Privacy Policy
1. Who We Are
Lexa AI Services ("we", "us", "our") operates the Lexa AI voice receptionist platform at itslexa.com. We are registered in India under GST number 37AEXPE6187P1ZC. Our founder and data contact is Eppili Naveen — eppili.naveen@itslexa.com.
2. What Data We Collect
| Data Type | Source | Purpose |
|---|---|---|
| Business name, email, phone | Onboarding form | Account setup, billing, support |
| Business address, website | Onboarding form | Configure Lexa for your business |
| Caller phone numbers | Twilio — inbound calls | Booking, SMS confirmations |
| Caller names | Spoken during call | Personalised greetings |
| Booking details | Call conversation | Appointment management |
| Call logs & transcripts | AI processing | Service quality, troubleshooting |
3. How We Use Your Data
- To operate the Lexa AI voice receptionist on your behalf
- To send booking confirmation SMS to callers and business owners
- To personalise greetings for returning callers
- To send weekly performance reports to business owners
- To process subscription billing via Paddle
- To improve the accuracy and response quality of Lexa
4. Service Providers (Subprocessors)
We use the following service providers solely to deliver the Service on our behalf. They are not permitted to use your data for their own purposes, and we do not share SMS opt-in data or consent with any third party for marketing.
- Twilio — Phone number provisioning and SMS delivery
- Groq AI — Speech intent classification (extractor model)
- ElevenLabs — Text-to-speech voice synthesis
- Supabase / AWS — Database hosting and storage
- Paddle — Subscription billing and payment processing
- Google — Calendar sync (optional, owner-authorized)
We do not sell your data or your customers' data to any third party, ever. Information is shared only with the service providers above, strictly to operate the Service.
SMS Data Sharing Policy: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All SMS opt-in data and consent will not be shared with any third parties. This includes text messaging originator opt-in data and consent records.
5. Google Calendar Integration
If you choose to connect your Google Calendar, Lexa AI requests permission to view and create events on the calendar you authorize, using the https://www.googleapis.com/auth/calendar.events scope. We use this access for a single purpose: to add, update, or remove appointment events on your calendar when you confirm a booking in your Lexa dashboard.
- We access your Google Calendar only to write and manage appointment events you have approved.
- We do not read, store, sell, or share your existing calendar events for any other purpose.
- We do not use Google user data for advertising, marketing, or training AI models.
- You can disconnect Google Calendar at any time, which revokes Lexa's access.
Lexa AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
6. SMS Messaging
When a customer calls a business using Lexa AI and books an appointment, they may receive transactional SMS messages including booking confirmations, appointment reminders, and cancellation notices. Before completing any booking, the caller is verbally informed that a confirmation SMS will be sent to their phone number, that message and data rates may apply, and that they can reply STOP to opt out. See our SMS Consent & Opt-In page for the full disclosure and a sample call transcript.
- Program name: Lexa AI appointment notifications
- Message types: Booking confirmations, 24-hour reminders, 2-hour reminders, cancellation notices
- Message frequency: Varies — typically 2 to 3 messages per appointment booked
- Message and data rates may apply depending on your mobile carrier plan
- To opt out: Reply STOP to any message to unsubscribe immediately
- For help: Reply HELP or email eppili.naveen@itslexa.com
7. Data Storage & Security
All data is stored in Supabase (PostgreSQL) hosted on AWS infrastructure, with encryption at rest and in transit (TLS 1.2+). Google OAuth tokens are encrypted and stored securely; they are never exposed to your browser or any third party. Access is restricted by role-based permissions. We follow industry-standard security practices.
8. Data Retention
Booking and customer records are retained for 12 months after last activity. Call logs are retained for 90 days. Upon subscription cancellation, data is retained for 30 days then permanently deleted, unless retention is required by applicable law.
9. Your Rights
You may request access to, correction of, or deletion of your personal data at any time. Email eppili.naveen@itslexa.com — we will respond within 30 days. For customers in the EU or UK, standard GDPR rights apply.
10. Cookies
Our website uses minimal cookies for dashboard authentication only. We do not use advertising cookies, tracking pixels, or third-party analytics.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify subscribers of material changes by email. Continued use of the Service after changes constitutes acceptance.
Privacy questions: eppili.naveen@itslexa.com — we reply within the hour.