At Smallforce ("Company," "we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

1. Information We Collect

1.1 Information You Provide

Account information — Name, email address, and password when you register. If you sign in with Google, we receive your name, email, and profile picture from Google.
Organization details — Business name, industry, and team member information when you create or join an organization.
Knowledge Base content — Text, documents (PDFs), and URLs you upload to train your AI assistants.
Social media credentials — OAuth tokens when you connect social media accounts. We never store your social media passwords.
Content you create — Posts, designs, messages, review replies, and other content generated through the Service.
Payment information — Billing details processed by our third-party payment processors. We do not store full credit card numbers.
Communications — Messages you send to our support team or through the Service.

1.2 Information Collected Automatically

Device information — Device type, operating system, unique device identifiers, and app version.
Usage data — Features accessed, actions taken, timestamps, and interaction patterns.
Log data — IP address, browser type, referring pages, and crash reports.
Location data — Timezone information for scheduling and analytics purposes. We do not collect precise GPS location.
Analytics — We use PostHog for product analytics to understand how the Service is used and improve the user experience.

1.3 Information from Third Parties

Social media platforms — Profile information, posts, comments, direct messages, and engagement metrics from connected accounts (e.g., Instagram, Facebook, X, TikTok, Bluesky, Reddit, Telegram).
Google Business Profile — Business locations, reviews, ratings, and review replies from connected Google accounts.
Phone call data — Call recordings, transcriptions, and metadata from AI voice assistant interactions via our telephony provider.

2. How We Use Your Information

We use collected information to:

Provide, operate, and maintain the Service.
Train and operate your AI assistants using your Knowledge Base content.
Publish and manage social media content on your behalf across connected platforms.
Analyze phone calls and generate insights such as lead identification, intent detection, and follow-up suggestions.
Perform AI-powered sentiment analysis on Google reviews and suggest responses.
Generate AI-powered marketing designs, images, and videos.
Process transactions and manage your credit balance and subscriptions.
Send transactional notifications (e.g., low credit alerts, negative review alerts, new lead notifications).
Improve and personalize the Service.
Detect, prevent, and address fraud, abuse, and security issues.
Comply with legal obligations.

3. AI & Data Processing

Smallforce uses artificial intelligence extensively. Here is how your data interacts with AI systems:

Your Knowledge Base is private. Documents, text, and URLs you upload are used exclusively to train your organization's AI assistants. We do not use your data to train our general AI models or share it with other users.
AI-generated content is processed using third-party AI providers (e.g., Google Gemini, OpenAI). Prompts and outputs may be transmitted to these providers for processing but are not used by them for model training, in accordance with our data processing agreements.
Review analysis uses AI to evaluate sentiment, extract opinions, and generate brand-aligned reply suggestions grounded in your organization's settings and knowledge.

4. How We Share Your Information

We do not sell your personal information. We may share your data in the following circumstances:

Service providers — Third-party vendors who help us operate the Service authentication and database (Supabase), AI processing (Google, OpenAI), analytics (PostHog), and error tracking (Sentry).
Social media platforms — When you direct us to publish content, reply to messages, or manage comments on your connected accounts.
Organization members — Team members within your organization can access shared organizational data, including assistants, posts, reviews, and analytics.
Legal requirements — When required by law, subpoena, or governmental request, or to protect our rights, safety, or property.
Business transfers — In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

5. Data Storage & Security

Your data is stored on secure cloud infrastructure using encrypted connections (TLS/SSL).
Files and media are stored in Amazon S3 with access controls and signed URLs.
Authentication is managed through Supabase with row-level security (RLS) policies ensuring data isolation between organizations.
We implement industry-standard security measures including encryption at rest and in transit, regular security audits, and access controls.
While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service.
Call recordings and transcriptions are retained in accordance with applicable laws and our data retention schedule.
Upon account deletion, we will remove your personal data within a reasonable period, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and service improvement.

7. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

Access — Request a copy of the personal data we hold about you.
Correction — Request correction of inaccurate or incomplete data.
Deletion — Request deletion of your personal data, subject to legal retention requirements.
Portability — Request a portable copy of your data in a structured, commonly used format.
Opt-out — Opt out of marketing communications at any time.
Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@smallforcehq.com.

8. Cookies & Tracking

Our website uses minimal cookies and tracking technologies:

Essential cookies — Required for authentication and core functionality.
Analytics — We use PostHog to understand usage patterns and improve the Service. You may opt out through your browser settings or our analytics preferences.
We do not use third-party advertising trackers or sell data to advertisers.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at support@smallforcehq.com.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

The right to know what personal information is collected, used, shared, or sold.
The right to delete personal information held by us.
The right to opt out of the sale of personal information.
The right to non-discrimination for exercising your privacy rights.

We do not sell personal information as defined by the CCPA.

12. Push Notifications

With your consent, we may send push notifications for:

New leads captured by your AI voice assistant.
Negative Google reviews (2 stars or below) requiring attention.
Low credit balance alerts.
Important account and security updates.

You can manage notification preferences in your device settings or within the app at any time.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or via email. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

We encourage you to review this Privacy Policy periodically for any updates.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: support@smallforcehq.com
Website: smallforcehq.com