Privacy Policy
Effective Date: April 6, 2026 | Last Revised: April 6, 2026
This Privacy Policy ("Policy") describes how Harmonia Solutions LLC ("Harmonia," "Company," "we," "us," or "our") collects, uses, discloses, retains, and protects information obtained through the website located at harmoniasolutions.netlify.app, the Harmonia client dashboard, our voice AI services, and any related applications, APIs, integrations, or services (collectively, the "Platform"). By accessing or using the Platform, you ("User," "you," or "your") acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must discontinue use of the Platform immediately.
1. Definitions
For the purposes of this Policy:
- "Personal Information" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household, as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable privacy laws.
- "Processing" means any operation or set of operations performed on Personal Information, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
- "Service Provider" means a third-party entity that processes Personal Information on behalf of Harmonia pursuant to a written contract that restricts the entity from retaining, using, or disclosing the information for any purpose other than performing the contracted services.
- "Google User Data" means any data obtained through Google APIs, including but not limited to Google Calendar event data, user profile information, and authentication tokens.
2. Categories of Information Collected
We collect and have collected the following categories of information within the preceding twelve (12) months:
| Category | Examples | Source |
|---|---|---|
| A. Identifiers | Full name, email address, phone number, business name, account username, IP address, unique device identifiers | Directly from you; automatically collected |
| B. Commercial Information | Subscription plan, payment history, transaction records, service usage records | Directly from you; payment processors |
| C. Internet/Electronic Activity | Browser type and version, operating system, referring URLs, pages visited, session duration, click patterns, dashboard interactions | Automatically collected via cookies and similar technologies |
| D. Audio/Visual Information | Inbound and outbound call recordings, voicemail recordings, call transcripts generated by our voice AI system | Generated through Platform voice services |
| E. Professional Information | Business type, service area, job title, industry vertical, business address | Directly from you; third-party data enrichment |
| F. Communication Records | SMS message content and metadata, email content and metadata, chat logs | Generated through Platform communication services |
| G. Calendar Data | Google Calendar event titles, dates, times, attendees (read-only access) | Google Calendar API with your explicit authorization |
| H. Geolocation Data | Approximate location derived from IP address; service area as provided by you | Automatically collected; directly from you |
| I. Inferences | Lead scores, customer intent classifications, service urgency assessments, call outcome categorizations | Generated by our AI systems from Categories A through H |
We do not collect: Social Security numbers, financial account numbers (these are handled exclusively by our PCI-compliant payment processor), biometric data, or information related to protected classifications beyond what you voluntarily provide.
3. Purposes of Processing & Legal Bases
We process your information for the following purposes:
3.1 Service Delivery (Contractual Necessity)
- Provisioning and maintaining your account and dashboard access
- Operating voice AI call handling, including real-time transcription and intent classification
- Processing inbound and outbound communications (calls, SMS, email) on your behalf
- Capturing, scoring, and routing leads from connected sources (Google LSA, Facebook, web forms, direct calls)
- Scheduling and managing appointments through integrated calendar and CRM systems
- Displaying your Google Calendar availability within the dashboard
- Generating analytics, reports, and performance metrics
3.2 Legitimate Business Interests
- Improving, testing, and refining our AI models, voice synthesis, and natural language processing capabilities
- Detecting, investigating, and preventing fraud, abuse, security incidents, and other harmful activity
- Conducting internal research and product development
- Administering billing, invoicing, and collections
3.3 Legal Compliance
- Complying with applicable laws, regulations, legal processes, or enforceable governmental requests
- Maintaining records as required by TCPA, CAN-SPAM, and state telecommunications regulations
- Responding to lawful requests from public authorities, including national security or law enforcement requirements
3.4 With Your Consent
- Accessing your Google Calendar data (you may revoke this consent at any time; see Section 7)
- Sending promotional or marketing communications (where consent is required by law)
4. Disclosure of Information
We do not sell, rent, or lease your Personal Information to third parties. We do not share your Personal Information for cross-context behavioral advertising. We may disclose information to the following categories of recipients, solely for the purposes described in this Policy:
