Privacy Policy

Last updated: July 13, 2026

1. Who this covers

PlumbDesk, operated by Anthracite AI in Charlotte, North Carolina, is an AI phone-answering service for local service businesses. This policy covers two groups of people:

Our customers — the businesses that sign up (account holders and their staff). For your data, we are the data controller.

Callers— people who call a business that uses PlumbDesk. If that’s you: we answer the phone on behalf of the business you called, and we process your call as that business’s service provider. The business you called decides how your information is used; §6 explains your options.

2. What we collect

Account information: business name, contact name, email, phone numbers, business details you give us (hours, services, pricing, service area, staff names and phone numbers for routing), and login credentials (passwords are stored only as salted hashes; Google sign-in shares your name and email with us).

Payment information:handled by Stripe. We receive and store your card’s brand and last four digits, your billing history, and your prepaid credit ledger. We never see or store full card numbers.

Call data:for every call the agent answers — the caller’s phone number (caller ID), the time and duration, a text transcript, and the details the caller shares (typically name, callback number, address, and the job). Audio recordings are kept only when the business has recording turned on, in which case callers hear a disclosure at the start of the call.

Messages:the content and delivery status of texts and emails the service sends and receives on the business’s behalf (lead alerts, confirmations, reminders, follow-ups, replies including STOP requests).

Usage and technical data: standard web logs (IP address, browser), dashboard activity, and service metrics. We use minimal operational cookies for sign-in sessions; we do not run third-party advertising trackers.

3. How we use it

To run the service: answering and routing calls, capturing and delivering leads, booking jobs, sending the business’s texts and emails, billing prepaid credit and subscriptions, preventing fraud and abuse, providing support, and meeting legal obligations. We also use aggregated, de-identified metrics (call volumes, durations, feature usage) to improve the service.

We do not sell personal information. We do not share it for advertising. We do not use your call recordings or transcripts to train AI models. Call content is sent to our AI providers only to process the call itself (§4).

4. Who processes data for us (subprocessors)

We share data only with the vendors needed to operate the service, under contracts limiting them to processing on our instructions:

Vapi (voice-call orchestration) · Twilio (telephony and SMS) · Deepgram (speech-to-text) · ElevenLabs (text-to-speech) · Anthropic (the language model that powers the agent) · Stripe (payments) · Resend (email delivery) · Neon (database) · Vercel (hosting) · Google (calendar booking and optional sign-in, §8).

Beyond subprocessors, we disclose data only: to the business whose line we answer (callers’ data goes to the business they called — that’s the product); when the law requires it (valid legal process); or as part of a merger, acquisition, or sale of the PlumbDesk business, in which case this policy continues to apply to data transferred.

5. How long we keep things

Call recordings: kept for up to 12 months, or until the business deletes them or turns recording off going forward — whichever comes first.
Transcripts and lead details:kept while the business’s account is active (they are the customer’s call history).
Account and billing records: kept while the account is active and as required for tax and accounting afterward.
After an account closes: the customer has 30 days to request an export; we then delete customer data on a rolling schedule, keeping only what the law requires.

6. If you called a business that uses PlumbDesk

The AI receptionist answered because the business forwarded its calls to us. What you shared (your name, number, and the job) was delivered to that business so they can call you back — the same as any answering service or voicemail.

If recording was on, you heard a disclosure at the start of the call. To have your information corrected or deleted, the fastest path is contacting the business you called (they own their customer records). You can also email us at privacy@plumbdesk.ai and we’ll route your request; where we can act, we honor verified deletion requests within 30 days unless the record must be kept by law.

7. Text messaging (consent and opt-out)

Phone numbers are collected from callers during calls, from business owners at signup, and from lists the business uploads (for which the business is responsible for consent). Message frequency varies by activity. Message and data rates may apply. Reply STOP to any message to opt out — we honor STOP immediately across that sender — and HELP for help.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text-messaging originator opt-in data and consent are not shared with anyone.

8. Google user data

Two optional features use Google: calendar booking(the service creates and checks events on a dedicated booking calendar so jobs land on the business’s schedule) and “Sign in with Google” for the customer dashboard (we receive your name and email to sign you in).

PlumbDesk’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google data is used only to provide these user-facing features: it is never used for advertising, never sold, never used to train AI models, and never read by humans except with your permission, for security, or to comply with law. You can revoke access anytime at myaccount.google.com/permissions.

9. Security

Data is encrypted in transit (TLS) and at rest with our hosting and database providers; stored OAuth tokens are additionally encrypted at the application layer. Access is limited to what operating the service requires, webhooks are signature-verified, and payments never touch our servers in raw form. No system is perfectly secure — if a breach affects your data, we’ll notify you as the law requires.

10. Your choices and rights

Customers can access and edit their business data in the dashboard, export their data (email us), turn call recording on or off, control auto-refill and budgets, and close their account at any time. Depending on where you live, you may have legal rights to access, correct, delete, or port personal information — email privacy@plumbdesk.ai and we’ll honor verified requests within 30 days. We don’t discriminate against anyone for exercising privacy rights.

The service is for businesses and isn’t directed at children under 18; we don’t knowingly collect children’s data.

11. Changes and contact

If we change this policy materially, we’ll notify customers by email or dashboard notice before the change takes effect and update the date at the top.

Anthracite AI (PlumbDesk) · Charlotte, NC · privacy@plumbdesk.ai