Privacy Policy

Platform: Chillead (also branded as “Tasker”)
Governing Law: State of Texas, United States of America

1. Introduction & Scope

Who We Are

Chillead (also marketed and deployed under the brand name “Tasker”) is a business-to-business (B2B) Software-as-a-Service (SaaS) platform operated by Chillead, Inc. (“Chillead,” “we,” “us,” or “our”). Chillead provides an integrated operations and communications platform purpose-built for home-service companies in the United States, including HVAC, plumbing, electrical, and related trades.

What This Policy Covers

This Privacy Policy describes how Chillead collects, uses, stores, discloses, and otherwise processes personal information in connection with:

• The Chillead/Tasker web application and administrative dashboard
• Mobile web interfaces accessed through the platform
• The Chillead backend API and all integrated microservices
• All features described herein, including auto-dialer, CRM, lead management, task management, SMS messaging, call recording, AI transcription, AI call summaries, estimates, invoices, calendar/dispatch, technician GPS dispatch, e-signatures, web booking widgets, and tracking pixel integrations

This Policy applies to all users of the Chillead platform, including:

• Platform Administrators: Chillead staff managing the SaaS platform
• Tenant Company Admins: Administrators of home-service companies (“tenants”) that subscribe to Chillead
• Sales Representatives: Employees of tenant companies who use dialing, CRM, and lead management features
• Field Technicians: Employees of tenant companies who use dispatch, GPS, and job management features
• Data Subjects: The customers and leads of tenant companies whose personal information is entered into or generated by the platform

Our Dual Role: Data Controller and Data Processor

As a Data Controller:Chillead determines the purposes and means of processing personal information belonging to platform users - meaning tenant company admins, sales representatives, field technicians, and Chillead's own staff. For this data, Chillead is the data controller and this Privacy Policy governs that processing.

As a Data Processor: When tenant companies use the Chillead platform to collect, store, or process personal information belonging to their own customers, leads, or prospects, Chillead acts as a data processor on behalf of the tenant company (the data controller). In this capacity, Chillead processes such data solely under the instructions of the tenant company. Tenant companies are independently responsible for their own privacy notices, consent mechanisms, and compliance obligations.

2. Information We Collect

2.1 Account and Identity Data

When a tenant company subscribes to Chillead and when individual users are provisioned with platform access, we collect:

• Full name and job title
• Business email address
• Company name and business address
• Role and permission level within the platform (admin, sales rep, technician)
• Username and hashed password credentials
• Phone number associated with the user account

2.2 Usage and Session Data

• Login and logout timestamps and events
• Feature usage logs (pages visited, buttons clicked, filters applied, forms submitted)
• Session identifiers and session duration
• Actions performed within the CRM, dialer, task manager, calendar, and other modules
• Error logs and crash reports
• User-configured settings (table column preferences, timezone, notification preferences)

2.3 Payment Data

Payment processing is handled entirely by Stripe, Inc. Chillead does not store full credit card numbers, CVV, or full bank account numbers on its own servers. We retain:

• Last four digits of the card number
• Card expiration month and year
• Billing name and billing address
• Subscription tier, billing cycle, and payment history records
• Stripe Customer ID and Stripe Subscription ID

2.4 Communication Data

• Call Recordings: All outbound calls placed through the Chillead auto-dialer and all inbound calls received through Chillead-provisioned phone numbers may be recorded. Audio files are stored on Google Cloud infrastructure.
• Voice Transcripts: Call recordings are sent to AssemblyAI for automated speech-to-text transcription.
• AI Call Summaries: Transcripts and metadata may be processed by Google Gemini to generate human-readable summaries, including key topics discussed, action items, and sentiment indicators.
• SMS Content: The content of all inbound and outbound SMS messages sent through Chillead-provisioned phone numbers (via Telnyx) is stored in the platform database.
• Voicemail Recordings and Transcripts: Voicemails left for or by tenant companies may be recorded and transcribed using the same pipeline.
• Notification Data: Where Telegram notifications are configured, Chillead may transmit alert data to a configured Telegram bot.