| Recipient Category | Purpose | Examples |
|---|---|---|
| Service Providers | To perform contracted services on our behalf under written data processing agreements | Vapi (voice AI infrastructure), ElevenLabs (voice synthesis), Twilio (SMS/telephony), SendGrid (email delivery), Airtable (database), Google (calendar API, authentication) |
| CRM/Scheduling Platforms | To create and manage appointments, customer records, and service tickets at your direction | ServiceTitan, Cal.com, GoHighLevel |
| Payment Processors | To process subscription payments securely | Stripe (PCI DSS Level 1 compliant) |
| Analytics Providers | To understand Platform usage patterns and improve services | Aggregated, de-identified data only |
| Law Enforcement / Legal | When required by law, subpoena, court order, or to protect the rights, property, or safety of Harmonia, our Users, or the public | Government agencies, courts, regulatory authorities |
| Business Transfers | In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, where Personal Information may be among the transferred assets | Acquiring entity (subject to the same obligations under this Policy) |
5. Google API Services — Limited Use Disclosure
Harmonia's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- Limited Use. We only use Google User Data to provide and improve the user-facing features of the Harmonia dashboard that are visible to you. We do not use Google User Data for serving advertisements, market research unrelated to the product, or any purpose unrelated to the core functionality you authorized.
- No Unauthorized Transfer. We do not transfer Google User Data to third parties except (a) as necessary to provide or improve user-facing features of the Platform, (b) to comply with applicable laws, or (c) as part of a merger, acquisition, or asset sale, with user notice.
- No Human Reading. We do not allow humans to read Google User Data unless (a) we have obtained your affirmative consent, (b) it is necessary for security purposes (e.g., investigating abuse), (c) it is necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
- Scope of Access. We request only the minimum scopes necessary. Currently, we request
calendar.readonlyto display your calendar events within the dashboard. We do not request write access and do not modify your calendar data. - Data Storage. Google Calendar data is fetched in real-time when you access the dashboard and is not persistently stored on our servers. Authentication tokens are stored securely in your browser session and are not transmitted to our backend infrastructure.
- Revocation. You may revoke Harmonia's access to your Google data at any time by visiting Google Account Permissions. Revocation is immediate and will disable calendar features in your dashboard.
6. Cookies & Tracking Technologies
6.1 Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication, session management, security | Session / 30 days |
| Functional | Remembering your preferences (dashboard view, timezone) | 1 year |
| Analytics | Aggregated usage metrics (page views, feature adoption) | 90 days |
We do not use: Third-party advertising cookies, cross-site tracking pixels, or fingerprinting technologies.
6.2 Do Not Track
Our Platform does not currently respond to "Do Not Track" (DNT) browser signals because no uniform standard for DNT compliance has been adopted. If such a standard is established, we will update this Policy accordingly.
7. Your Privacy Rights
7.1 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
- Right to Know. You may request that we disclose the categories and specific pieces of Personal Information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties to whom we disclosed it, covering the preceding twelve (12) months.
- Right to Delete. You may request deletion of your Personal Information, subject to certain exceptions (e.g., legal compliance, completing a transaction, exercising free speech, security).
- Right to Correct. You may request that we correct inaccurate Personal Information that we maintain about you.
- Right to Opt-Out of Sale/Sharing. We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising. Accordingly, there is no need to submit an opt-out request, but we will honor any such request received.
- Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive Personal Information for purposes beyond those permitted under the CCPA/CPRA.
- Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised a privacy right.
To submit a request, contact us at privacy@harmoniasolutions.ai. We will verify your identity before processing any request. You may also designate an authorized agent to make a request on your behalf, provided you supply written authorization and we can verify your identity.
Response Time. We will acknowledge your request within ten (10) business days and provide a substantive response within forty-five (45) calendar days. If additional time is required, we will notify you of the extension and the reason, for up to an additional forty-five (45) days.
7.2 Rights Under Other State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with enacted consumer privacy laws may exercise rights substantially similar to those described in Section 7.1, to the extent required by applicable law. Contact us at privacy@harmoniasolutions.ai to exercise these rights.
