← Full Dispatch

Privacy Policy

Effective May 21, 2026

This Privacy Policy explains what information Full Dispatch collects, how we use it, and your rights regarding that information.

1. Information We Collect

Information you give us

  • Email address — to deliver your audit and subsequent communications.
  • Website URL— to audit your business's public marketing footprint.
  • Business name (optional during audit; required on Module purchase) — to label your account and personalize deliverables.
  • Payment information — processed by Stripe; we never see or store your credit card details.
  • OAuth tokens — when you connect Google Tag Manager, Google Business Profile, or Buffer, we store the refresh token issued by that platform so we can take authorized actions on your behalf.

Information we collect from public sources during your audit

  • Content from your business's website (homepage, About page, service pages, blog posts) via our web crawler.
  • Public information about your business from third-party services: Google Business Profile (ratings, reviews, photos, hours), Yelp listing, Better Business Bureau profile, Facebook page, and similar publicly available directories.
  • Domain registration metadata and Internet Archive snapshots (operator history signals).

Information collected automatically

  • Standard web-traffic data (IP address, browser type, page-load timing) collected via our analytics provider.
  • Cookies and similar technologies to keep you logged in and remember your session across requests.

2. How We Use Information

  • To run your audit and generate your personalized findings.
  • To deliver Modules you have purchased.
  • To send transactional emails (audit-ready, purchase confirmation, magic-link login).
  • To send marketing communications about Full Dispatch (you can unsubscribe at any time).
  • To improve our service, including training data used by our AI prompts.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.

3. Subprocessors

We use the following service providers to deliver our service. Each handles data on our behalf and is bound by their own privacy commitments:

  • Supabase — database + authentication
  • Vercel — application hosting
  • Stripe — payments
  • Resend — transactional and marketing emails
  • Anthropic — large-language-model inference for analysis and content generation
  • Google (Tag Manager API, Business Profile API, PageSpeed Insights API, OAuth) — Module installation and audit signals
  • SerpAPI — Google search results and Maps data
  • Tavily — research API used for sourcing citations in generated blog content
  • Buffer — social-post scheduling for the Social Presence module
  • Twilio — SMS for review-request automation and the GBP Photo Engine inbound photo flow

4. SMS Communications

When you purchase the Review Request Automation or GBP Photo Engine module, Full Dispatch provisions a dedicated SMS number on your behalf (we handle the Twilio account — you don't need one). The number is used to:

  • Outbound: send a single review-request SMS to your customers after their job is marked complete in your scheduling tool. Message frequency is limited to one per completed job. Recipients can reply STOP to unsubscribe at any time — Twilio automatically honors the opt-out across all future messages from that number.
  • Inbound (GBP Photo Engine only): receive job photos your technicians text in from the field. Inbound messages are stored only long enough to upload the attached photo to your Google Business Profile.

Consent: end customers consent to receive review-request SMS at the time of service via the established business relationship with the HVAC operator using Full Dispatch. Operators are responsible for ensuring their service terms or job-completion forms include SMS consent language for their customers. Standard message and data rates may apply.

Carriers may classify our messages under the A2P 10DLC framework. We register all phone numbers for compliance with Twilio's and U.S. carrier requirements.

5. Data Retention

We retain your audit data and account information for as long as your account is active and for a reasonable period after cancellation to fulfill our legal and operational obligations (typically up to 7 years for financial records as required by U.S. tax law). You may request deletion of your account at any time via support@fulldispatch.ai.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct any inaccurate information
  • Request deletion of your information (subject to legal-retention exceptions)
  • Withdraw consent for marketing communications
  • Receive your information in a portable format

To exercise any of these rights, email support@fulldispatch.ai.

7. Security

We protect your information using industry-standard practices: TLS for data in transit, encryption at rest for sensitive fields (OAuth tokens, license keys), least-privilege database access, and regular security review. No system is perfectly secure; in the unlikely event of a data breach affecting your information, we'll notify you within 72 hours.

8. Children

Our service is for businesses, not individuals under 18. We do not knowingly collect information from anyone under 18.

9. International Transfers

We're based in the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S.

10. Changes to This Policy

We may update this policy occasionally. We'll notify active customers of material changes via email. Continued use after notice constitutes acceptance.

11. Contact

Questions or requests? Email support@fulldispatch.ai.