2.5 Lead and Customer Data (Processor Role)

• Customer name, phone number, email address, and physical address
• Service history, job type, and property details
• Lead source and campaign attribution data
• Notes, tags, and custom field values
• Estimate and invoice content, including service descriptions and pricing
• E-signature data (governed by the ESIGN Act, 15 U.S.C. § 7001, and UETA)
• Web booking form submissions
• Online review and reputation data (Google Reviews, Yelp, and other review platforms) collected through the Reputation Management module
• Client portal activity data (service history views, document downloads, and appointment scheduling by end customers)

2.6 Third-Party Sync Data (HouseCall Pro)

Where tenant companies enable the HouseCall Pro integration, Chillead bidirectionally synchronizes data including customer records, job details, scheduling information, invoices, and contact information. Data flows in both directions between the Chillead platform and HouseCall Pro's API. Tenant companies authorize this synchronization during integration setup and may revoke it at any time.

2.7 White-Label Configuration Data

Tenant companies using Chillead's white-label feature may upload custom branding assets (logos, color schemes, domain configurations) and configure tenant-specific branding that is displayed to their end customers. These assets are stored on Google Cloud infrastructure.

2.8 Device and Technical Data

• IP address
• Browser type and version
• Operating system and device type
• Referrer URL
• Time zone setting
• Screen resolution

2.9 Location Data (Technician GPS Dispatch)

For field technician users, the Chillead platform may collect GPS location coordinates to support real-time dispatch and job routing. Location data collection requires the technician user to grant location permissions in their browser or device. Technician users may revoke location permissions at any time.

2.10 Cookies and Tracking Data

Chillead uses cookies and similar tracking technologies on the platform and, where tenant companies configure them, on web booking pages. See our Cookie Policy for full details.

2.11 Biometric-Adjacent Data: Voice Recordings and Voice Transcripts

Chillead's call recording and AI transcription features generate data that may be characterized as biometric or biometric-adjacent under certain state laws:

• Audio recordings of a person's voice captured during a call
• AI-generated text transcripts derived from voice recordings

See Section 4 for detailed disclosure regarding CIPA, BIPA, and CUBI applicability.

3. How We Use Information

3.1 Providing and Operating the Platform

• Creating and managing user accounts and tenant company accounts
• Authenticating users and maintaining secure sessions (via Firebase Authentication)
• Displaying CRM records, task lists, lead pipelines, calendars, and dispatch boards
• Processing and displaying estimates, invoices, and e-signatures
• Enabling web booking form functionality

3.2 Auto-Dialer and Communications Functionality

• Initiating outbound calls from the platform to leads and customers on behalf of tenant companies (via Telnyx)
• Receiving and routing inbound calls to the appropriate sales rep or technician
• Detecting answering machines and live-answer scenarios (AMD)
• Sending and receiving SMS messages on behalf of tenant companies
• Generating and transmitting transactional email notifications (via Resend)
• Generating Telegram alert notifications for configured events

3.3 AI Call Summaries and Transcription

• Transmitting call audio to AssemblyAI for automated transcription
• Transmitting transcripts and call metadata to Google Gemini for AI-generated call summaries
• Storing transcripts and summaries in the platform database linked to CRM records
• Displaying transcripts and summaries to authorized platform users

3.4 Task Cycling & Automation

• Creating, assigning, and cycling tasks between reps based on priority scoring and automated rules
• Triggering automated workflows including lead recycling, escalation, and follow-up reminders
• Processing automation rule conditions against CRM and lead data

3.5 Dispatch, Scheduling & Field Operations

• Scheduling jobs and dispatching field technicians using calendar and GPS data
• Tracking technician on-site time, job status, and checklist completion
• Generating on-site estimates, invoices, and collecting e-signatures
• Synchronizing job data with HouseCall Pro where integration is enabled

