1. Data we collect
HLM Routes collects:
- Operator information — name, business name, email, phone, billing address, route locations and machine inventory you provide.
- Appointment metadata — meeting timestamps, prospect business name, decision-maker name, rubric outcome.
- Call recordings and transcripts — audio of outbound calls made on your behalf, plus AI-generated transcripts.
- Account and authentication data — Clerk-managed account credentials and session tokens.
- Site-usage analytics — page views, route entries, and basic device information for product improvement and uptime monitoring.
2. How we use it
We use the collected data to deliver the service: making outbound calls on your behalf, scheduling appointments, billing held appointments, providing in-portal visibility, generating cohort survival metrics (de-identified, N≥10), and supporting customer success and dispute resolution.
We do not sell or rent your data. We do not use your data to train general-purpose AI models. AI is used only for transcription (Whisper) and operator-facing in-portal summaries — outputs are not shared cross-tenant.
3. Third-party processors
HLM Routes uses the following sub-processors. Each is contractually obligated to maintain confidentiality and use data only to deliver their service to us.
- Stripe — payment processing and metered billing.
- Clerk — account authentication and session management.
- Calendly — discovery-call scheduling (when adopted).
- Vercel — application hosting, edge runtime, and analytics.
- Neon — Postgres database hosting (encrypted at rest).
- OpenAI Whisper — call-recording transcription.
4. Data retention
We retain operator-account data for the lifetime of the account plus seven (7) years for tax and audit-trail purposes. Call recordings and transcripts are retained for two (2) years post-meeting unless you request earlier deletion. Audit logs are append-only and retained for the lifetime of the account; row-level deletion is not possible by design.
5. Your rights
You can request access to, correction of, or deletion of your data (subject to legal-retention obligations) by emailing damione@hlmroutes.com. We respond within thirty (30) days. Account deletion removes operator-personal data but preserves anonymized cohort metrics (no individual operator can be identified from aggregate-only outputs).
6. Cookies
HLM Routes uses functional cookies for authentication (Clerk) and preference cookies for fit-check segment selection and self-selector state. We do not use third-party advertising cookies. Analytics cookies (when enabled) are first-party and aggregated.
7. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is gated by MFA, least-privilege IAM, and audit-logged. Audit logs are append-only at the database ACL layer.
8. Contact
Questions about this Privacy Policy or data-rights requests can be sent to damione@hlmroutes.com.