215labs LLC — Privacy Policy

Last Updated: February 9, 2026

This Privacy Policy explains how 215labs LLC (“215labs,” “we,” “us,” or “our”) collects, uses, discloses, and retains information when you access or use our platform, products, and services, including any current and future tools, features, applications, integrations, and offerings (collectively, the “Services”). This Privacy Policy is incorporated by reference into our Terms of Service.

By using the Services, you acknowledge that you have read and understand this Privacy Policy.

1. Scope and Roles

1.1 Who this applies to. This Privacy Policy applies to individuals who visit our website or use the Services, including users who access the Services through an organization account (e.g., a brokerage, team, or mortgage company).
1.2 Business customers and end consumers. Our Services are intended for business customers (organizations and their authorized users). If you are an end consumer whose information is entered into the Services by one of our customers, your relationship is primarily with that customer as the controller of your information.
1.3 Our role. For organization accounts, we generally act as a service provider/processor to the customer organization. See our Data Processing Agreement (“DPA”) for more detail.

2. Information We Collect

We collect information in the categories below. The specific information we collect depends on how you use the Services and which features you enable.

2.1 Account and Profile Information

  • Name, email address, phone number, username, password or authentication token, and similar identifiers.
  • Organization and role information (e.g., owner/admin/member), team settings, permissions, and membership details.
  • Authentication and identity verification information from single sign-on providers (e.g., Google or Microsoft) where enabled.

2.2 Customer Relationship and Deal Information

  • Contacts, leads, prospects, clients, referral partners, deal/pipeline information, notes, tasks, calendar events, property or transaction details, and related metadata that you or your organization inputs or synchronizes.

2.3 Communications Data (Email, SMS, and In-App)

  • Messages you send or receive through the Services (including email and SMS communications sent on your behalf), message content, recipients, timestamps, delivery status, and associated metadata.
  • Communication preferences and opt-out status information you provide or import.

2.4 Voice, Call Recording, and Telephony Data (AI and Non-AI)

If you enable voice features (including AI voice agents), we may collect and process:

  • Call audio recordings and call logs (caller/callee numbers, timestamps, duration, routing, and similar metadata).
  • Transcripts of calls and voicemails, including speech-to-text outputs.
  • AI-generated call summaries, coaching insights, sentiment or performance analytics, next-step recommendations, and related outputs.

2.5 AI Interaction Data and AI-Derived Outputs

Because the Services are AI-enabled, we may collect and process:

  • Prompts, messages, instructions, and conversation logs you submit to in-app AI assistants or AI workflows.
  • Contextual information used to complete your requests (e.g., relevant records, notes, prior interactions) based on your permissions and settings.
  • AI-generated outputs (summaries, drafts, suggested actions, analytics, and coaching insights).
  • AI memory/context that you or your organization elects to store per user, per organization, or per workflow to improve continuity (such as preferences, prior conversation context, and system configuration).

2.6 Documents and Files

  • Documents and files you upload, generate, or store in the Services, including associated metadata.
  • AI-assisted contract review or document analysis inputs and outputs where you enable those features.

2.7 Usage Data and Analytics

  • Log data and usage information such as pages viewed, features used, actions taken, timestamps, clickstream information, and error logs.
  • Performance data and diagnostics to maintain and improve the Services.

2.8 Device, Browser, and Network Information

  • Device identifiers and attributes, IP address, browser type, operating system, language preferences, approximate location derived from IP address, and similar technical data.

2.9 Cookies and Similar Technologies

We use cookies and similar technologies to provide, secure, personalize, and analyze the Services. See our Cookie Policy for details.

2.10 Information from Third Parties

  • Identity and authentication data from SSO providers (e.g., Google/Microsoft) if you choose to connect them.
  • Data you authorize us to access via integrated services (e.g., calendar providers, email, CRM imports) and referral/partner portal inputs.
  • Payment and subscription status information from our payment processor (we do not store full payment card details—see Section 6.4).

3. Biometric Data and Voice Processing Notice

3.1 No biometric identifiers. 215labs does not collect, request, derive, store, or use “biometric identifiers” or “biometric information” (including “voiceprints”) as those terms may be defined under specialized state laws (such as the Illinois Biometric Information Privacy Act (BIPA) or similar laws), for the purpose of identifying any individual.
3.2 Purpose of voice processing. If you enable voice features, we process call audio to provide the Services, including call routing, recording, transcription, summarization, sentiment or coaching analysis, and related quality/performance insights. Our voice processing is not intended to uniquely identify any person.
3.3 User responsibility for notices/consent. You and your organization are responsible for providing any legally required notices and obtaining consents for call recording and related processing as described in our Terms of Service and AUP.

