What we collect, why, who processes it on our behalf, and your rights — in as plain English as the law allows.
Effective date / last updated: June 6, 2026. We review this policy at least every 12 months and on any material change to our data practices.
This Privacy Policy explains how Vanced Corporation, a Delaware C-Corporation (“Vanced Corporation,” “we,” “us,” or “ServicePilot”), the operator of the ServicePilot service (the “Service”), collects, uses, discloses, and protects personal information. We will not make material changes to this notice silently — material changes are notified and dated before they take effect.
The operator of the Service is Vanced Corporation. For privacy questions, data-subject requests, or legal notices:
We handle personal information in two distinct capacities, and your rights differ depending on which applies:
Your business information (we are controller). Your business name, the name and contact details of your representatives, login and account identifiers, plan selection, billing-related metadata received from our payment processor, usage records (such as message and call volume), and any support correspondence.
Your end-customers’ data (we are processor on your behalf). The contact and CRM data you provide or that flows into your account through the Service — such as your contacts’ names, phone numbers, email addresses, appointment and booking details, message and call history, review interactions, and any notes or custom fields you maintain. We process this data solely to operate the Service’s features for you (for example, missed-call text-back, online booking, review automation, and the AI receptionist).
We use personal information to: (a) set up, provide, operate, and maintain the Service for you; (b) deliver the automations in your plan, including sending messages and placing calls on your behalf and at your direction; (c) authenticate and isolate your account; (d) bill your subscription and meter pay-as-you-go usage; (e) provide support; (f) protect the security and integrity of the Service; and (g) comply with legal obligations. We do not sell personal information, and we do not use your end-customers’ data to build profiles for our own purposes or to train artificial-intelligence models for unrelated products.
We rely on the following third parties to provide the Service. They process data on our behalf under contractual data-protection obligations:
| Subprocessor | Role | Data involved |
|---|---|---|
| GoHighLevel | Underlying CRM and marketing-automation platform on which the Service runs | Your business account data and your end-customers’ CRM data |
| Telephony / SMS provider (e.g., Twilio) | Delivery of text messages and phone calls | Recipient phone numbers, message and call content and metadata |
| Stripe | Payment processing for subscription and usage charges | Your business billing details and payment metadata |
We do not sell or rent personal information, and we do not disclose your end-customers’ data to anyone other than the subprocessors above (and as required by law), except on your instructions.
Our subprocessors may process data in the United States and other countries. Where personal data originating in the EEA or UK is transferred internationally, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and equivalent UK safeguards), and the data-processing terms of our subprocessors are incorporated by reference.
We retain your end-customers’ data only for as long as we provide the Service to you, on your instructions. We retain your business account and billing records for as long as your account is active and thereafter as needed for legal, tax, and recordkeeping obligations. On termination, and on request, we will provide an export and then delete or return your stored data within a commercially reasonable period, except where retention is legally required. You may request deletion at any time using the contact details above.
We apply reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption in transit, access controls, and per-account isolation so one Customer’s data does not cross to another’s. No method of transmission or storage is perfectly secure, but we work to protect your data and to honor the security commitments of our subprocessors.
If you are in the EEA or UK, you have the right to access, rectify, erase, restrict, and port your personal data, to object to processing, and to withdraw consent where processing is based on consent. You may also lodge a complaint with your local supervisory authority. Our lawful bases for data we control are Article 6(1)(b) (performance of our contract with you) for operating the Service and billing, and Article 6(1)(f) (legitimate interests) for support and security.
Where the request concerns your end-customers’ data, that data is controlled by you, our Customer business, not by us. If an individual contacts us about data in your account, we will refer them to you as the controller and assist you as your processor in responding.
If you are a California resident, you have the rights to know/access, delete, and correct your personal information, and to opt out of the sale or sharing of personal information and to limit use of sensitive personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA, so we do not offer a “Do Not Sell or Share My Personal Information” link; this statement serves in its place. You have the right not to be discriminated against for exercising these rights. To exercise any right, email us at hello@servicepilot.studio; we will verify your request and respond within the legally required timeframes.
With respect to data processed on your behalf, we act as a service provider: we process it only for the limited business purpose of providing the Service, do not sell or share it, and do not retain, use, or disclose it for any other purpose.
The Service is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 16 (or under 13 where applicable). If you believe a child’s information has reached us, contact us and we will delete it.
We will post any updated policy here with a new effective date. For material changes affecting how we use personal information, we will provide notice before the change takes effect. We do not make silent material changes.
ServicePilot is a service operated by Vanced Corporation, a Delaware C-Corporation. Legal notices and privacy requests: hello@servicepilot.studio / 2810 N Church St STE 88480, Wilmington, DE 19802.