3.6 Communication Hub & Unified Inbox

• Aggregating SMS, voicemail, call logs, and notifications into a unified inbox view
• Routing inbound communications to the appropriate rep or team
• Transmitting Telegram bot notifications for configured events

3.7 Client Portal & Reputation Management

• Providing end customers with self-service access to service history, invoices, and booking
• Collecting and displaying online reviews from third-party platforms
• Generating review request communications on behalf of tenant companies

3.8 Analytics & Reporting

• Generating dashboard metrics, KPIs, and performance reports from aggregated platform data
• Tracking rep performance, call connection rates, lead conversion, and revenue metrics

3.9 Billing, Security & Legal Compliance

We also use information for billing and payment processing (via Stripe), security and fraud prevention, platform analytics and improvement, and legal compliance. We do not sell personal information to third parties for their own marketing purposes.

4. Voice Recording & AI Processing Disclosure

4.1 Call Recording

All outbound calls placed through the Chillead platform and all inbound calls received through Chillead-provisioned phone numbers may be recorded.Recordings capture both parties' audio in dual-channel format. Tenant companies are solely responsible for configuring and deploying legally required recording disclosures, obtaining any required consent, and ensuring compliance with applicable federal and state recording laws.

4.2 Federal Law: Electronic Communications Privacy Act

The federal ECPA (18 U.S.C. § 2510 et seq.) permits recording of telephone calls with the consent of at least one party. However, many states impose stricter requirements.

4.3 California - CIPA (Two-Party Consent)

California Penal Code § 632 requires the consent of all parties to a confidential communication before recording. CIPA provides civil liability of $5,000 per violation or three times actual damages, plus potential criminal liability.

4.4 Illinois - BIPA (Biometric Information Privacy Act)

740 ILCS 14/1 et seq. imposes stringent requirements on the collection of “biometric identifiers” including voiceprints. BIPA provides a private right of action with statutory damages of $1,000-$5,000 per violation.

4.5 Texas - CUBI (Capture or Use of Biometric Identifier Act)

Texas Business and Commerce Code § 503.001 prohibits capture of a “biometric identifier” without first informing the person and obtaining consent. CUBI enforcement is by the Texas Attorney General, with civil penalties up to $25,000 per violation.

4.6 Other States

Numerous other states have enacted all-party consent recording laws, including Florida (Fla. Stat. § 934.03), Washington (RCW § 9.73.030), Pennsylvania (18 Pa. C.S. § 5703), and Connecticut. Tenant companies are responsible for identifying and complying with all applicable recording consent laws.

4.7 AI Processing (AssemblyAI + Google Gemini)

AssemblyAI Transcription: Call audio files are transmitted to AssemblyAI, Inc. for automated speech-to-text processing. See: assemblyai.com/privacy.

Google Gemini AI Summaries:Text transcripts and call metadata are transmitted to Google LLC's Gemini API for AI-powered summarization. See: policies.google.com.

Retention: Transcripts and AI summaries are retained for five (5) years from the date of the call, consistent with FTC Telemarketing Sales Rule requirements (16 C.F.R. § 310.5(e)).

5. Third-Party Service Providers

Chillead shares personal information with the following service providers. All are bound by contractual data processing obligations.

6. Data Retention

7. User Data Deletion & Account Deletion

7.1 Right to Request Data Deletion

All platform users — including tenant company administrators, sales representatives, field technicians, and data subjects (end customers of tenant companies) — have the right to request deletion of their personal information held by Chillead, subject to applicable legal retention requirements and the exceptions described below.