4. How We Use Information

We use information to: 4.1 Provide and operate the Services (including account creation, authentication, organization management, and feature delivery).
4.2 Enable AI-powered functionality, including transcription, summarization, analytics, coaching insights, lead scoring, workflow automation, and AI assistants, based on your settings and permissions.
4.3 Improve and develop the Services, including troubleshooting, testing, research, analytics, and feature development.
4.4 Communicate with you, including service-related notices, security alerts, billing communications, and support responses.
4.5 Secure and protect the Services, including detecting fraud, abuse, or suspicious activity and enforcing our Terms of Service and Acceptable Use Policy (“AUP”).
4.6 Comply with legal obligations and respond to lawful requests.
4.7 Business operations, such as internal reporting, audits, and corporate governance.

5. AI Model Improvement and Training

5.1 Service improvement. We may use de-identified, aggregated, or otherwise processed information to improve the Services, including AI performance and quality.
5.2 Customer controls. Where applicable, we provide settings or contractual commitments (including through a DPA for business customers) governing how Your Data is used for AI improvement.
5.3 Third-party AI providers. Some AI features rely on third-party providers (e.g., large language model and voice vendors). Their processing may be governed by their terms and our agreements with them, and may include limited retention for safety, abuse monitoring, or service improvement consistent with those agreements.

6. How We Disclose Information

We may disclose information as follows:

6.1 Service Providers and Subprocessors

We share information with vendors that help us provide the Services (collectively, “Service Providers”), including:

  • Authentication: Clerk (including SSO/OAuth providers such as Google/Microsoft when enabled)
  • Database & Storage: Supabase
  • Hosting: Vercel (frontend), Railway (backend)
  • Payments: Stripe
  • Voice AI / Telephony & Orchestration: Retell AI, Pipecat
  • AI/LLM: Anthropic, OpenAI
  • Speech-to-Text: Deepgram
  • Text-to-Speech: ElevenLabs
  • Email: Resend
  • SMS: Twilio
  • Analytics: Vercel Analytics
  • Automation: n8n

We share only what is reasonably necessary for these providers to perform services on our behalf.

6.2 Within Your Organization (Multi-Tenant and Role-Based Access)

If you use the Services through an organization account:

  • Your organization’s administrators control access, permissions, settings, and certain data visibility.
  • Other authorized members of your organization may access data based on role-based permissions established by your organization (e.g., shared contacts, shared deals, call outcomes, notes, or coaching insights).

6.3 Partner/Referral Portals

If your organization enables partner or referral portal features:

  • External collaborators (e.g., referral partners) may be granted limited access to specific deal or transaction information as configured by your organization.
  • Your organization is responsible for configuring partner visibility and ensuring it is appropriate for its relationships and compliance obligations.

6.4 Legal, Safety, and Enforcement

We may disclose information to:

  • Comply with law, regulation, legal process, or government requests.
  • Protect the rights, safety, and property of 215labs, our users, or others.
  • Investigate or enforce our Terms of Service, AUP, and policies.

6.5 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to appropriate safeguards.

6.6 We Do Not Sell Personal Information

215labs does not sell personal information.

7. Industry-Specific and Sensitive Data Statements

7.1 Real Estate and Mortgage Data Considerations

Our Services may be used in real estate and mortgage-related workflows. Users are responsible for complying with applicable laws and regulations, including, where applicable:

  • Real Estate Settlement Procedures Act (RESPA)
  • Truth in Lending Act (TILA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Fair Housing Act and related anti-discrimination laws
  • Telephone Consumer Protection Act (TCPA) and state telemarketing laws

7.2 Call Recording and Consent

If you enable call recording or AI voice calls, you (and your organization) are responsible for obtaining all required consents and providing legally required notices, including complying with one-party/two-party consent laws.

7.3 TCPA Disclosures for AI Voice Calls and SMS

If you use the Services to place calls (including AI voice calls) or send SMS:

  • You represent that you have obtained any required express consent and will honor do-not-call lists and opt-out requests.
  • You control call content, recipient targeting, and campaign practices, and you are responsible for complying with TCPA, CAN-SPAM (for email), and applicable state laws.

