SECURITY AND DATA POLICY (Global)

Last Updated: Oct 06, 2025

1) Purpose and Scope

This policy describes how Hilcore Group LLC protects the confidentiality, integrity, and availability of data processed by AI Receptionist for global clients.

2) Data Processed (Summary)

Identification/Contact: name, company, email, phone/WhatsApp, country. Service Operations: messages (text/voice), appointments, schedules, preferences, logs. Billing: data necessary for payments (via Stripe). Usage/Analytics: IP, device, performance, and product metrics.

3) Security Principles

Minimum privilege & need-to-know: strictly necessary access. Encryption in transit (TLS 1.2+). Encryption at rest when provided by our vendors (e.g., Stripe, cloud). Access Management: MFA for personnel, key rotation, periodic review. Backups and continuity: scheduled copies and recovery procedures. Logging and monitoring: audit of relevant events and alerts. Secure Development: reviews, environment separation, and pre-deployment testing. Vulnerability Management: regular patching and corrections prioritized by severity. Vendor Security: data processing agreements and risk assessments.

4) Sub-processors (Third Parties)

We work with vendors under contract and reasonable security measures, including: Stripe (payments), Meta/WhatsApp and/or official WhatsApp Business providers, LeadConnector/GHL (automation), OpenAI (text/voice processing depending on configuration), and cloud/analytics/support infrastructure. An updated list is available upon request at [email protected].

5) International Transfers

Data may be hosted or processed in the United States or other jurisdictions. We apply Standard Contractual Clauses (SCCs) and appropriate technical/organizational measures.

6) Incidents and Notification

In the event of an incident compromising personal data, we will follow a response plan, assess the impact, and notify clients/authorities when required by law.

7) Retention and Deletion

We retain data while the account is active and for legal timeframes (e.g., tax purposes). Upon request, we export and delete data according to technical and legal procedure.

8) Client Responsibilities

Maintain secure credentials (do not share; use 2FA where possible). Use the service in accordance with law and WhatsApp/Meta policies. Obtain consent from your contacts where applicable. Notify us without delay of unauthorized access.

9) Vulnerability Reporting

If you detect a vulnerability, please write to us at [email protected] with technical details. We will cooperate to resolve it promptly.

10) Contact

Any security or data inquiries: [email protected] This policy complements the current Privacy Policy and Terms and Conditions.