Legal

Privacy Policy

Last Updated: April 21, 2026

Whitmore AI, Inc (the “Company”) is committed to maintaining robust privacy protections for its users. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.

For purposes of this Agreement:

“Site”refers to the Company's website at https://heywhitmore.ai or through our mobile application.
“Service”refers to the Company's services accessed via the Site, in which users can use Whitmore as an AI personal assistant for their business — to learn their business and advise on growth, keep them organized through tasks, and handle leads and customer requests through the AI receptionist.
“we,” “us,” and “our” refer to the Company.
“You” refers to you, as a user of our Site or our Service.

By accessing our Site or our Service, you accept our Privacy Policy and Terms of Use (found at https://heywhitmore.ai/terms), and you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Policy.

I. Information We Collect

We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit, and number of clicks. Personal Information includes your email address, phone number (when you opt into SMS or voice channels — see Section II.A), business name, business website, contact information, and information you submit through demo requests, lead forms, account registration, and ongoing use of the Service.

1. Information collected via Technology

To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you do not need to submit further Personal Information beyond what is necessary for the specific feature (e.g., a phone number is required to use SMS or voice channels). However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user's browser from our servers and are stored on the user's computer hard drive. Sending a cookie to a user's browser enables us to collect Non-Personal information about that user and keep a record of the user's preferences when utilizing our services, both on an individual and aggregate basis. For example, the Company may use cookies to collect the following information:

Authenticated session state (so you stay logged in across page loads)
Page views, time on page, and click paths (for product analytics)
Feature flag and experiment assignments (so the same user sees a consistent experience)
Referring URL, UTM parameters, and source-attribution metadata
Device, browser, and screen-size class (so we can render the right responsive layout)

The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser. For example, we store a persistent cookie to track your authenticated session and your accepted-cookies preference.

2. Information you provide us by registering for an account

In addition to the information provided automatically by your browser when you visit the Site, to become a subscriber to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your email address, business name, and creating a password (or signing in via a supported third-party identity provider). By registering, you are authorizing us to collect, store and use this information in accordance with this Privacy Policy.

If you connect third-party services (e.g., Google Calendar, Google Analytics, Meta / Facebook / Instagram, Composio integrations, Canva, Notion, etc.) to your Whitmore account, we collect and store the access tokens, scopes, and metadata necessary to operate those integrations on your behalf, plus the data those services return when we call them on your authorization. We do not access more data than the scopes you grant.

3. Children's Privacy

The Site and the Service are not directed to anyone under the age of 13. The Site does not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at privacy@heywhitmore.ai.

Personal Information

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company — for example:

Email delivery providers(transactional email, newsletter, account notifications) — receive your email address and the message contents we ask them to deliver
SMS / voice carriers and aggregators(e.g., Twilio) — receive your phone number and the message or call content we ask them to deliver
AI / large-language-model providers(e.g., Anthropic, OpenAI) — receive prompts and supporting context (your tasks, contacts, conversations as relevant to the request) so the AI can generate the response you asked for. See Section II.A for more detail on AI processing.
Cloud infrastructure providers(Vercel, Supabase, Cloudflare) — host and serve the Site and Service
Analytics providers(e.g., PostHog, Sentry) — receive Non-Personal usage and error data; minimized Personal Information where unavoidable

Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy and their own privacy commitments. We pick vendors with appropriate data-handling commitments (BAAs / DPAs where applicable).

In general, the Personal Information you provide to us is used to help us communicate with you and operate the Service. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, inform users about promotional offers, deliver the AI assistance you've asked for, run the AI receptionist on your behalf, and send the SMS / voice / email messages you initiate or that the AI sends on your authorization.

We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Use, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

II.A. SMS, Voice, and AI-Handled Communications

This section describes the data we collect and process when you use Whitmore through SMS, voice, or any AI-handled communication channel.

What we collect:

Phone numbers that you provide for SMS, voice calls, or related channels
Message and call content— the text of SMS messages you send and receive through Whitmore, transcripts of voice calls, voice audio recordings (where you have consented per Section II.A “Recordings” below), and metadata (timestamps, message direction, duration, channel)
AI processing artifacts— the prompts, system instructions, retrieved business context (your tasks, contacts, conversation history relevant to the request), tool-call parameters, and AI-generated responses produced when the AI handles a communication on your behalf

How we use it:

Operate the Service. Deliver SMS and voice as you instructed, route inbound customer messages to the receptionist, generate AI responses to customer inquiries, transcribe voice for accessibility and search.
Improve the Service. Aggregated and de-identified message data may be used to improve agent prompts, response quality, evaluation suites, and product features.
Quality, training, and debugging. Recordings and transcripts may be reviewed by Company personnel or AI systems for quality assurance, troubleshooting, fraud prevention, and product improvement.
AI provider processing. Prompts and supporting context are sent to our AI providers (e.g., Anthropic) for inference. Per provider policy, this data is processed only to generate the response and is not used by the AI provider to train their models without explicit additional consent.

Recordings and transcripts:

Voice and SMS communications with Company may be recorded and/or transcribed. By initiating contact through SMS or voice with Company you acknowledge and consent to recording and transcription. If you are calling or messaging from a jurisdiction that requires two-party consent for recording (such as California, Florida, Illinois, Massachusetts, Pennsylvania, and Washington), your continued use of the messaging channel after this notice constitutes that consent.

AI-assisted communications:

Some communications you receive from Company — and many communications between Whitmore and your end-customers when you use the AI receptionist — may be generated, drafted, or partially handled by an AI agent. By initiating contact through SMS or voice you acknowledge and consent to AI-assisted handling of those communications.

Opt-out from AI training / improvement use:

You may opt out of having your messages, transcripts, or AI-processing artifacts used in aggregated form for product improvement by emailing privacy@heywhitmore.ai with subject “Opt out of AI improvement use.” Opting out does not affect the operation of the Service for you — we'll still process your data to deliver the features you're using, just not retain it for product-improvement aggregates.

Retention:

Active conversation data (messages, transcripts, recordings tied to live customer relationships) is retained for as long as your account is active or for the period needed to provide the Service.
Account closure: when you close your account, we delete your Personal Information and conversation history within 90 days, except where retention is required by law (e.g., financial records, dispute resolution).
Aggregated / de-identified data may be retained beyond account closure since it cannot be linked back to you.

Customer vs. end-user distinction (important):

If you are a Company customer using the Whitmore platform to communicate with your end-users (for example, an AI receptionist responding to your customers via SMS), the privacy and consent obligations to those end-users are governed by a separate Platform Service Agreement between you and Company, and by the laws and carrier rules applicable to your business. You are responsible for: (1) obtaining lawful consent from your own end-users before initiating SMS or voice communications through the platform on your behalf, (2) maintaining your own privacy policy that covers your customers' interactions with you, and (3) honoring any opt-out requests your end-users make. Company stores and processes the resulting data on your behalf as your service provider.

Non-Personal Information

In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.

III. How We Protect Information

We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password (or third-party identity provider) and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption in transit (TLS), encryption at rest for sensitive fields, row-level security on multi-tenant data, scoped third-party access tokens, regular dependency patching, and audit logging. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.

If we discover a security incident affecting your Personal Information, we will notify affected users in accordance with applicable law.

IV. Your Rights Regarding the Use of Your Personal Information

You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail, or by replying STOP to any SMS message. You can also indicate that you do not wish to receive marketing communications from us in the Account Settings section of the Site. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the Account Settings, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy or notifications about your account activity.

You also have the right to:

Access your Personal Information held by us — request a copy via privacy@heywhitmore.ai
Correctinaccurate Personal Information — most fields can be self-edited in Account Settings; for fields you can't edit, contact privacy@heywhitmore.ai
Deleteyour account and Personal Information — initiate deletion in Account Settings; we will complete deletion within 90 days subject to legal retention obligations
Opt out of AI improvement aggregation— see Section II.A “Opt-out from AI training / improvement use”
Export your data — request a portable export of your Personal Information via privacy@heywhitmore.ai

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another jurisdiction with a comprehensive privacy law, you may have additional rights under those laws. Contact us at privacy@heywhitmore.ai to exercise them.

V. Links to Other Websites

As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.

VI. Changes to Our Privacy Policy

The Company reserves the right to change this policy and our Terms of Use at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.

VII. Contact Us

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to privacy@heywhitmore.ai.

Last Updated: This Privacy Policy was last updated on April 21, 2026.