Privacy Policy

SmileBrightis currently operated by its founder while company registration is being completed. These terms will be updated with the registered entity's details once incorporation is final. Paid plans are not yet enabled.

This Privacy Policy explains how SmileBright (registration in progress) (“SmileBright”, “we”, “us”) handles personal information when you use our AI receptionist service (the “Service”) and when your customers interact with an AI receptionist you have set up.

1. Information we collect

From business owners (our customers)

• Account details: name, email address, password (stored hashed), and country.
• Business details you enter: business name, address, staff, services, and hours.
• Billing details processed by our payment provider when you subscribe to a paid plan.

From callers (your customers)

• Contact details they provide, such as name, phone number, and email.
• Appointment details and the content of their conversation with the AI.
• Call metadata such as time, duration, and outcome, and call recordings or transcripts where applicable.

2. How we use information

• To provide and operate the Service — answering calls, booking appointments, sending notifications.
• To create and manage your account and process payments.
• To improve reliability, quality, and safety of the Service.
• To communicate with you about your account, security, and important changes.
• To comply with legal obligations and prevent fraud or abuse.

3. Roles — who controls the data

For information about your account, we act as the data controller. For information about your customers that we process when they interact with your AI receptionist, we act as a processor on your behalf — you are the controller and are responsible for having a lawful basis to collect and use that information.

4. Sharing and third parties

We share data only as needed to run the Service, with providers acting on our instructions, including: cloud hosting and database, AI voice and language providers, telephony providers, calendar providers (where you connect one), messaging/email providers for notifications, and our payment processor. We do not sell your personal information.

We may disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users and the public.

5. Google user data

When you connect a Google account to sync bookings to Google Calendar, we request access to your Google Calendar (the https://www.googleapis.com/auth/calendarscope). We use this access solely to create, update, and cancel the appointment events that you or your AI receptionist book, on the calendar you select. We store an encrypted Google refresh token to perform these actions and the connected account's email address to show you which account is linked. You can disconnect Google at any time, which revokes our access and deletes the stored token.

SmileBright's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, we do not sell it, and we do not allow humans to read it except with your consent, for security purposes, or as required by law.

6. Data retention

We keep personal information for as long as your account is active or as needed to provide the Service, and afterwards only as required for legal, accounting, or legitimate business purposes. You can request deletion as described below.

7. Security

We use reasonable technical and organisational measures to protect personal information, including encryption in transit, access controls, and row-level isolation between business accounts. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your rights

Subject to applicable law, you may request to access, correct, or delete your personal information, or object to certain processing. To make a request, email support@smilebright.co.in. If your request relates to a caller's data processed on behalf of a business, we may direct it to that business.

9. Children

The Service is intended for businesses and is not directed at children. We do not knowingly collect personal information from children.

10. International processing

Our providers may process data in countries other than yours. Where this happens, we take steps to ensure appropriate safeguards are in place.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will update the “last updated” date above and, where appropriate, notify you of material changes.

12. Contact

For privacy questions or requests, email support@smilebright.co.in or see our Contact page.