providers are contractually required to protect your data and use it only for service delivery.

Payment Processors: Handle billing only (we do not store full credit card numbers). Payment processors do NOT receive your business or client data.

3.2 Legal Requirements

We may disclose information if required by valid court orders, subpoenas, or legal processes; requests from law enforcement or regulatory agencies; or investigation of fraud, security breaches, or Terms of Service violations.

3.3 Business Transfers

If Huffman AI Solutions is acquired, merged, or sells assets, your information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share information with third parties when you explicitly authorize us to do so (e.g., integrating with your CRM or other business tools).

4. Data Security

4.1 Security Measures

• Encryption in Transit: TLS 1.3 for all data transmitted over the internet
• Encryption at Rest: AES-256 encryption for all stored data
• Client Isolation: Each client's data is completely isolated — never mixed with or accessible to other clients
• Access Controls: Role-based access restrictions; no standing access to client data by Company personnel
• Regular Audits: Periodic security reviews and vulnerability assessments
• OAuth Authentication: We do not store your email or calendar passwords

4.2 Your Responsibility

You are responsible for keeping your login credentials confidential, using strong and unique passwords, and notifying us immediately of any unauthorized access.

4.3 No Absolute Security

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. You use the Service at your own risk.

5. Data Retention

• Active accounts: We retain your data for as long as your account is active and as necessary to provide the Service.
• Cancelled accounts: Your data is deleted within 90 days of cancellation. Backup copies are deleted within 30 days after the initial deletion.
• On request: You may request immediate deletion by emailing [email protected].
• Legal retention: We may retain certain data longer if required by law (e.g., tax records, dispute resolution, fraud prevention).
• Anonymized data: We may retain anonymized, aggregated data indefinitely for analytics and service improvement.

6. Client Controls

• Approval workflows: Review and approve sensitive AI-generated communications before they are sent
• Instant revocation: Revoke AI access to your email, calendar, or tools at any time
• Audit logs: Full log of every AI action is available on request
• Data ownership: You own all of your data — Huffman AI Solutions has no ownership claim over your business information

7. Your Privacy Rights

Regardless of your location, we extend the following rights to all clients:

7.1 Access and Portability

• Request a copy of the personal information we hold about you
• Export your data in a machine-readable format (e.g., JSON, CSV)

7.2 Correction and Deletion

• Correct inaccurate or incomplete information
• Request deletion of your personal information (subject to legal retention requirements)

7.3 Opt-Out and Restriction

• Opt out of marketing emails (click "unsubscribe" or email us)
• Restrict certain data processing activities (may limit Service functionality)
• Withdraw consent for data processing (by cancelling your account)

7.4 How to Exercise Your Rights

Email your request to: [email protected]

We will respond within 30 days (or as required by applicable law). A Data Processing Agreement (DPA) is available on request for EU clients.

8. International Data Transfers

8.1 Data Storage Location

Your data is primarily stored in the United States.

8.2 GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA) or United Kingdom:

• We process your data under legitimate business interest (providing the Service you requested)
• You have additional rights under GDPR (see Section 7)
• Data transfers from the EEA to the US are protected by standard contractual clauses

8.3 CCPA Compliance (California Users)

If you are a California resident:

• You have the right to know what personal information we collect and how we use it
• You have the right to request deletion of your personal information
• We do NOT sell your personal information
• You may exercise your rights by emailing [email protected]

9. Children's Privacy

The Service is NOT intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe we may have collected information from a minor, please contact us at [email protected].

10. Cookies and Tracking Technologies

10.1 What We Use

Our website uses only:

• Essential Cookies: Required for login, security, and basic site functionality

We do NOT use analytics, advertising, or tracking cookies.

10.2 Your Choices

Most browsers allow you to block or delete cookies and set preferences for which cookies to allow. Note: Disabling essential cookies may prevent you from using certain features of the Service.

If our cookie usage changes, we will update this policy and notify active users.

11. Third-Party Links

Our Service or website may contain links to third-party websites (e.g., Anthropic, CRM providers, scheduling tools).

We are not responsible for the privacy practices of third-party websites. Please review their privacy policies before providing any information to third parties.

12. Data Breach Notification

If we experience a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of discovering the breach (where required by law)
• Provide details about the breach and the steps we are taking to address it
• Recommend actions you can take to protect yourself

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.

Material changes will be communicated via email at least 30 days in advance.

Continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

15. Supervisory Authority (EU/UK Users)

If you are located in the European Economic Area or United Kingdom and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.