Skip to main content

LEGAL · PRIVACY

Privacy Policy

Effective: June 9, 2026Operator: HaestusGoverning law: State of Utah, USA

01Who we are

HAESTUS is an AI automation agency that builds AI receptionist agents, marketing websites (SmartSites), custom CRM/dashboards, and AI training programs for owner-operated service businesses in southern Utah and beyond. We operate this website at haestus.dev.

Legal operator: Haestus, based in St. George, Utah, and operating under the laws of the State of Utah, USA. Contact: [email protected].

02Data we collect

We collect data in several ways:

Information you provide directly

  • Name, email address, phone number, and company name when you submit a lead form, book a discovery call, or subscribe to The Forge newsletter.
  • The URL you submit to the AI Searchability Scanner.
  • Messages you send to Slick, our AI chat assistant on haestus.dev.
  • Call recordings and transcripts when you interact with our AI voice receptionist (with notice at the start of each call).

Information collected automatically

  • Standard web server logs: IP address, browser type, referring URL, pages visited, timestamps.
  • Analytics events via PostHog (see Section 5 — Cookies & Analytics).
  • Scan metadata: domain entered, derived signals (robots.txt configuration, schema presence, sitemap URL count), computed AI visibility score. We do not store full page body content — only factual derived signals.

Information from third-party services

  • Cal.com: when you book a discovery call, Cal.com collects your name, email, and scheduling data under their own privacy policy.
  • Stripe: when you make a payment, Stripe processes payment data under their own privacy policy. We do not store card numbers.
  • Twilio: call metadata (caller ID, call duration) when our AI voice agent handles a call.
  • ElevenLabs: voice synthesis and, where applicable, speech-to-text processing during AI voice interactions.

03How we use your data

We use the information we collect to:

  • Respond to inquiries and deliver the services you requested.
  • Send your AI Searchability Scanner report by email after you unlock it.
  • Send The Forge newsletter (only with your explicit opt-in; unsubscribe at any time).
  • Operate our AI voice receptionist to answer calls on behalf of our clients.
  • Improve our services and tools (aggregate, anonymized analytics only — never sold).
  • Comply with legal obligations and enforce our Terms of Service.
  • Detect and prevent fraud, spam, and abuse of the Scanner tool.

We do not sell your personal information to third parties. We do not use your data to train third-party AI models without your explicit consent.

04Third-party services

We use the following third-party processors. Each operates under its own privacy policy and data processing agreement:

Third-party service providers and their roles
ProviderPurposeData shared
SupabaseDatabase & authentication (PostgreSQL)All user-submitted data, lead records, scan records
VercelHosting & serverless functionsServer logs, IP addresses
ResendTransactional email & newsletter deliveryEmail addresses, name, email content
PostHogProduct analytics (see §5)Page views, click events, session data (anonymized)
Cal.comDiscovery call schedulingName, email, scheduling preferences
StripePayment processingEmail, billing details (card data processed by Stripe directly)
TwilioVoice AI infrastructure, SMSPhone numbers, call duration, call recordings (when enabled)
ElevenLabsAI voice synthesis & speech-to-textAudio input/output during voice AI interactions
Anthropic / OpenAI / Perplexity / GoogleAI Scanner citation probing; Slick chat assistant responsesSubmitted URLs (scanner); chat messages (Slick)
Cloudflare TurnstileBot protection on the Scanner formBrowser fingerprint (privacy-preserving, no personal data stored by us)

05Cookies & analytics

We use PostHog for product analytics. PostHog sets a persistent cookie (or localStorage entry) to distinguish unique visitors and track page-level events. PostHog operates under EU GDPR-compliant data processing practices.

We use the following types of cookies and local storage:

  • Essential session cookies: required for authentication in the client portal. Cannot be disabled without breaking functionality.
  • Analytics cookies (PostHog): track page views, button clicks, and funnel events. Used only in aggregate to improve the product.
  • Preference cookies: store your UI preferences (e.g. theme settings) in localStorage.

