Privacy Policy
Effective Date: April 30, 2026
This Privacy Policy describes how 2 Acre Studios (d/b/a 2 Acre AI) ("we," "us," "our") collects, uses, and shares information in connection with the website 2acreai.com (the "Site") and our AI voice receptionist services (the "Services").
This Policy applies to two distinct categories of people: (a) visitors and prospects who interact with our Site, and (b) end-customers of our paying business clients whose phone calls are answered by our AI receptionist on behalf of the business.
1. Information we collect
1.1 From Site visitors and prospects
When you visit the Site or interact with us, we may collect:
- Information you provide directly: name, business name, email, phone number, city, and call-volume estimates submitted through the missed-call calculator at /assessment, the signup form at /signup, or by contacting us.
- Automatically collected: IP address, browser type, device type, pages viewed, referrer, and timestamps. We use Cloudflare's privacy-friendly Web Analytics, which does not set cookies and does not fingerprint visitors.
- From cookies: we use only strictly necessary cookies (e.g., session cookies for the assessment flow). We do not use advertising or third-party tracking cookies.
1.2 From paying business clients
When a business signs up for the Services, we collect:
- Business information: legal name, DBA, owner name, business address, service area, business hours, services offered, pricing, dispatch contact information.
- Account information: login email, password (hashed), authorized user contacts.
- Billing information: name, billing address, last four digits of payment card, processed and stored by Stripe, Inc.; we do not store full card numbers.
1.3 From end-customers (callers)
When an individual calls a phone number operated by 2 Acre AI on behalf of one of our business clients, the AI receptionist may collect:
- Caller's name (as stated by the caller)
- Caller's phone number (from caller ID and as stated)
- Service address (as stated by the caller)
- Description of the problem or service requested
- Audio recording of the call
- Text transcript of the call
- Any other information voluntarily disclosed during the call
The recording-disclosure announcement at the start of each call notifies callers that the call is recorded.
2. How we use information
We use the information we collect to:
- Provide, operate, and improve the Site and the Services.
- Communicate with you about the Site, the Services, billing, support, and legal matters.
- Configure and operate the AI receptionist on behalf of business clients (including booking appointments, sending SMS summaries, and routing review requests).
- Respond to inquiries submitted through the assessment, signup, or contact forms.
- Comply with legal obligations and enforce our terms.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
We do not sell personal information. We do not use Site-visitor information for behavioral advertising. We do not use end-customer call data to train AI models for any purpose other than the specific business client whose receptionist handled the call, and only with that client's authorization.
3. How we share information
We share information with:
- Subprocessors who provide infrastructure for the Services. A current list is in the Data Processing Agreement available at /legal/dpa, but as of the Effective Date includes: Vapi (telephony orchestration), Anthropic (conversational AI), Deepgram (speech-to-text), ElevenLabs (text-to-speech), Twilio (telephony and SMS), Cloudflare (hosting, DNS, security), Stripe (payment processing), and Resend (transactional email).
- Our paying business clients. End-customer call data is shared with the specific business whose receptionist handled the call, because that's the entire point of the service.
- Legal authorities when required by valid legal process or to protect the rights, property, or safety of 2 Acre AI, our customers, or others.
- Successors in connection with a merger, acquisition, or sale of substantially all of our assets, subject to confidentiality obligations consistent with this Policy.
We do not share information with third parties for their independent marketing purposes.
4. Data retention
| Category | Retention period |
|---|---|
| Site analytics | 90 days |
| Assessment submissions | 24 months from submission, then deleted |
| Signup form information (if no purchase) | 12 months from submission |
| Active client account data | For the duration of the engagement plus 90 days after termination |
| Call audio recordings | 90 days from the call, then permanently deleted |
| Call transcripts | 12 months from the call, then deleted unless the client requests longer retention |
| Billing records | 7 years (tax and accounting requirements) |
Business clients may request earlier deletion of their account data by writing to [email protected]. We will honor such requests within thirty (30) days, subject to our legal retention obligations.
5. Your rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: request a copy of the personal information we hold about you.
- Correction: request correction of inaccurate information.
- Deletion: request deletion, subject to our legal retention obligations.
- Objection: object to certain processing activities.
- Portability: request a machine-readable export.
- Withdrawal of consent: where processing is based on consent.
To exercise any of these rights, email [email protected]. We will respond within thirty (30) days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right not to be discriminated against for exercising your rights. We do not "sell" personal information as that term is defined under the CCPA.
If you are an end-customer of one of our business clients (i.e., your call was answered by our AI receptionist), the business client is the controller of your information and you should direct privacy requests to them in the first instance. We will assist that business client in fulfilling your request.
6. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, or destruction. These include:
- TLS encryption for all data in transit
- AES-256 encryption for data at rest in our database
- Access controls and audit logs for production systems
- Subprocessor agreements requiring equivalent safeguards
- A documented incident-response procedure with seventy-two (72) hour notification commitments
No system is completely secure. If you suspect a security issue, please email [email protected].
7. Children
The Services are intended for businesses, not individuals under 18. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us at [email protected] and we will delete it.
8. International users
The Services are operated in the United States and are intended for U.S. business customers. If you access the Services from outside the United States, you consent to the transfer and processing of your information in the United States, where data-protection laws may differ from those in your jurisdiction.
9. Changes to this Policy
We may update this Privacy Policy from time to time. The "Effective Date" at the top will reflect the latest version. Material changes will be communicated by email to active business clients. Continued use of the Site or Services after a change becomes effective constitutes acceptance of the updated Policy.
10. Contact
For privacy questions or to exercise your rights:
2 Acre Studios (d/b/a 2 Acre AI) Pittsburgh, Pennsylvania, United States [email protected] +1 (412) 407-6170