Privacy Policy

Last updated: 2026-04-30

1. Data we collect

HLM Routes collects:

  • Operator information — name, business name, email, phone, billing address, route locations and machine inventory you provide.
  • Appointment metadata — meeting timestamps, prospect business name, decision-maker name, rubric outcome.
  • Call recordings and transcripts — audio of outbound calls made on your behalf, plus AI-generated transcripts.
  • Account and authentication data — Clerk-managed account credentials and session tokens.
  • Site-usage analytics — page views, route entries, and basic device information for product improvement and uptime monitoring.

2. How we use it

We use the collected data to deliver the service: making outbound calls on your behalf, scheduling appointments, billing held appointments, providing in-portal visibility, generating cohort survival metrics (de-identified, N≥10), and supporting customer success and dispute resolution.

We do not sell or rent your data. We do not use your data to train general-purpose AI models. AI is used only for transcription (Whisper) and operator-facing in-portal summaries — outputs are not shared cross-tenant.

3. Third-party processors

HLM Routes uses the following sub-processors. Each is contractually obligated to maintain confidentiality and use data only to deliver their service to us.

  • Stripe — payment processing and metered billing.
  • Clerk — account authentication and session management.
  • Calendly — discovery-call scheduling (when adopted).
  • Vercel — application hosting, edge runtime, and analytics.
  • Neon — Postgres database hosting (encrypted at rest).
  • OpenAI Whisper — call-recording transcription.

4. Data retention

We retain operator-account data for the lifetime of the account plus seven (7) years for tax and audit-trail purposes. Call recordings and transcripts are retained for two (2) years post-meeting unless you request earlier deletion. Audit logs are append-only and retained for the lifetime of the account; row-level deletion is not possible by design.

5. Your rights

You can request access to, correction of, or deletion of your data (subject to legal-retention obligations) by emailing damione@hlmroutes.com. We respond within thirty (30) days. Account deletion removes operator-personal data but preserves anonymized cohort metrics (no individual operator can be identified from aggregate-only outputs).

6. Cookies

HLM Routes uses functional cookies for authentication (Clerk) and preference cookies for fit-check segment selection and self-selector state. We do not use third-party advertising cookies. Analytics cookies (when enabled) are first-party and aggregated.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is gated by MFA, least-privilege IAM, and audit-logged. Audit logs are append-only at the database ACL layer.

8. Contact

Questions about this Privacy Policy or data-rights requests can be sent to damione@hlmroutes.com.