1. Introduction
Drexify Systems LLC ("DREXIFY," "we," "us," or "our") respects your privacy and is committed to protecting the data you entrust to us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data.
This policy applies to all users of our website at drexify.tech, our AI agent platform, client dashboard, and all related services (collectively, the "Service").
2. Information We Collect
We collect the following categories of information:
Account & Business Information
- Your name, email address, phone number, and business name
- Business address, service area, and industry/niche
- Payment information (processed securely by Stripe — we do not store card numbers)
- Login credentials and authentication tokens for your client dashboard
Prospect & Customer Data
- Contact information for leads and prospects that our agents discover or that you provide (names, emails, phone numbers, business names)
- Outreach history — emails sent, opened, clicked, replied, and bounced
- SMS message logs and delivery status
- Call logs and transcripts from the Smart Receptionist agent
- Booking and appointment records
- Review request history and outcomes
Usage & Analytics Data
- Dashboard access logs (login times, pages viewed)
- Agent performance metrics (delivery rates, open rates, response rates)
- Browser type, device type, and IP address when accessing our website or dashboard
- Referring URLs and pages visited on drexify.tech
3. How We Use Your Information
We use the information we collect to:
- Operate our agents — send outreach emails, handle inbound calls, confirm bookings, request reviews, and process payments on your behalf
- Manage your account — authenticate your access, process billing, and provide customer support
- Improve the Service — analyze aggregate performance data to optimize agent effectiveness, delivery rates, and platform reliability
- Communicate with you — send account notifications, billing receipts, service updates, and respond to your inquiries
- Comply with legal obligations — maintain records as required by law, respond to legal requests, and enforce our Terms of Service
4. Third-Party Services
We share specific data with third-party services solely to deliver the functionality of our platform. Here is what each service receives:
- Stripe — your billing information (name, email, payment method) for subscription processing. Stripe is PCI-DSS compliant. Stripe Privacy Policy
- SendGrid / Brevo — recipient email addresses and email content for outreach delivery. SendGrid Privacy Policy
- Twilio — recipient phone numbers and message content for SMS delivery. Twilio Privacy Policy
- Vapi — caller phone numbers and call audio for AI voice call handling. Vapi Privacy Policy
- Calendly — appointment details (name, email, time) for booking management. Calendly Privacy Policy
- Supabase — all platform data is stored in our Supabase database (hosted infrastructure). Supabase Privacy Policy
- Brave Search — business names and locations for lead research and discovery. No personal customer data is sent to Brave.
We do not sell, rent, or trade your data to any third party for marketing or advertising purposes. Period.
5. Data Storage & Security
All client and prospect data is stored in our Supabase database with the following protections:
- Encryption — data is encrypted in transit (TLS) and at rest
- Tenant isolation — each client's data is logically isolated. Your data is never mixed with or accessible by other clients.
- Access controls — database access is restricted to authenticated API calls with client-specific tokens
- Infrastructure — our platform runs on secure cloud infrastructure with regular security updates
While we implement commercially reasonable security measures, no system is 100% secure. We cannot guarantee absolute security, but we take every reasonable step to protect your data.
6. Data Retention
We retain your data according to the following schedule:
- Active subscription: All data is retained and accessible for the duration of your subscription.
- After cancellation (0–30 days): Your data remains stored and available for export. Contact us at team@drexify.tech to request an export in CSV or JSON format.
- After cancellation (31–90 days): Your data enters a deletion queue and is no longer accessible.
- After cancellation (90+ days): All client data is permanently deleted from our systems, including backups.
Anonymized, aggregate analytics data (which cannot identify you or your customers) may be retained indefinitely to improve our Service.
7. No Selling of Data & No AI Training
We want to be explicit about this:
- We never sell your data to anyone, for any reason.
- We never share your data with data brokers, advertisers, or marketing platforms.
- We never use your client data, prospect data, or customer data to train AI models — ours or anyone else's.
- Your data exists solely to power the agents running for your business.
8. Cookies
Our use of cookies is minimal:
- Session cookies — used to maintain your login state on the client dashboard. These expire when you close your browser or after your session times out.
- Analytics cookies — we may use basic analytics to understand how visitors interact with drexify.tech (page views, traffic sources). This data is aggregate and does not identify individuals.
We do not use advertising cookies, tracking pixels from ad networks, or cross-site tracking of any kind.
9. Children's Privacy
DREXIFY is a business-to-business service designed for use by business owners and their authorized representatives. Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at team@drexify.tech and we will promptly delete it.
