Privacy Policy

1. Introduction and Scope

MissionOaks.dev, LLC, doing business as OzyOps ("we," "us," or "our"), located in Camarillo, California, provides AI-powered receptionist and follow-up services for businesses across multiple industries. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services.

Services Covered:

• AI Receptionist Services: 24/7 call answering, qualification, and routing
• Customer Portal: Web-based portal for managing your AI receptionist (portal.ozyops.com)
• Follow-Up Services: Automated SMS sequences and quote follow-up
• Marketing Websites: ozyops.com, health.ozyops.com, trades.ozyops.com, law.ozyops.com

By using any of our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Business Account Information

• Account Information: Name, email address, phone number, business name, address
• Account Credentials: Email-based authentication (no passwords stored — we use one-time codes)
• Billing Information: Payment details processed securely through Stripe (we do not store card numbers)
• Team Members: Names, email addresses, and roles of users you invite to your account

2.2 End User Information (Your Customers/Callers)

• Contact Details: Name, phone number, email address
• Service Requests: Type of service needed, urgency level, scheduling preferences
• Communication Records: Call recordings, transcripts, SMS history
• Healthcare (if applicable): Date of birth, insurance carrier, medication names, symptoms described during calls

2.3 Call Data

• Call Recordings: Full audio recordings of all calls handled by our AI
• Transcriptions: AI-generated text transcripts (may contain errors)
• Call Metadata: Duration, time/date, caller ID, call disposition, AI analysis
• SMS Data: Message content, timestamps, delivery status, consent records

3. How We Use Your Information

3.1 Service Delivery

• Operating the AI receptionist to answer, qualify, and route calls
• Booking appointments based on your availability rules
• Escalating emergency calls to on-call staff
• Sending automated SMS follow-up sequences
• Generating analytics and performance reports

3.2 Service Improvement

• Analyzing de-identified usage patterns to improve our platform
• Monitoring system performance and reliability
• Developing new features based on aggregated usage data

3.3 Communications

• Transactional: Billing notifications, usage alerts, service updates (cannot opt out)
• Marketing: Product announcements, feature updates (can opt out via unsubscribe link)

4. Call Recording and Transcription

4.1 Recording Practices

• Collection: All calls are recorded in full, including conversations with the AI
• Processing: Call audio is processed by Retell AI (for real-time conversation handling) and transmitted via Twilio (telephony provider)
• Storage: Processed recordings and transcripts are stored securely in our databases with AES-256 encryption
• Access: Recordings are accessible to you and your authorized team members via the OzyOps dashboard. OzyOps staff access recordings only to investigate technical issues or respond to support requests
• Retention: Call recordings are retained for 12 months from the call date

5. Data Sharing and Third Parties

We do not sell your personal information. We share information with the following service providers solely to deliver our services:

5.1 Technology Subprocessors

5.2 Healthcare-Specific

If you are a healthcare provider, all subprocessors handling Protected Health Information (PHI) have executed Business Associate Agreements (BAAs) with OzyOps. Your signed BAA is available in your account settings.

5.3 Other Disclosures

We may disclose information if required by law, legal process, or to protect the rights, property, or safety of OzyOps, our users, or others.

6. Data Security

• Encryption in Transit: TLS 1.2 or higher for all data transmission
• Encryption at Rest: AES-256 encryption for stored data
• Access Controls: Role-based access control (Owner/Manager/Viewer), audit logging
• Authentication: Email-based one-time codes, optional multi-factor authentication (TOTP)
• Healthcare MFA: Mandatory TOTP-based MFA for all healthcare vertical users
• Webhook Security: Cryptographic signature verification on all inbound webhooks

No security system is perfect. While we implement industry-standard safeguards, we cannot guarantee absolute security. You should maintain your own security practices.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Receive your data in a structured, machine-readable format
• Restrict Processing: Request that we limit how we use your data

To exercise these rights, contact us at privacy@ozyops.com. We will respond within 30 days.

8. Cookies and Tracking

• Essential Cookies: Required for authentication and security (cannot be disabled)
• Session Storage: Temporary data for user preferences (cleared on browser close)

We do not use third-party advertising trackers or sell data to advertisers.

9. Data Retention

You may request early deletion of your data in writing. Upon request, we will provide your data in a structured format within 30 days of termination.

10. Healthcare-Specific Disclosures

If you are a healthcare provider using OzyOps:

• HIPAA Compliance: We execute a Business Associate Agreement (BAA) with healthcare customers. PHI is handled per HIPAA Security Rule and Privacy Rule requirements.
• PHI in Calls: Callers may disclose health information during calls. This information is treated as PHI under our BAA and subject to HIPAA safeguards.
• Mandatory MFA: All healthcare portal users must enroll in multi-factor authentication.
• Separate Database: Healthcare call data is stored in a HIPAA-compliant database separate from non-healthcare data.
• Subprocessor BAAs: Subprocessors handling PHI (Retell AI, Neon) have executed BAAs with OzyOps. Twilio handles SMS only and does not process PHI (all SMS messages use generic, non-PHI templates).

For complete HIPAA data handling terms, see the Healthcare Addendum and Business Associate Agreement presented during account setup.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do NOT sell personal information
• Right to Non-Discrimination: We will not treat you differently for exercising your privacy rights

To exercise CCPA rights, contact privacy@ozyops.com or call us. We will verify your identity before processing requests.

12. Children's Privacy

Our services are designed for businesses, not individuals under 18. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@ozyops.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the portal dashboard. Your continued use of our services after changes constitutes acceptance of the updated policy. The "Last Updated" date at the top reflects the most recent revision.

14. Contact Us

For questions about this Privacy Policy: