Privacy Policy

Last updated: June 2026

StartSmith ("we", "us", "our") provides tools for service-business owners. This Privacy Policy describes what we collect, why, and what we do with it.

1. Information we collect

• Account information — your name, email, and password hash (via Supabase Auth).
• Business profile — trade, city, state, business name, service catalog, hours, biggest-challenge answer.
• Customer data you enter — names, phone numbers, emails, addresses of your customers. You are the data controller for this; we are the processor.
• Payment data — handled entirely by Stripe. We never see or store card numbers.
• Usage data — pages you visit, actions you take. Collected via privacy-friendly analytics (Plausible).
• Communications — messages to/from our AI mentor, support emails.

2. How we use it

• To operate the Service — website generation, booking, invoicing, SMS, email.
• To personalize the AI mentor and proactive nudges based on your business data.
• To send transactional messages (booking confirmations, invoice reminders) via SendGrid and Twilio.
• To comply with legal obligations (tax, TCPA, GDPR).
• To improve the Service. We do not sell your data.

3. Who we share it with (subprocessors)

• Supabase — authentication
• AWS — hosting (DynamoDB, S3, CloudFront, SQS)
• Stripe — payment processing
• Twilio — SMS delivery
• SendGrid — email delivery
• OpenAI — AI mentor responses (your mentor messages are sent to their API)
• fal.ai — AI image generation (your logo and website images)
• Google — Business Profile, Maps & Places, Analytics, and Calendar sync
• Plausible — privacy-friendly analytics

4. SMS / text messaging (mobile information)

StartSmith, and the businesses that use StartSmith to serve you, send SMS text messages through our messaging provider, Twilio. These are transactional and service messages such as account notifications, booking and appointment confirmations, reminders, invoice and payment notices, and review requests, and — where you have opted in — occasional related follow-ups.

• Consent. You provide your mobile number and opt in to receive text messages when you sign up or book. Consent to receive SMS is not a condition of any purchase. Message frequency varies. Message and data rates may apply.
• Opt-out and help. You can opt out at any time by replying STOP to any message; reply HELP for help. You may also email support@startsmith.co.
• We do not share your mobile information. Your mobile information — your phone number and your SMS opt-in and consent data — is never sold or shared with third parties or affiliates for their own marketing or promotional purposes. We share it only with our messaging provider (Twilio), strictly to deliver the messages you have requested, and with support subcontractors as needed to operate the Service. Text-messaging opt-in and consent data is excluded from all other data sharing and will not be shared with any third parties.

5. Your rights (GDPR / CCPA)

You can request a copy of your data or delete your account at any time. Email support@startsmith.co or use the "Delete account" option in Settings. We'll delete your data within 30 days.

6. Data retention

We retain account data for as long as your account is active. After deletion, we purge it within 30 days, except where law requires longer retention (e.g., tax records for 7 years).

7. Cookies & tracking

• Login cookies (functional, required). When you sign in we set two HTTP-only cookies — one carries your session token, the other a CSRF anti-forgery token. Both expire after 24 hours of inactivity.
• A "logged in" flag in your browser's local storage. A single bit so the app knows whether to show signed-in screens. It contains no personal data.
• Plausible Analytics — no cookies. Plausible does not set cookies, does not track you across other sites, and does not build a profile of you.
• No advertising or marketing trackers. No Google Analytics, no Facebook Pixel, no third-party advertising cookies on this app.

8. Children's privacy

StartSmith is not intended for anyone under 18. We don't knowingly collect data from children.

9. Changes to this policy

If we change this policy materially, we'll notify you via email at least 30 days before the change takes effect. Your continued use after that date means you accept the changes.

10. Contact

Questions? Email support@startsmith.co.

StartSmith is a product of Apotheon AI LLC, a Texas entity. 11711 Domain Dr, Austin, Texas. This policy is governed by the laws of Texas, USA.