Privacy Policy. In plain English.

Adrective, Inc. (“Adrective,” “we,” “us”) is a U.S. company that designs, installs, and operates AI-powered front-office systems for local service businesses. Our flagship service, Clovis, answers phone calls, books appointments, and handles customer follow-up on behalf of our customers.

This Privacy Policy explains how we handle information when you visit our website, contact us, apply for an audit, become a customer, or interact with a business that uses our service.

When a local business hires us to run their front office, that business is the data controller of its customers’ information. We act as the data processor — we handle the data on their behalf under a Data Processing Agreement. This policy explains both roles.

From you, directly

• Contact & account information — your name, business name, email, phone number, role, and service area when you apply for an audit or sign a service agreement.
• Audit intake — what you tell us about your phone system, website, ad spend, current vendors, customer volume, average ticket size, and existing systems so we can produce your report.
• Billing — payment-method information processed by our payment processor (Stripe). We don’t store full card numbers ourselves.
• Direct communications — the content of emails, messages, calls, and Slack threads you exchange with us.

Automatically, while you use the site

• Device & usage data — IP address, browser type, device type, pages visited, referring URL, timestamps, and similar standard server-log fields.
• Cookies & similar technologies — first-party cookies for session state and motion preference; analytics cookies (described in §08).
• Approximate location — derived from IP address. We do not collect precise GPS location from website visitors.

As a service processor (when you are our customer’s customer)

If you call, text, or fill out a form for a local business that uses Clovis, we may process the following on that business’s behalf:

• Your name and the phone number you called from.
• The content of your conversation with Clovis — both the audio recording and a transcript — when required by the business’s call-recording disclosure.
• Any details you share during the call (e.g., what service you need, address for service, preferred appointment time).
• Calendar entries, SMS confirmations, and CRM records created as a result of your call.

The local business you called is the controller of this data. To exercise your rights regarding it, contact that business directly. We will assist them in fulfilling your request within the timeframes the law requires.

What we don’t collect

• We don’t buy personal data from third-party brokers.
• We don’t collect Social Security numbers, government IDs, or other sensitive identifiers unless explicitly required by law for a specific transaction.
• We don’t collect biometric identifiers (fingerprints, retina scans, etc.). Voice recordings are not used as biometric identifiers — see §05.

We use the information we collect for the following purposes:

• To provide the service. Run audits, install systems, operate Clovis, route phone calls, book appointments, send SMS confirmations, manage ad campaigns, and report results.
• To communicate with you. Audit results, onboarding details, support, service updates, and billing communications.
• To improve our service. Aggregate, anonymized analysis of call performance, ad performance, and conversion outcomes to make Clovis and our processes better.
• To meet legal obligations. Tax records, regulatory compliance, and responding to lawful requests.
• To protect against fraud and abuse. Detect and prevent unauthorized use, security incidents, or violations of our terms.

We do not use customer or end-user data to train general-purpose AI models that are then offered to other companies. Voice samples are used only to operate the specific Clovis instance for the specific business that owns the account — and only with the data controller’s authorization.

We do not sell personal information. Period.

We share information only in these limited circumstances:

Service providers (sub-processors)

We use a small number of well-vetted vendors to operate the service. Each one is contractually bound to handle data only as we instruct, with security and confidentiality obligations equivalent to or stronger than our own. As of the effective date, our primary sub-processors include:

• ElevenLabs — conversational AI voice generation.
• Twilio — phone-call routing, recording, and SMS delivery.
• Stripe — payment processing.
• Amazon Web Services — hosting and storage (US regions).
• Google Workspace — email and document collaboration with the customer.
• Vercel — web hosting and edge delivery.

A current sub-processor list is available at privacy@adrective.ai on request.

With your business

If you call a local business that uses Clovis, the resulting call summary, transcript, recording, and any booking details are shared with that business as its own records. They are the controller of that data.

Legal & safety

We may disclose information if required to do so by law, valid subpoena, court order, or regulatory authority; to enforce our terms; or to protect the rights, safety, or property of Adrective, our customers, or the public.

Business transfers

If Adrective is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you and give you the chance to opt out of continued processing where required by law.

Because Clovis is an AI receptionist, call recording and voice handling deserve their own section.

