Privacy Policy

Last updated: April 21, 2026

ClearShield Advisory ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard information when you interact with our services. ClearShield Advisory operates an AI-powered voice receptionist platform used by service businesses (including but not limited to moving companies, barbers and salons, plumbers, and HVAC contractors). Our platform answers inbound phone calls, books appointments, issues quotes, and — where the merchant has authorized it — issues payment links and invoices on the merchant's behalf.

ClearShield Advisory is located at 100 N Howard St, Suite R, Spokane, WA 99201.

We serve two categories of people, and this policy addresses both:

• Merchants — business owners who subscribe to ClearShield and connect their phone, calendar, and optionally their payment processor to our platform.
• End users (callers) — consumers who call a phone number managed by ClearShield on behalf of a merchant, and who may receive SMS messages or payment links as a result.

Information We Collect From End Users (Callers)

• Contact information: Name, phone number, and (where given) email address provided during phone calls
• Call data: Call recordings, real-time transcripts, duration, and timestamps. Calls may be recorded for quality assurance; you will be notified at the beginning of the call.
• Appointment details: Date, time, service requested, and notes related to scheduled appointments
• Quote inputs: Information you provide that our AI uses to generate a quote (e.g., move origin/destination, bedroom count, service type)
• SMS consent status: Whether you opted in or out of receiving text message confirmations, quotes, or payment links
• Payment interactions: If the merchant has enabled payment collection and you elect to proceed with a deposit or invoice, the payment itself is processed by the merchant's own Stripe or Square account — see "Payment Processor Integration" below. We do not see, store, or transmit cardholder data.
• Website usage data: Standard analytics data such as pages visited, browser type, and IP address

Information We Collect From Merchants

• Business profile: Legal business name, trade name (DBA), business type, service area ZIP codes, business hours, and owner contact information
• Billing information: Subscription payment details processed through Stripe. We do not store raw card numbers; Stripe stores those on its own PCI-compliant infrastructure.
• User accounts: Owner and staff email addresses for portal login (authenticated via Google Sign-In)
• Pricing configuration: Per-tenant pricing rules the merchant enters into their portal
• OAuth authorization tokens: When a merchant connects Google Calendar, Stripe, or Square, we store the access and refresh tokens issued by those providers so we can act on the merchant's behalf during calls. See "Third-Party Authorizations" below.

How We Use Your Information

For end users:

• To schedule and confirm appointments you request from the merchant
• To generate quotes when you ask for pricing
• To send SMS confirmations, quote follow-ups, or payment links (only with your explicit verbal consent during the call)
• To provide the merchant with contact information and call notes so they can follow up with you
• To improve call quality and agent accuracy

For merchants:

• To operate the voice agent on the merchant's phone number
• To book appointments into the merchant's connected Google Calendar
• To issue payment links or invoices against the merchant's Stripe or Square account when the agent is asked to do so during a call
• To bill the merchant for their ClearShield subscription
• To send transactional notifications (onboarding welcome, OAuth connection confirmations, usage summaries, billing notices)
• To provide customer support
• To comply with legal obligations

Third-Party Authorizations (OAuth)

Our voice agent integrates with third-party platforms on the merchant's behalf. The merchant explicitly authorizes each integration through a standard OAuth flow initiated from their ClearShield portal. For each integration, we request only the permissions necessary to perform the merchant's requested functions.

Google Calendar

When a merchant authorizes Google Calendar access, we receive an OAuth refresh token with the https://www.googleapis.com/auth/calendar scope. We use this token solely to create, update, and read appointment events on the merchant's primary calendar during a live call. We do not read unrelated calendar data, and we do not use calendar contents for any purpose other than appointment booking on that specific merchant's behalf. Refresh tokens are stored encrypted at rest.