We do not use advertising cookies or sell cookie data to ad networks. You may opt out of PostHog analytics by emailing [email protected].

06AI Searchability Scanner

The AI Searchability Scanner accepts a public URL and performs an automated audit of that site's AI visibility signals. When you submit a URL:

  • We fetch publicly accessible pages of the submitted domain to read robots.txt, sitemap.xml, page metadata, and JSON-LD structured data.
  • We submit the domain to AI search engines (ChatGPT, Claude, Perplexity, Google AI) to test whether they cite it — this is equivalent to a standard user query.
  • We store derived signals (score, band, per-dimension results) in our database linked to the domain. We do not store full page body content.
  • When you provide your email to unlock the full report, your email is associated with the scan record and stored as a lead in our CRM.
  • We honor robots.txt Disallow directives; we send a clear User-Agent string (HaestusScanner/1.0) so site operators can identify and block our scanner.

Scan results for third-party domains are marked private and are not published or indexed. You may request deletion of your scan record by emailing [email protected] with the domain name.

07Voice AI & SMS

Our AI voice receptionist service is deployed on behalf of our clients. When you call a phone number answered by a HAESTUS AI agent:

  • You will be informed at the start of the call that you are speaking with an AI assistant.
  • Calls may be recorded and transcribed to deliver the service (e.g. passing a message to the business owner, booking an appointment).
  • Call recordings are stored securely and accessible only to the client business and HAESTUS staff.
  • Call data is retained for 90 days from the date of the call, then permanently deleted, unless the client requests longer retention for their own records.

SMS messages sent via HAESTUS-powered numbers are subject to standard carrier terms and Twilio's messaging policies. You may opt out of SMS at any time by replying STOP.

08Data retention

We retain data for the following periods:

  • Lead records (name, email, phone, company): retained for the duration of the business relationship plus 3 years, unless you request deletion.
  • Scanner scan records: derived signal data retained for 12 months; deleted after 12 months or on your request.
  • Slick chat: your messages are sent to our AI provider to generate a reply during your session. We do not store website chat conversations in a long-term database; transient processing logs are retained no longer than 30 days.
  • Call recordings: retained for 90 days from the call date, then permanently deleted.
  • Newsletter subscriber records: retained until you unsubscribe, after which the record is flagged unsubscribed and anonymized within 30 days.
  • Payment records: retained for 7 years to satisfy tax and accounting obligations (Stripe handles card data; we retain invoice metadata only).
  • Web server logs: retained for 30 days.

You may request deletion of your personal data at any time. We will complete deletion within 30 days, subject to retention obligations required by law.

09Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data (subject to legal retention requirements).
  • Portability: request your data in a machine-readable format.
  • Objection: object to our processing of your data for certain purposes.
  • Opt-out of analytics: email us to opt out of PostHog event tracking.

To exercise any of these rights, email [email protected] with your request. We will respond within 30 days.

10Security

We use industry-standard safeguards to protect your data:

  • All data in transit is encrypted via TLS 1.2 or higher.
  • Database access is controlled by Supabase Row Level Security (RLS) policies — your data is accessible only to authenticated users with the appropriate role.
  • API keys and service credentials are stored as environment variables; they are never embedded in client-side code or committed to source control.
  • Sensitive operations (admin panel, client portal) require authentication.

No security system is impenetrable. If you discover a security vulnerability, please report it responsibly to [email protected].

11Children's privacy

Our services are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

12Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to our services, legal requirements, or business practices. We will update the effective date at the top of this page when we do.

Material changes (affecting your rights or our data use) will be communicated by email to active subscribers and clients at least 14 days before taking effect.

13Contact

For privacy questions, data requests, or to exercise your rights under applicable law, contact us at:

Haestus
[email protected]
St. George, Utah
Governing law: State of Utah, USA

Effective: June 9, 2026

Terms of Service