Recording disclosure

When you call a business that uses Clovis, the call may be recorded. Where the law requires consent — for example, in California, Florida, and other two-party-consent states — Clovis is configured to disclose the recording at the start of the call before any substantive conversation begins.

What we do with the recording

• Audio and transcript are stored under the customer business’s account so the business can review their own calls.
• We use the recording to deliver the immediate service (book the appointment, send the SMS, log the CRM entry).
• We may use anonymized recordings to improve Clovis’s performance for that specific business — never to train external or third-party AI products.

Voice cloning & biometrics

The voice you hear on a Clovis call is a synthetic voice licensed from our voice provider or, where applicable, custom-trained from voice samples provided by the business owner with explicit written consent. We do not create voice clones of callers or end users, and we do not use voice recordings as biometric identifiers under the meaning of the Illinois Biometric Information Privacy Act (BIPA), the Texas CUBI Act, or similar state biometric laws.

Deleting a recording

To request deletion of a specific call recording or transcript, contact the business you called. They control the data. If you can’t reach them, email privacy@adrective.ai and we will help coordinate the request.

We hold on to information only as long as we need it to operate the service and meet our legal obligations.

After retention periods expire, data is either deleted or fully anonymized so it can no longer be linked back to you.

Depending on where you live, you may have any or all of the following rights regarding your personal information. You can exercise any of these by emailing privacy@adrective.ai.

• Access — request a copy of the information we hold about you.
• Correction — ask us to fix anything that’s inaccurate.
• Deletion — ask us to delete your information, subject to our legal-retention obligations.
• Portability — receive a machine-readable copy of your data and have it sent to another provider.
• Opt-out of marketing — unsubscribe from our emails any time using the link at the bottom of the email or by replying STOP to SMS.
• Opt-out of profiling — we do not profile you or run automated decisions that produce legal effects about you.
• Withdraw consent — where we rely on consent to process your data, you can withdraw it at any time.
• Complain — lodge a complaint with your local data-protection authority. For EU residents that is your national DPA; for California residents that is the California Privacy Protection Agency.

We respond to verified requests within 30 days and never charge a fee for the first request in any 12-month period.

California residents (CCPA / CPRA)

We do not sell or share personal information for cross-context behavioral advertising. If our practices change we will update this policy and provide a “Do Not Sell or Share My Personal Information” link as required by law.

EU / UK residents (GDPR / UK-GDPR)

For visitors and customers in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing are: (a) performance of a contract; (b) compliance with a legal obligation; (c) our legitimate interests in operating and improving the service; or (d) your consent where required.

We use a small set of cookies and similar technologies:

• Strictly necessary — session state, motion preference, security tokens. Cannot be disabled without breaking the site.
• Analytics — aggregated, privacy-preserving analytics (no cross-site tracking, no fingerprinting). You can opt out at any time using your browser’s Do Not Track signal or Global Privacy Control (GPC); we honor both.
• Advertising — we do not use third-party advertising cookies on this website.

You can manage cookies in your browser settings. Disabling necessary cookies will prevent parts of the site from working.

We treat information security as part of the product, not an afterthought. Specifically:

• All data in transit is encrypted with TLS 1.2 or higher.
• All data at rest is encrypted with AES-256.
• Access to production systems is limited to the smallest possible group, requires hardware-key MFA, and is logged.
• We run quarterly third-party penetration tests and annual SOC 2 Type II audits.
• We follow a documented incident-response process. If a breach affects you, we will notify you within 72 hours of confirming the incident, as the law requires.

No system is perfectly secure. We take reasonable steps to protect your information, but we cannot guarantee absolute security, and you share information at your own risk.

Adrective is a U.S. company. If you are located outside the U.S., your information will be transferred to and processed in the United States and other countries where our sub-processors operate. We use Standard Contractual Clauses (SCCs) and other appropriate safeguards for transfers from the EU, UK, and Switzerland.

Our service is for business owners. It is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal information, email privacy@adrective.ai and we will delete it.

We will update this policy when we change how we handle information — for example when we add a sub-processor or launch a new feature. We will update the “Effective” date at the top of this page, and for material changes we will notify active customers by email at least 14 days before the change takes effect.

Continued use of the service after the effective date of a change means you accept the updated policy.

Privacy questions, data requests, or anything else covered by this policy:

We meant what we said at the top: if any part of this page is unclear, write to us and a real human will answer.