Legal
Privacy Policy
Last updated: April 18, 2026 · Effective immediately
Short version: We collect the minimum data needed to operate the product, we don't sell your data, we don't train AI models on your conversations, and you can request deletion at any time by emailing
privacy@prairievision.ai.
1. Who we are
AppointmentAI is operated by Prairie Vision Inc, a corporation headquartered in Mandan, North Dakota, United States. For the purposes of this policy, "we," "us," and "our" refer to Prairie Vision Inc. References to "the Service" refer to the AppointmentAI product available at appointment.prairievision.ai and its associated APIs.
2. What data we collect
From business customers (account holders)
- Account data: name, business name, email address, password hash (bcrypt), phone number if provided.
- Billing data: processed and stored by Stripe. We retain only a customer reference ID; we never see or store your payment card details.
- Business configuration: agent settings, services offered, pricing, hours, knowledge base uploads, and integration credentials (Cal.com API keys are encrypted at rest).
- Usage metadata: conversation counts, API call volume, feature usage for billing and rate-limiting purposes.
From website visitors (end users who chat with your agent)
- Conversation content: the messages exchanged between the visitor and the AI agent.
- Contact information: name, email, phone when voluntarily provided during a conversation.
- Technical data: IP address (truncated), user agent, visitor fingerprint (hashed), referrer URL, timestamps.
- Appointment data: requested services, preferred dates/times, any booking notes.
3. How we use your data
- To operate the Service — route visitor chats to the right business, book appointments, send confirmation emails.
- To bill your account accurately based on conversation volume.
- To improve conversation quality on a per-tenant basis (your data stays in your tenant — we do not aggregate across customers).
- To detect and prevent abuse, fraud, and security threats.
- To respond to support requests and send critical service communications.
What we do NOT do: We do not sell your data. We do not share it with advertisers. We do not use your conversations to train general-purpose AI models. We do not share identifiable visitor data with other customers on the platform.
4. AI processing
Conversations are processed by a third-party AI provider under a contractual agreement that prohibits using the data for model training. Data is transmitted over TLS and is retained by the provider only for the duration needed to generate a response. Prairie Vision Inc acts as the data controller; the AI provider acts as a data processor.
5. Data retention
- Active accounts: data is retained while your account is active and for up to 90 days after cancellation for recovery purposes.
- Conversation transcripts: retained for 12 months by default, configurable by each business customer. Visitors can request earlier deletion.
- Billing records: retained for 7 years to meet US tax and accounting requirements.
- Backup systems: deleted data is purged from backups within 30 days.
6. Data sharing and sub-processors
We share data only with the service providers necessary to operate AppointmentAI:
- Supabase — primary database hosting (data stored in United States region).
- Render — application hosting and compute.
- Stripe — payment processing (billing only).
- Cal.com — calendar booking integration (only when a business customer configures it).
- Resend — transactional email delivery.
- AI processor — conversation inference (see Section 4).
We do not share data with any other third party except when compelled by valid legal process or to protect the safety of users.
7. Your rights
Depending on your jurisdiction (including but not limited to GDPR in the EU, UK GDPR, CCPA/CPRA in California, and PIPEDA in Canada), you may have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Export your data in a portable, machine-readable format.
- Object to processing or withdraw consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email privacy@prairievision.ai. We respond within 30 days.
8. Security
We implement commercially reasonable safeguards: TLS 1.2+ encryption in transit, encryption at rest for sensitive fields (Cal.com keys, secrets), bcrypt password hashing, JWT session tokens with rotation support, rate limiting, SQL injection prevention via parameterized queries, and regular dependency vulnerability scanning. No system is perfectly secure; in the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.
9. International transfers
AppointmentAI is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. For EU/UK users, we rely on Standard Contractual Clauses where applicable.
10. Children
AppointmentAI is not intended for use by anyone under the age of 16. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us immediately and we will delete it.
11. Changes to this policy
We may update this Privacy Policy as the Service evolves. Material changes will be communicated via email to active account holders at least 30 days before taking effect. The "Last updated" date at the top reflects the current version.
12. Contact
Prairie Vision Inc
Mandan, North Dakota, United States
Privacy questions: privacy@prairievision.ai
General support: support@prairievision.ai