Privacy Policy

1. Introduction

Thea ("we," "our," or "the App") is an AI-powered voice receptionist application that integrates with your Wix site. This Privacy Policy explains how we collect, use, store, and protect your information when you use our application.

2. Information We Collect

When you install and use Thea, we collect:

• Wix Account Data: Your Wix site ID, instance ID, and OAuth tokens (encrypted at rest) to access your Wix Bookings data.
• Business Information: Business name, services, staff schedules, and availability as configured in Wix Bookings.
• Call Data: Phone numbers of callers, call duration, call transcripts, call recordings (if enabled), and booking outcomes.
• Contact Information: Caller names and phone numbers as stored in your Wix CRM.
• Usage Data: Minutes used, call counts, and plan information for billing purposes.

3. How We Use Your Information

• To provide AI voice receptionist services for your Wix Bookings
• To answer caller questions and text booking links on your behalf
• To recognize returning callers and provide personalized service
• To track usage for plan management and billing
• To improve our service quality and reliability
• To provide call logs, transcripts, and analytics in your dashboard

4. Data Storage and Security

• All OAuth tokens are encrypted at rest using AES-256-GCM encryption
• Data is stored in secure, managed databases (Supabase/PostgreSQL)
• All communications are encrypted in transit via HTTPS/TLS
• We use webhook signature verification to prevent unauthorized access
• Access to your data is limited to the permissions you grant during installation

5. Third-Party Services

We use the following third-party services to operate:

• Retell AI: Provides the AI voice conversation engine. Call audio is processed by Retell AI.
• Wix APIs: To access your bookings, contacts, and services data.
• Supabase: Secure database hosting.
• Vercel: Application hosting and edge caching.
• Sentry: Error tracking and monitoring (no personal data is sent).

6. Data Retention

We retain your data for as long as your app is installed. When you uninstall Thea, we delete your installation data, agent configuration, and associated records. Call logs may be retained for up to 90 days after uninstallation for support purposes, after which they are permanently deleted.

7. Your Rights (GDPR)

If you are located in the European Union, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, contact us at the email below.

8. Cookies

We use essential cookies only during the OAuth authorization flow (state and code verifier cookies). These are httpOnly, secure, and expire within 10 minutes. We do not use tracking cookies or third-party analytics cookies.

9. Children's Privacy

Thea is not intended for use by children under 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page.

11. Contact Us