1. Introduction

247 Sales ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered B2B sales operating system.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide, including:

Name and email address
Company name and job title
Phone number
Billing and payment information
Email content and communication preferences

2.2 Automatically Collected Information

When you use our service, we automatically collect certain information, including device information, IP address, browser type, usage patterns, and cookies.

3. How We Use Your Information

We use the information we collect to:

Provide and maintain our AI sales assistant services
Train AI models to match your communication voice (with your consent)
Process transactions and send related information
Send administrative notifications and updates
Respond to inquiries and provide customer support
Analyze usage to improve our services
Detect, prevent, and address technical issues or fraud

4. Data Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 for data in transit, and regular security audits. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

5. Third-Party Services & Subprocessors

We may share information with third-party service providers for email delivery, payment processing, analytics, and AI processing. These providers are contractually obligated to protect your data. Our current subprocessors include:

Anthropic (Claude API) — AI content generation and analysis
Stripe — Payment processing and subscription billing
SendGrid — Transactional email delivery
Twilio — SMS and WhatsApp messaging
Render — Application hosting and database
Upstash — Redis caching and session storage
Vercel — Web application hosting
Sentry — Error tracking and performance monitoring
PostHog — Product analytics (anonymized usage data)
Google Analytics / Tag Manager — Website analytics

6. Your Rights

Depending on your location, you may have rights including:

Access and receive a copy of your personal data
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing
Data portability
Withdraw consent at any time

7. Browser Extension Data

Our browser extension (available for Chrome, Firefox, and Outlook) accesses the following data to provide AI-powered sales assistance within your email client:

Recipient email addresses — extracted from compose windows to look up lead records in your 247 Sales account
Email subject lines — used to provide contextual AI generation
Authentication tokens — stored in encrypted browser storage (chrome.storage.session) and cleared when the browser closes

The extension does not:

Read, store, or transmit the body of emails you receive
Access your email inbox, contacts, or calendar outside of compose windows
Track your browsing activity on any website other than Gmail/Outlook
Send any data to third parties other than the 247 Sales API
Execute remote code or use eval()

8. SMS and WhatsApp Data

If you use our SMS and WhatsApp messaging features (Business tier and above):

We process phone numbers and message content through Twilio's API to deliver messages
We maintain TCPA-compliant consent records for all recipients, including consent method, timestamp, and evidence
Message delivery status and cost data are tracked for billing and compliance purposes
Inbound messages are processed to maintain conversation threading and trigger AI learning
Opt-out keywords (STOP, UNSUBSCRIBE, etc.) are honored immediately and automatically

9. AI Processing and Voice Training

Our AI features process your data as follows:

Voice training — When you train a voice profile, your writing samples are analyzed to learn your tone, vocabulary, and style. This data stays within your account.
AI generation — When generating emails, our AI accesses your lead data, conversation history, knowledge base, and voice profile to produce personalized content. All processing happens server-side via the Anthropic Claude API.
Lead learnings — The AI maintains per-lead learning data (communication preferences, topic interests, objection patterns) to improve personalization over time.
No cross-account training — Your data is never used to train AI models for other customers. Each account's data is isolated.

9.1 Attachment Handling and Security

When you receive messages with attachments (email, SMS/MMS, WhatsApp, Facebook Messenger, or Instagram DMs), we download those attachments and store them in our encrypted cloud storage so you can access them even after the original provider expires the link.

Our attachment security controls:

MIME type whitelisting — we only accept a fixed allowlist of file types (PDF, Microsoft Office documents, plain text, CSV, common image formats, audio, and video). Executable files, archives, and scripts are rejected at the intake layer.
Size caps — individual attachments are capped at 10 MB and no more than 10 attachments are stored per message.
Filename sanitization — path traversal characters and leading dots are stripped to prevent injection attacks.
Tenant isolation — every attachment is stored under an account-scoped key prefix and access is verified on every download request. Forwarded attachments are validated against the source message to prevent cross-tenant access.
Presigned download URLs — attachment links (including those in GDPR data exports) are short-lived and expire automatically.

Known limitation — no antivirus scanning. 247 Sales does not perform server-side antivirus or malware scanning of stored attachments. The MIME allowlist, size cap, and filename sanitization controls listed above are our primary defenses. We recommend treating attachments from unknown senders with the same caution you would apply to any unsolicited email attachment, and using endpoint antivirus software on the device where you open the file.

10. Cookies and Tracking Technologies

We use the following tracking technologies:

Session cookies — Required for authentication. Cleared when you log out or close your browser.
Local storage — Stores UI preferences (theme, dismissed tooltips, onboarding progress). Never transmitted to our servers.
Google Analytics — Anonymized usage analytics to understand feature adoption and improve the product. You may opt out using browser extensions.
PostHog — Product analytics for understanding user flows. Data is anonymized.
Microsoft Clarity — Session replay and heatmaps for UX improvement. Sensitive data is masked automatically.

10.1 Email Engagement Tracking

When you send outbound messages through 247 Sales, we may track recipient engagement using the following methods:

Open tracking — A small transparent image (1x1 pixel) is embedded in outbound emails. When the recipient's email client loads this image, we record an open event with timestamp and approximate location.
Link click tracking — On Growth plans and above, URLs in outbound emails may be routed through our redirect service to record when a recipient clicks a link. The recipient is immediately forwarded to the original destination URL.

Important limitations: Apple Mail Privacy Protection and similar technologies may pre-load tracking pixels on behalf of recipients, which can inflate open counts. Open tracking data should be treated as approximate, not definitive.

You may disable email open tracking and link click tracking at any time from Settings > Channels & Integrations > Email Tracking in your account. When tracking is disabled, no tracking pixel or redirect URLs are inserted into outbound messages.

Tracking data (open and click events) is deleted when the associated message is deleted from your account (cascade deletion).

10.2 Third-Party Platform Read Receipts

Read receipts on WhatsApp and LinkedIn are platform-native features controlled by each platform and its users. 247 Sales does not insert custom tracking into messages sent via these channels. Any read or delivery status data displayed in 247 Sales is provided by the platform's API and subject to that platform's own privacy policies.

11. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

Account data, lead records, and messages are deleted within 30 days
Voice profiles and AI learning data are deleted immediately
Billing records are retained for 7 years as required by tax law
AI audit logs are retained for 365 days for compliance purposes, then deleted
Anonymized, aggregated analytics data may be retained indefinitely

12. International Data Transfers

Our servers are located in the United States (Oregon region). If you access the Service from outside the US, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses and other appropriate safeguards for EU/EEA data transfers where applicable.

13. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA/CPRA:

Right to know what personal information we collect and how it is used
Right to delete personal information
Right to opt out of the "sale" or "sharing" of personal information (we do not sell your data)
Right to non-discrimination for exercising privacy rights

14. Children's Privacy

247 Sales is a B2B service not directed at children under 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at hello@businesshelpai.com.

BusinessHelpAI LLC
Ohio, United States