How we handle your data.

We collect three categories of data: account data (your name, email, business details, billing info), product data (calls answered by LARA, chat sessions handled by Pulse, review requests sent by Boost), and usage data (how you interact with the platform — pages visited, features used, errors encountered).

Account data

When your account is created, we collect your name, email, business name, phone number, and the platform tier you're on. Billing details (card-on-file, billing address) are collected and stored by Stripe — we never see your full card number.

Product data

When LARA answers a call, we record the call audio, transcribe it, and store the transcript along with metadata (caller number, duration, outcome). When Pulse handles a chat, we store the conversation thread along with the visitor's session metadata. When Boost sends a review request, we store the contact, channel, and delivery status.

Usage data

We collect anonymized analytics about how you use the dashboard so we can improve the product — page views, feature interactions, and error reports.

We use your data for one purpose: to operate the Laddr platform you're paying for. Specifically:

• To answer your phone calls, chats, and review requests on your behalf
• To bill you for the service
• To notify you of activity in your account
• To improve the product (anonymized usage analytics only)
• To detect and prevent fraud and abuse

We do not sell your data. We do not share your customer data with third parties for advertising. We do not train our models on your private data without explicit, opt-in consent.

We share data with a small number of vendors required to operate the platform:

• Twilio — phone numbers and call routing for LARA
• OpenAI — language model for Pulse and LARA responses (private deployments, no training)
• Supabase — database and authentication
• Stripe — billing
• Resend — transactional email
• Vercel — application hosting

Each of these vendors is contractually bound to handle your data securely and only for the purpose of providing their service. We have signed Data Processing Agreements with all of them.

You can access, export, correct, or delete your data at any time from your account settings. If you can't find what you're looking for, email us and we'll handle it within 7 days.

If you're in California, the EU, or the UK, you have additional rights under CCPA, GDPR, or UK GDPR — including the right to object to processing and the right to data portability.

We keep your account and product data for as long as you have an active account, plus 90 days after cancellation (so you can reactivate without data loss).

After that 90-day window, we delete your account data. Anonymized usage analytics may be retained longer for product improvement. Billing records are kept for 7 years for tax and legal compliance.

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). We use SOC-2-aligned controls including least-privilege access, audit logging, and regular vulnerability scanning. We have not had a publicly disclosable security incident.

If we do have one, we'll notify affected customers within 72 hours of confirming the incident.

We update this policy when our practices change. Material changes are announced 30 days in advance via email and a banner in the dashboard. The "Last updated" date at the top of this page reflects the latest revision.

Privacy questions: privacy@useladdr.com

Data requests, including access, export, or deletion: privacy@useladdr.com

Mailing address: Laddr Inc., 1234 Main St., Buffalo, NY 14216, USA