7.4 We Do Not Store Certain Highly Sensitive Consumer Identifiers

215labs does not store end-consumer Social Security numbers (SSNs), full bank account numbers, or credit card numbers. Payment card processing is handled by Stripe; we do not store full card numbers or CVV codes.

7.5 Mobile Information Privacy

Your mobile information, including mobile phone numbers and any data collected through SMS or text messaging programs, will not be sold or shared with third parties for promotional or marketing purposes. Mobile information may only be shared with Service Providers as described in Section 6.1 to the extent necessary to deliver our Services (e.g., message delivery via Twilio). This restriction applies regardless of any other provision in this Privacy Policy.

8. Data Retention and Deletion

8.1 Retention. We retain information as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary depending on the data type, feature configuration, and contractual terms with customer organizations.
8.2 Customer-controlled deletion. Organization admins may be able to delete or export certain data through the Services.
8.3 Post-termination retention. After termination, we may retain Your Data for a limited period consistent with contractual requirements, operational backups, and legal obligations, after which we will delete or de-identify it in accordance with our retention policies (subject to technical and legal constraints).
8.4 Backups. Residual copies may persist in backups for a limited period.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for authentication, session management, preferences, and analytics. See our Cookie Policy for details and opt-out choices.

10. Your Privacy Choices and Rights

Depending on your location and relationship to the Services, you may have rights to:

  • Access information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete certain information, subject to legal and contractual exceptions.
  • Portability (receive a copy in a usable format), where applicable.
  • Opt out of certain marketing communications (service notices are not marketing).
  • Object or restrict certain processing, where applicable.

If you are using the Services through an organization, your requests may need to be directed to your organization administrator, and we may coordinate with them to fulfill the request.

10.1 Automated Decision-Making Technology (ADMT) and Lead Scoring

Some Service features may use automated systems to generate lead scoring, prioritization suggestions, analytics, or other recommendations.

  • How it works (high level). These features may consider factors such as engagement signals, interaction history, response patterns, deal stage metadata, and related inputs available within the Services, and then generate a score or ranking intended to help you prioritize outreach.
  • Your choices. Where available, you may be able to disable lead scoring or automated prioritization features in your account or organization settings.
  • Requests for information or opt-out. You may request information about the categories of inputs used and the general logic of these features, and you may request an opt-out where applicable, by contacting privacy@215labs.io. If you use the Services through an organization, your request may need to be submitted through your organization administrator.

11. California Privacy Notice (CCPA/CPRA)

This section applies to California residents to the extent the CCPA/CPRA applies.

11.1 Categories of personal information collected. We may collect identifiers, commercial information, internet/network activity, geolocation (approximate), audio information (call recordings), professional or employment-related information (if provided), and other categories described in Section 2.
11.2 Sources and purposes. We collect from you, your organization, integrated services you connect, and service providers, for the purposes described in Section 4.
11.3 No sale or sharing for cross-context behavioral advertising. We do not sell personal information. We also do not share personal information for cross-context behavioral advertising in a manner that would be considered “sharing” under CPRA, except as may occur through standard analytics/cookie technologies described in our Cookie Policy, where you may have choices.
11.4 Your rights. You may have the right to know, delete, correct, and access/portability, and to limit use of sensitive personal information where applicable. You may also have rights related to Automated Decision-Making Technology as described in Section 10.1. We will not discriminate against you for exercising your rights.
11.5 Submitting requests. Email privacy@215labs.io. We may verify your request and, where applicable, coordinate with your organization.

12. Children’s Privacy

The Services are not directed to children under 18, and we do not knowingly collect personal information from individuals under 18. If you believe a minor has provided us information, contact privacy@215labs.io.

13. International Data Transfers

Our Services are hosted and processed primarily in the United States. If you access the Services from outside the U.S., you understand that your information may be transferred to and processed in the U.S. and other locations where our Service Providers operate.

14. Security

We maintain administrative, technical, and physical safeguards designed to protect information. No system is 100% secure, and we cannot guarantee absolute security.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services, by email, or as otherwise required by law. The “Last Updated” date indicates when the policy was last revised.

16. Contact Us

For privacy questions or requests:

  • Email: privacy@215labs.io
    For legal notices:
  • Email: legal@215labs.io
    For general support:
  • Email: support@215labs.io
    Company: 215labs LLC (Pennsylvania, USA)
    Website: https://215labs.io