7.3 Google Data Rights
Independently of any statutory rights, you may at any time:
- Revoke Harmonia's access to your Google Calendar at Google Account Permissions
- Request confirmation of whether we are currently accessing your Google data
- Request that we delete any cached or residual Google User Data (response within 72 hours)
8. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Information | Duration of account + 90 days post-termination | Contractual; grace period for reactivation |
| Call Recordings & Transcripts | 12 months from date of recording | Service delivery; TCPA compliance |
| SMS/Email Communication Logs | 24 months from date of communication | TCPA/CAN-SPAM compliance; dispute resolution |
| Billing & Payment Records | 7 years from transaction date | Tax and financial reporting obligations |
| Usage Analytics | 24 months (aggregated/de-identified) | Product improvement |
| Google Calendar Data | Not persistently stored; fetched in real-time per session | Minimization principle |
| Lead & CRM Data | Duration of account + 30 days post-termination | Contractual; data portability window |
Upon expiration of the applicable retention period, data is securely deleted or irreversibly anonymized within thirty (30) days. You may request early deletion at any time, subject to legal hold obligations.
9. Data Security
We implement administrative, technical, and physical safeguards designed to protect your information, including:
- Encryption in transit using TLS 1.2 or higher for all data transmissions
- Encryption at rest using AES-256 for stored data
- Role-based access controls limiting employee access to Personal Information on a need-to-know basis
- Regular vulnerability assessments and security audits
- Incident response procedures with notification to affected Users within seventy-two (72) hours of confirmed breach, or sooner as required by applicable law
- Vendor security assessments for all Service Providers who process Personal Information
Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and shall not be liable for unauthorized access resulting from circumstances beyond our reasonable control.
10. International Data Transfers
The Platform is operated from the United States. If you access the Platform from outside the United States, your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Platform, you consent to such transfer. Where required by applicable law, we will implement appropriate safeguards (such as Standard Contractual Clauses) to protect transferred data.
11. Children's Privacy
The Platform is not directed to, and we do not knowingly collect Personal Information from, individuals under the age of sixteen (16). If we become aware that we have collected Personal Information from a child under 16, we will take prompt steps to delete such information. If you believe a child under 16 has provided us with Personal Information, contact us at privacy@harmoniasolutions.ai.
12. AI & Automated Decision-Making
Our Platform uses artificial intelligence and machine learning technologies to:
- Score and classify inbound leads based on urgency, service type, and customer intent
- Generate real-time voice responses during telephone calls
- Transcribe and summarize call content
- Route leads to appropriate follow-up workflows
- Detect emergency situations (e.g., gas leaks) for immediate escalation
These systems process Categories A, D, E, F, and I data as described in Section 2. No solely automated decisions with legal or similarly significant effects are made about you without human review. You have the right to request information about the logic involved in automated processing and to request human review of any automated determination. Contact privacy@harmoniasolutions.ai to exercise this right.
13. Third-Party Links & Services
The Platform may contain links to third-party websites or integrate with third-party services not operated by us. This Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party service you interact with. We are not responsible for the privacy practices, content, or security of third-party services.
14. Changes to This Policy
We reserve the right to modify this Policy at any time. If we make material changes, we will provide notice through the Platform and/or via email to the address associated with your account at least thirty (30) days prior to the effective date of the changes. Your continued use of the Platform after the effective date constitutes acceptance of the revised Policy. If you do not agree with the revised Policy, you must discontinue use of the Platform before the effective date.
Non-material changes (e.g., formatting, clarifications that do not alter meaning) may be made without prior notice. The "Last Revised" date at the top of this Policy will always reflect the most recent revision.
15. Contact Information
If you have questions, concerns, or requests regarding this Policy or our data practices, contact us at:
Harmonia Solutions LLC
Privacy Inquiries
Email: privacy@harmoniasolutions.ai
General: info@harmoniasolutions.ai
If you are not satisfied with our response, you may have the right to lodge a complaint with your applicable data protection authority or state attorney general.