Privacy Policy.

Effective date: 11/16/2025
Company: KYLER HURD LLC, DBA Symphora Automation (“Company”, “we”, “us”, “our”)
Contact: support@symphoraautomation.com
Website: symphoraautomation.com

Introduction: We respect your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, services, and products (the “Services”), including our AI‑driven SMS chatbot for lead follow‑up and appointment booking.

  1. Scope This Privacy Policy applies to information collected through our website symphoraautomation.com, SMS/voice services, integrations (e.g., GoHighLevel), API interactions, and any offline interactions between you and Company. For information about how we process customer data when performing Services for our business customers, see our Data Processing Addendum (DPA) and your applicable MSA/SOW.

  2. Categories of Personal Information We Collect We collect the following categories of information, depending on your interaction with the Services:

  • Contact and identity: name, business name, job title, email address, phone number.

  • Communications content and metadata: SMS/voice message content, call recordings, message timestamps, delivery receipts, call duration, message status.

  • Account and billing: payment information (payment processor token only; we do not store full card data), billing address, transaction IDs (via Stripe or other processors).

  • Usage and analytics: IP address, device identifiers, browser, geolocation (city/state-level approximate), logs, crash data, UTM parameters, cookies.

  • CRM data: leads, appointment details, notes and tags, CRM identifiers (e.g., GoHighLevel IDs).

  • Automated decisioning data: AI-generated summaries, intent tags, lead scores, appointment confirmation status.

  • Consent & verification records: opt‑in text, timestamp, IP address, confirmation method, Appointment ID.

  1. How We Collect Data

  • Directly from you (account creation, forms, onboarding).

  • From third‑party sources and integrations you authorize (OpenAI, Twilio, GoHighLevel, Zapier, Stripe, Google Voice).

  • Automatically through the Services (cookies, analytics, message delivery webhooks).

  • From your customers / prospects when you use the Services to contact them (e.g., phone numbers given to us for appointment booking).

  1. How We Use Personal Information We use personal information to:

  • Provide and maintain Services (sending messages, booking appointments, scheduling confirmations).

  • Operate and improve our AI models and platform (with safeguards and contractual limits — see below).

  • Process payments and invoicing.

  • Monitor delivery, troubleshoot issues, and analyze performance.

  • Comply with legal obligations and protect our rights.

  • Send transactional messages (appointment confirmations, billing notices) and, where permitted, service-related communications.

  1. Automated Decision-Making and AI Use Our Services use AI (e.g., OpenAI) to generate automated messages, perform intent detection, score leads, and assist with appointment scheduling. For production use:

  • We will disclose when automated decisioning materially affects a consumer (e.g., scoring that impacts eligibility for an offer).

  • Where required by law, we will provide information about the logic involved and how to request human review.

  • We recommend customers avoid providing sensitive personal data (special categories) in prompts; Company will use available controls (e.g., OpenAI data usage settings) to limit vendor training where supported.

  1. Legal Bases for Processing (GDPR context) If you are an EU/UK data subject, our legal bases may include: performance of contract, consent (for marketing messages), legitimate interests (for platform operation, fraud prevention), and legal compliance. See DPA for details on transfers and safeguards.

  2. Sharing and Disclosure We may share personal information with:

  • Service providers and subprocessors: e.g., OpenAI, Twilio, GoHighLevel, Zapier, Stripe, Google Voice, cloud hosting providers, analytics and monitoring vendors. See our subprocessors list: Subprocessors.

  • Affiliates and business partners as necessary to deliver Services.

  • Law enforcement, regulators, or third parties where required by law or to protect legal rights.

  • Third parties in connection with a merger, sale, or asset transfer (with notice to users where required).

  1. Subprocessors and International Transfers We may transfer data to subprocessors in jurisdictions outside your country (including the U.S.). Where transfers are to non‑adequate jurisdictions, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or user consent. See our DPA for details and subprocessors list: Subprocessors.

  2. Data Retention We retain personal data for as long as necessary to provide Services, maintain records for dispute resolution, comply with legal obligations, and meet contractual commitments. General retention periods:

  • Consent & opt‑in records: 3 year/s.
    Message logs & delivery receipts: 1 year/s.
    Call recordings (if any): 7 year/s.

  • CRM and transactional data: 3 year/s
    You can request deletion under applicable laws; see Section 12.

  1. Security We implement administrative, technical and physical safeguards appropriate to the sensitivity of the data, including TLS in transit, reasonable encryption at rest, access controls, logging, and multi‑factor authentication for privileged access. Vendors are contractually required to meet security standards (SOC2/ISO27001 where available). We cannot guarantee absolute security — but will notify in accordance with applicable laws in the event of a breach.

  2. Your Rights (California, GDPR and other laws) Depending on jurisdiction, you may have rights including: access, correction, deletion, data portability, restriction or objection to processing, and to opt‑out of sale/sharing (as defined under California law). To exercise rights, contact: support@symphoraautomation.com . For California residents: DO NOT SELL OR SHARE.

  3. For EU/UK residents: see DPA and contact details for data subject requests.

  4. SMS/Voice Consent and Opt-Out

  • Opt‑in. By providing a phone number or checking the opt‑in box, you consent to receive automated and non‑automated marketing and transactional text messages and calls from Company and its Clients at the number provided. Message frequency varies. Reply STOP to unsubscribe. Message & data rates may apply.

  • Opt‑out. Reply STOP to any SMS to opt‑out. For voice calls, reply or contact support to stop calls. We will process opt‑out requests promptly and maintain records of opt‑out events for compliance.

12.1 SMS Consent Recordkeeping We maintain opt‑in records including: the opt‑in text, timestamp, source (web form, phone, CSV upload), IP address (if available), and the version of Terms/Privacy Policy at time of opt‑in.

  1. Children’s Privacy Our Services are not directed at children under 13 (or higher age per local law). We do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it and notify the parent/guardian as required by law.

  2. Changes to this Policy We may update this Privacy Policy; material changes will be posted at PRIVACY POLICY with an updated effective date. Continued use after posting constitutes acceptance.

  3. Contact and Complaints If you have questions or complaints, contact: support@symphoraautomation.com US Representative: me@symphoraautomation.com 

— End Privacy Policy —