Stripe (Stripe Connect)

When a merchant connects Stripe, we use the Stripe Connect OAuth flow to obtain the merchant's Stripe account ID. All payment link and invoice creation is performed via Stripe's API using our platform's credentials together with a Stripe-Account header identifying the merchant's connected account. We never receive or store the merchant's own Stripe secret key. Funds from payment links and invoices flow directly from the payer to the merchant's Stripe account — ClearShield Advisory does not touch the money.

Square

When a merchant connects Square, we obtain OAuth access and refresh tokens from Square via the OAuth 2.0 flow, scoped to the minimum permissions required (PAYMENTS_WRITE, ORDERS_WRITE, INVOICES_WRITE, CUSTOMERS_WRITE, MERCHANT_PROFILE_READ). We use these tokens solely to create payment links, invoices, and related customer/order records during calls. Tokens are stored encrypted in AWS Secrets Manager, automatically refreshed before expiry, and revoked when the merchant clicks "Disconnect" in their portal. Funds flow directly from the payer to the merchant's Square account — ClearShield Advisory does not touch the money.

Revocation

Merchants may revoke any integration at any time by clicking "Disconnect" on the relevant provider in their ClearShield portal Settings page, or by revoking directly through Stripe's, Square's, or Google's own dashboards. Upon revocation, the associated tokens are deleted from our systems within 24 hours.

Cardholder Data and PCI Scope

ClearShield Advisory does not store, process, or transmit cardholder data. When an end user pays a deposit or invoice generated through our platform, they interact directly with Stripe's or Square's hosted payment pages. The card number, expiry, and CVV are entered on the processor's infrastructure and never traverse ClearShield's systems. This keeps ClearShield out of PCI DSS scope for cardholder data environments.

SMS Messaging

We send SMS messages only when an end user explicitly consents during a phone call with our voice assistant. Messages are limited to appointment confirmations, quote follow-ups, and payment/invoice links triggered by the same call. We do not send marketing, promotional, or recurring messages. You can opt out at any time by replying STOP to any message. Standard message and data rates may apply. Typical frequency: one message per booking or payment request.

Use of AI Technology

Our phone system uses AI-powered voice assistants to handle inbound calls. This includes AI language models to conduct conversations, AI voice synthesis to generate spoken responses, and AI transcription to convert speech to text. Your call audio and transcribed text are processed by these AI service providers solely to facilitate the call and execute the merchant's requested actions (booking, quoting, payment link generation). We do not use your data to train AI models.

Information Sharing

We do not sell, rent, or trade personal information. We share information only with:

• Service providers: Third-party infrastructure that powers our service — AI voice and language model providers, call-handling telephony, SMS delivery providers, cloud hosting, email delivery, payment processors (Stripe for our own subscription billing), and the merchant-authorized third parties above. These providers are bound by their own privacy policies and access only the minimum data needed to perform their function.
• The merchant whose business you called: Your contact info, appointment details, and call notes are shared with the merchant — that is the point of the service.
• Legal requirements: When required by law, regulation, or legal process.

Data Security

We implement technical and organizational measures to protect personal information, including encryption in transit (TLS) and at rest, IAM-scoped access to sensitive stores, OAuth token storage in AWS Secrets Manager, and the principle of least privilege for internal access. No method of transmission or storage is completely secure, but we follow industry-standard practices.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy or as required by law. Call recordings and transcripts are retained for quality assurance and may be deleted upon request. OAuth tokens are deleted immediately upon disconnection. Billing records are retained as required by tax and accounting regulations.

Your Rights

You have the right to:

• Request access to the personal information we hold about you
• Request correction or deletion of your personal information
• Opt out of SMS messages by replying STOP at any time
• Withdraw consent for data processing where applicable
• Revoke third-party OAuth authorizations (merchants only) at any time

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: privacy@clearshieldadvisory.com
• Address: 100 N Howard St, Suite R, Spokane, WA 99201
• Website: clearshieldadvisory.com

See also our Terms & Conditions and SMS Consent Policy.