7.2 How to Request Deletion

To request deletion of your personal data or your account, you may:

• Email: Send a request to privacy@chillead.com with the subject line “Data Deletion Request”
• In-Platform: Tenant administrators may submit deletion requests through the Settings > Account > Data Management section of the Chillead dashboard
• End Customer Requests: End customers of tenant companies should contact the tenant company directly. Tenant companies may then submit a deletion request to Chillead on their behalf

7.3 Verification

Chillead will verify the identity of the requestor before processing any deletion request. For tenant administrators, verification may include confirming the account email address, providing account identifiers, or multi-factor authentication. For end customers, verification may require the tenant company to confirm the request.

7.4 Scope of Deletion

Upon a verified deletion request, Chillead will delete or de-identify the following data categories:

• User account profile information (name, email, phone, credentials)
• CRM records and contact data associated with the requesting user or end customer
• Task assignments, notes, tags, and custom fields
• Communication logs (SMS content, call recordings, voicemail recordings)
• AI-generated transcripts and call summaries
• Estimate and invoice records
• E-signature data
• GPS location history
• Client portal activity data
• Reputation management data (review solicitation records)
• UI preferences, session data, and notification settings

7.5 Exceptions and Retained Data

Chillead may retain certain data after a deletion request where required by law or legitimate legal obligation:

• TCPA/TSR Compliance Records: Call recordings, transcripts, consent records, and DNC opt-out records must be retained for 5 years per FTC Telemarketing Sales Rule (16 C.F.R. § 310.5(e))
• Financial Records: Payment and invoice records must be retained for 7 years per IRS requirements (26 U.S.C. § 6001)
• E-Signature Records: Retained for 7 years per ESIGN Act and UETA
• Security & Fraud Prevention: Minimal logs may be retained to prevent fraud, enforce Terms of Service, or respond to legal claims
• Legal Hold: Data subject to active litigation, investigation, or legal hold will not be deleted until the hold is released
• Aggregated/De-identified Data: Anonymized, aggregated data that cannot be re-identified is not subject to deletion requests

7.6 Tenant Account Deletion

When a tenant company terminates its subscription or requests full account deletion, Chillead will: (a) provide a 30-day data export window during which the tenant may download all Customer Data; (b) after the export window expires, securely delete all Customer Data from primary systems within 30 additional days; and (c) purge data from backups within 90 days of the deletion date. Legally required retention obligations (Section 7.5) survive account termination.

7.7 Response Timeline

Chillead will acknowledge deletion requests within 5 business days and complete the deletion within 45 days of verification (extendable to 90 days with written notice, consistent with CCPA/CPRA and TDPSA timelines). You will receive confirmation when deletion is complete.

7.8 Third-Party Deletion

Upon processing a deletion request, Chillead will direct applicable sub-processors (including Telnyx, AssemblyAI, and HouseCall Pro) to delete the requestor's personal data, subject to those providers' own retention policies and legal obligations. Chillead cannot guarantee deletion timelines for third-party systems but will make commercially reasonable efforts to ensure compliance.

8. California Resident Rights (CCPA/CPRA)

Applicable Law: California Consumer Privacy Act, Cal. Civil Code § 1798.100 et seq. (CCPA), as amended by CPRA, effective January 1, 2023.

California residents whose personal information is controlled by Chillead have the following rights:

8.1 Right to Know (§ 1798.100, § 1798.110, § 1798.115)

You have the right to request that Chillead disclose the categories and specific pieces of personal information collected, the sources, purposes, and categories of third parties with whom we share it.

8.2 Right to Delete (§ 1798.105)

You have the right to request deletion of personal information, subject to certain exceptions (completing transactions, security incidents, legal obligations). See Section 7 for the detailed deletion process.

8.3 Right to Opt Out of Sale or Sharing (§ 1798.120; CPRA § 1798.135)

Chillead does not sell personal information to third parties for monetary consideration. To submit an opt-out request: privacy@chillead.com.

8.4 Right to Correct Inaccurate Information (CPRA § 1798.106)

You have the right to request correction of inaccurate personal information. We will process corrections within 45 days.