10. California Privacy Rights
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know — You can request details about the categories and specific pieces of personal information we have collected about you.
- Right to Delete — You can request that we delete your personal information, subject to certain exceptions (such as legal compliance obligations).
- Right to Opt-Out of Sale — We do not sell personal information. This right is automatically satisfied.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.
- Right to Correct — You can request correction of inaccurate personal information.
To exercise any of these rights, email us at team@drexify.tech with the subject line "California Privacy Request." We will respond within 45 days.
11. CAN-SPAM Compliance
All outreach emails sent through the DREXIFY platform comply with the CAN-SPAM Act:
- Every email includes accurate sender identification (the "From" name and address)
- Subject lines are never deceptive or misleading
- Every email contains a valid physical mailing address
- Every email includes a clear, one-click unsubscribe link
- Unsubscribe requests are honored within 10 business days
- We do not use harvested email addresses or purchased lists
If you receive an outreach email from a DREXIFY-powered agent and wish to unsubscribe, use the unsubscribe link in the email. Your request will be processed promptly.
12. SMS / Text Messaging Terms (A2P 10DLC)
DREXIFY sends transactional SMS / text messages on behalf of our business customers (the "Service Providers") to their end customers ("you"). The following terms apply to all SMS communications sent through the DREXIFY platform:
12.1 How You Opt In
You consent to receive SMS messages from a Service Provider through one or more of the following clearly identified opt-in paths:
- Inbound phone call — When you call a Service Provider's phone number, our AI receptionist confirms your intent and explicitly asks for your preferred contact method. By providing your mobile number and confirming SMS as a preferred channel during that call, you are opting in to transactional SMS related to your inquiry.
- Web form submission — When you submit a contact form, booking form, or audit request on the Service Provider's website or on drexify.tech, the form clearly states (adjacent to the submit button) that submission constitutes consent to receive transactional SMS related to your request. The consent box is never pre-checked by default.
- In-person service — When you provide your mobile number to a Service Provider at the point of in-person service, you are informed verbally that you will receive transactional SMS regarding your service (appointment confirmations, reminders, invoices, etc.).
Consent is required before any SMS is sent. We never purchase mobile numbers, never use harvested lists, and never share your number or consent record with third parties for marketing purposes.
12.2 Message Types You May Receive
Messages sent through DREXIFY are transactional only, limited to the active service relationship between you and the Service Provider. They include:
- Appointment confirmations after booking
- Appointment reminders (24-hour and same-day)
- Notifications when your service is on its way
- Review request after a completed service
- Invoice notifications when payment is due
- Payment receipts and reminders for unpaid invoices
- Operational follow-ups related to your service
We do not send marketing, promotional, or third-party advertising content through SMS via DREXIFY. SMS is reserved exclusively for transactional communication tied to your existing service relationship.
12.3 Message Frequency
Message frequency varies based on your service activity. A typical customer receives between 2 and 10 messages per active service engagement. You may receive more messages during peak service activity (e.g., the days surrounding a scheduled appointment).
12.4 How to Opt Out (STOP / UNSUBSCRIBE)
You may opt out of SMS at any time by replying with any of the following to any message you receive: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT.
Upon receiving an opt-out keyword, we will immediately stop sending SMS to your number from the relevant Service Provider and send a single confirmation message acknowledging the opt-out. Subsequent operational communications, if any, will be delivered via email or phone instead.
12.5 How to Get Help (HELP / INFO)
For help, reply HELP or INFO to any message and you will receive an automated reply with the Service Provider's contact information plus DREXIFY support contact (team@drexify.tech).
12.6 Carriers and Rates
SMS messages are delivered via U.S. mobile carriers including (but not limited to) AT&T, Verizon, T-Mobile, and Sprint. Message and data rates may apply from your wireless carrier based on your individual plan. DREXIFY does not charge for SMS; any costs come from your carrier.
Mobile carriers are not liable for delayed or undelivered messages.
12.7 No Sharing of Mobile Information
Mobile information collected for the purpose of SMS opt-in (including your phone number and consent record) will not be shared with third parties or affiliates for marketing or promotional purposes. SMS consent is not transferred to any third party.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify active subscribers via email at least 15 days before the changes take effect. The "Effective Date" at the top of this page will always reflect the most recent revision.
We encourage you to review this policy periodically to stay informed about how we protect your data.
13. Contact
If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a concern: