Privacy Policy

This policy explains what data FounderHire.ai ("we," "us") collects, how we use it, and the choices you have. It applies to visitors, prospects who use our wizard, paying customers, and the end users who interact with customer websites we build and host.

1. Data we collect

• Contact info you give us when you fill the wizard, contact form, or sign up — business name, email, phone, industry, services, and the design brief you type into the "describe what you want" field.
• Payment info handled by Stripe (live mode). We do not see or store card numbers; we only receive a Stripe customer ID, subscription metadata, and the webhook events needed to provision your site and run billing.
• Account credentials — when you sign in, we store an email address, an optional password (bcrypt-hashed), and a random session token (hashed before storage). Sessions auto-expire after 30 days, or 30 minutes of inactivity, whichever comes first.
• Images you upload for use on your site (logo, gallery, headshots). Stored in AWS S3 in your tenant's scope.
• Chatbot conversations on your tenant site — questions visitors ask the AI receptionist plus the AI's replies. Kept per-tenant in an isolated Postgres schema.
• Voice receptionist data — if you enable the AI Operator tier or the phone-receptionist add-on, call recordings, transcripts, and caller metadata are processed by Vapi (orchestrator), ElevenLabs (voice synthesis), Deepgram (transcription), and Claude (responses). Retention windows are set per Vapi's defaults; you can request deletion at any time.
• Usage data from PostHog: pages viewed, button clicks, wizard funnel events. Pseudonymous unless you sign in.
• Error data from CloudWatch (and Sentry, if enabled): stack traces, URLs, and the user-agent of the request that errored.
• Server logs kept for 30 days for debugging and security.

2. How we use it

• Respond to your inquiry and provide the service.
• Generate your website preview, and (if you pay) build the real Next.js codebase, push it to your dedicated private GitHub repository, and deploy it via AWS Amplify Hosting.
• Power the AI receptionist (text chatbot or voice) on your tenant site using your business's own information as grounding context.
• Bill you and keep your subscription active.
• Send service emails (welcome, magic-link sign-in, save-and-resume, dunning).
• Improve the product based on aggregate behavior.

What we don't do. We don't sell your data. We don't train third-party AI on your data without your consent. We don't share it with advertisers.

3. AI processing

To generate previews, build sites, run the chatbot, and power voice calls, we send the information you provide (business name, industry, services, design brief, chatbot/voice conversation turns) to Anthropic via its API. Anthropic processes the data to return a response; per its commercial terms, inputs are not used for model training. Logs are retained briefly for abuse monitoring.

For the chatbot specifically, we generate vector embeddings of your wizard answers using Voyage AI (or OpenAI as fallback) and store them in a per-tenant Postgres schema isolated from every other tenant.

4. Subprocessors

We rely on the following third parties, each under their own terms and security commitments:

• AWS — hosting (Amplify), database (RDS Postgres), email (SES), file storage (S3), monitoring (CloudWatch), DNS (Route 53)
• Stripe — payments and subscription billing (live mode)
• GitHub — code hosting for your per-tenant repository
• Anthropic — AI text generation (Claude Sonnet, Haiku)
• Voyage AI — vector embeddings for the chatbot (primary)
• OpenAI — embeddings fallback if Voyage is unavailable
• Vapi — voice receptionist orchestration (AI Operator tier)
• ElevenLabs — voice synthesis for the voice receptionist
• Deepgram — speech-to-text transcription (via Vapi)
• Resend — transactional email delivery
• Unsplash — stock image search and licensing
• Google — business email (Workspace) and Google Business Profile sync
• PostHog — product analytics
• Sentry — error monitoring

5. Cookies and similar tech

We use a small number of cookies for authentication (fh_session, our own HTTP-only session cookie) and analytics (PostHog). No third-party advertising cookies. You can disable cookies in your browser; the site will still work but some features (sign-in, save-and- resume) require them.

6. Data retention

Active customer data is kept for the duration of your subscription plus 90 days after cancellation (in case you reactivate). Wizard sessions that never convert are kept for 1 year, then deleted; saved-for-later magic links expire after 30 days. Chatbot conversation logs: 12 months. Voice call transcripts: per Vapi defaults (currently 30 days). Server logs: 30 days. Aggregate analytics: indefinite.

7. Your rights

Depending on where you live (California, EU/UK, others), you may have rights to access, correct, delete, or port your data, and to object to certain processing. To exercise any of these, email Danny.youngworth@founderhire.ai from the address associated with your account. We'll respond within 30 days.

We don't sell or share personal information for cross-context behavioral advertising (CCPA).

8. Children

Our services are for businesses and not directed at children under 13. We don't knowingly collect personal information from minors.

9. Security

We use industry-standard practices: TLS everywhere, encrypted at rest in AWS RDS and S3, bcrypt-hashed passwords, hashed session tokens, Stripe-managed payments (PCI DSS Level 1), per-tenant data isolation (each customer's data lives in its own Postgres schema and its own private GitHub repository and Amplify app), and tenant-name validation before any SQL identifier interpolation. No system is 100% secure — we'll notify affected users promptly if there's ever a breach.

10. International transfers

Our infrastructure is in the United States. If you access the service from outside the US, you consent to your data being transferred to and processed in the US.

11. Changes

We may update this policy. When we do, we'll update the "Last updated" date and post the new version here. Material changes will be flagged on the site.

12. Contact

Privacy questions: Danny.youngworth@founderhire.ai.