8.5 Right to Limit Use of Sensitive Personal Information (CPRA § 1798.121)

We process the following sensitive personal information: precise geolocation data (technician GPS) and contents of communications (call recordings, SMS). These are used only for operational purposes described in this Policy. Contact privacy@chillead.com to request limitation.

8.6 Right to Non-Discrimination (§ 1798.125)

Chillead will not discriminate against California residents for exercising their CCPA/CPRA rights.

8.7 How to Submit a Verifiable Consumer Request

Email privacy@chillead.com with subject line: “California Privacy Rights Request.” We will respond within 45 days (extendable to 90 days with notice).

9. Texas Resident Rights (TDPSA)

Applicable Law: Texas Data Privacy and Security Act, Tex. Bus. & Com. Code § 541.001 et seq., effective July 1, 2024.

• Right to Access (§ 541.051(a)(1)): Confirm whether we process your personal data and access it.
• Right to Correction (§ 541.051(a)(2)): Correct inaccuracies in your personal data.
• Right to Deletion (§ 541.051(a)(3)): Delete personal data provided by or obtained about you.
• Right to Data Portability (§ 541.051(a)(4)): Obtain a copy in a portable, readily usable format.
• Right to Opt Out (§ 541.051(a)(5)): Opt out of processing for targeted advertising or sale. Chillead does not sell personal data.

Contact: privacy@chillead.com (subject line: “Texas Privacy Rights Request”). Response within 45 days. Appeals may be filed with the Texas Attorney General.

10. Florida Resident Rights (Florida Digital Bill of Rights)

Applicable Law: Florida Digital Bill of Rights, Section 501.701 et seq., Florida Statutes, effective July 1, 2024.

To the extent applicable, Florida residents have the right to access, correct, delete, obtain portable copies of, and opt out of targeted advertising, sale, and profiling of their personal data. Contact: privacy@chillead.com

11. Security

11.1 Encryption

• In transit: All data is encrypted using TLS 1.2 or higher (TLS 1.3 preferred).
• At rest: All data in Google Cloud SQL is encrypted using AES-256 encryption managed by Google Cloud KMS.

11.2 Authentication and Access Controls

• Firebase Authentication with Multi-Factor Authentication (MFA) support
• Role-based access control (RBAC) limiting data access by role
• Multi-tenant data isolation ensuring complete data separation between tenants
• Session timeout and automatic logout policies

11.3 Infrastructure Security

Chillead's backend runs on Google Cloud Run in a serverless, containerized environment with automatic security patching. Google Cloud SQL provides managed database services with automated backups, point-in-time recovery, and VPC network isolation.

11.4 Incident Response and Breach Notification

In the event of a data breach, Chillead will contain and investigate promptly, notify affected individuals and relevant regulators per applicable state breach notification laws, and target a 72-hour internal escalation deadline.

Important Limitation: No security measures are 100% effective. Chillead cannot guarantee absolute security of your personal information.

12. International Data Transfers

Chillead is US-based and operates exclusively within the United States. All personal information is stored on Google Cloud infrastructure in US regions (us-central1 / us-east1). GDPR is not presently applicable to our operations.

13. Children's Privacy

The Chillead platform is a professional B2B SaaS product not directed to, intended for, or designed for individuals under 18. We do not knowingly collect personal information from persons under 18. COPPA Compliance: We do not knowingly collect personal information from children under 13.

14. Contact & Privacy Requests

Response Times: We will acknowledge receipt within 5 business days and complete our response within applicable legal timeframes (45 days for CCPA/CPRA and TDPSA, extendable to 90 days with notice).

15. Changes to This Policy

We may update this Privacy Policy at any time. For material changes, we will provide at least 30 days' advance notice to active tenant companies via email or in-platform notification. Non-material changes may be made without advance notice.

This Privacy Policy is effective as of May 17, 2026. Chillead, Inc. All rights reserved.