Privacy Policy

Effective date: February 19, 2026

Amfion LLC (“Amfion,” “we,” “us,” or “our”) provides an AI-powered booking platform that helps service businesses manage appointments through conversational AI. This Privacy Policy explains how we collect, use, share, and protect personal information when you interact with our platform — whether you are a business using Amfion (“Tenant”) or a customer booking an appointment through one of our Tenants (“End Customer”).

We believe privacy policies should be clear and readable. Where a section has legal implications, we’ve included a plain-language summary in bold at the top.

1. Our Role: Data Controller vs. Data Processor

In short: When a business uses Amfion to serve their customers, the business decides what data to collect. We process that data on their behalf.

  • As a Data Processor: When End Customers interact with an AI booking assistant powered by Amfion, we process personal data on behalf of the Tenant (the business). The Tenant is the Data Controller and determines how and why End Customer data is collected. We process this data only as instructed under our agreement with the Tenant.
  • As a Data Controller: We act as a Data Controller for information we collect directly, such as when you create an Amfion account, visit our website, or contact our support team.

2. Information We Collect

2a. From Tenants (Business Customers)

When you create an Amfion account and set up your workspace, we collect:

  • Account information: Email address and password (password is hashed and never stored in plain text)
  • Business profile: Business name, phone number, email, website URL, physical address, business hours, and timezone
  • Branding preferences: Logo, colors, fonts, hero images, and custom messaging
  • Service configuration: Service names, descriptions, durations, pricing, FAQs, and business policies
  • Integration credentials: API keys for connected services (e.g., Cal.com). These are encrypted at rest using our database provider’s vault feature and are never stored in plain text.

2b. From End Customers (People Booking Appointments)

When you chat with an AI booking assistant or manage your appointments, we collect:

  • Contact information: Name, email address, and optionally phone number (collected during the booking process)
  • Conversation data: Messages you exchange with the AI assistant, including booking requests, questions, and responses
  • Booking details: Service selected, appointment date and time, booking status, and any notes you provide
  • Technical data: A one-way hash of your IP address (we do not store your full IP address), browser type, and session identifiers

2c. Automatically Collected Information

  • Session data: We generate a unique session ID for each chat conversation. Sessions expire after 24 hours.
  • Authentication tokens: If you access the appointment management portal, we use a cryptographically signed token (not a cookie) to verify your identity. These tokens expire after 90 days.
  • Bot verification: We may use Cloudflare Turnstile to verify that chat interactions come from real people, not automated bots. This sends limited technical data to Cloudflare.

3. How We Use Your Information

In short: We use your data to provide the booking service you’re using. We don’t sell it, and we don’t use it for advertising.

For End Customers, we use your information to:

  • Process your messages through our AI assistant to help you book appointments
  • Create, confirm, reschedule, or cancel appointments on your behalf
  • Provide access to your appointment management portal
  • Maintain conversation context within your chat session

For Tenants, we use your information to:

  • Create and maintain your Amfion workspace
  • Configure your AI booking assistant with your business details
  • Connect to your calendar and scheduling systems
  • Provide customer support and account management

For all users, we use information to:

  • Protect against fraud, abuse, and unauthorized access
  • Comply with legal obligations
  • Improve and maintain the security and reliability of our platform

4. AI Processing and Third-Party Services

In short: When you chat with a booking assistant, your messages are processed by Anthropic’s AI. They do not use your data to train their models.

4a. Anthropic (AI Processing)

Our AI booking assistants are powered by Anthropic’s Claude models. When you send a message to a booking assistant:

  • Your message, along with relevant business context (service details, availability, business hours), is sent to Anthropic’s API to generate a response
  • Anthropic processes this data solely to generate the response and does not use it to train their AI models under their commercial terms
  • Conversation history within your session is included for context so the assistant can follow the flow of your conversation

4b. Cal.com (Scheduling)

When a booking is created, your name, email, phone number (if provided), and appointment details are shared with Cal.com, our scheduling infrastructure provider, to create and manage the calendar event. Cal.com maintains SOC 2 Type II and ISO 27001 certifications.

4c. Supabase (Database and Authentication)

We use Supabase to securely store account data, conversation history, and booking records. Supabase provides encryption at rest, row-level security, and encrypted vault storage for sensitive credentials.

4d. Cloudflare (Security)

We use Cloudflare for DNS management, DDoS protection, and optional bot verification (Turnstile). When bot verification is enabled, limited technical data (such as your IP address) is sent to Cloudflare to confirm you are a real person.

5. Data Sharing

We do not sell your personal data. We never have, and we never will.

We share personal data only in these circumstances:

  • With the Tenant: End Customer data (name, contact information, booking details, chat transcripts) is accessible to the business you are booking with. They are the Data Controller for this information.
  • With service providers: We share data with the third-party providers listed in Section 4 above, solely to operate the platform. Each provider is bound by data processing agreements.
  • For legal compliance: We may disclose data if required by law, court order, or government request, or to protect the rights, safety, or property of Amfion, our users, or the public.
  • Business transfers: If Amfion is acquired or merges with another company, personal data may be transferred as part of that transaction. We will notify affected users before their data becomes subject to a different privacy policy.

6. Data Retention

In short: We keep data as long as it’s needed for the purpose it was collected.

  • Chat sessions: Active for 24 hours. Conversation history is retained for audit and service quality purposes.
  • Booking data: Retained for as long as the Tenant’s account is active, plus any period required by law.
  • Appointment portal tokens: Expire after 90 days.
  • Tenant account data: Retained while the account is active. Upon account deletion, data is removed within 30 days, except where retention is required by law.
  • Audit logs: Retained for compliance and security purposes.

7. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for stored data and sensitive credentials
  • Row-level security ensuring Tenants cannot access each other’s data
  • Rate limiting and bot protection on all public endpoints
  • IP address hashing (we never store your full IP address)
  • Cryptographic signing for authentication tokens (HMAC-SHA256)
  • Webhook signature verification for third-party integrations

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data.

For all users:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Data portability: Request your data in a structured, machine-readable format

Additional rights under GDPR (EU/EEA/UK residents):

  • Restriction: Request that we limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time
  • Lodge a complaint: You have the right to file a complaint with your local data protection authority
  • Human intervention: You have the right to request human review of any decision made solely by automated processing that significantly affects you

Additional rights under CCPA (California residents):

  • Know: Right to know what personal information we collect and how it is used
  • Delete: Right to request deletion of your personal information
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights
  • No sale: We do not sell personal information as defined by the CCPA

End Customers: Because we process your data on behalf of the business you booked with, we recommend first contacting the business directly. If they are unable to assist, you may contact us at admin@amfionhq.com.

Tenants: Contact us at admin@amfionhq.com. We will respond within 30 days.

9. International Data Transfers

Amfion is based in the United States. If you are accessing the platform from outside the United States, your data will be transferred to and processed in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission and other applicable safeguards. Our sub-processors (Anthropic, Cal.com, Supabase) maintain their own data transfer mechanisms in compliance with applicable law.

10. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data under the following legal bases:

  • Contract performance: Processing chat messages and creating bookings that you request
  • Legitimate interests: Platform security, fraud prevention, and service reliability
  • Legal obligations: Compliance with applicable laws and regulations
  • Consent: Where specifically required (e.g., optional marketing communications)

11. Children’s Privacy

Amfion is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us at admin@amfionhq.com and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify Tenants by email and update the effective date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us: