1. Introduction

IDARITY Solutions LLC (“IDARITY,” “we,” “us,” or “our”) is a Georgia limited liability company based in Atlanta, Georgia. This policy explains what information we collect through idaritysolutions.com, through our branded platform delivered to clients, and through the AI agents we operate on behalf of clients. It covers what we collect, how we use it, who we share it with, and the choices you have. You can reach us any time through our contact page or by writing to IDARITY Solutions LLC, Atlanta, Georgia, at the address listed on that page.

Two distinct relationships are covered here. If you are a visitor to our public website, or a prospect inquiring about our services, we are the controller of the information you give us. If you are a client and you upload, sync, or otherwise direct contact information about your own customers and leads into the AI agents we operate for you, you are the controller of that information and we are the processor acting on your instructions. Section 5 explains where that line sits.

2. Information We Collect

We collect information in a few specific places. We try to be honest about each one rather than hide behind a catch-all.

Contact form. When you submit our contact form, we collect your name, email address, and the message you send. That submission is delivered to our internal email by SendGrid.

Booking and demo calls. When you book a call with us through the site, you provide your name, email, phone number, business information, and the date and time you select. We use that information to schedule the call, prepare for it, and follow up afterward. Demo calls may be recorded by us with your knowledge for our internal review; if so, we will tell you before recording starts and will not record if you decline.

Payment and billing. When you become a paying client, you are sent to a hosted checkout page operated by Stripe. Stripe handles your name, billing address, and card details directly. We do not see or store your full card number. We receive transaction metadata from Stripe, including your email address and a record of the purchase, and we retain that information as needed for tax, financial, and operational recordkeeping.

Branded platform account. Active clients receive a login to their own branded software, where they can view and manage the AI agents subscribed to. We collect the account-level information needed to provision and operate that login, including user name, email, role, and authentication metadata.

Information generated by the AI agents we operate for clients. Each of our services produces or processes data about the client’s own customers and leads. We process that information as a service provider to the client, under the client’s instructions, and only for the purposes the client has authorized:

AI Phone Agent. Inbound and outbound call audio, transcripts, caller phone numbers, the contents of the conversation, time and duration of the call, qualifications captured during the call, and any appointment booked.
Automated SMS & email follow-up. Lead names, phone numbers, email addresses, the content of inbound inquiries from the client’s website or other sources, the content of the AI-generated outbound replies, delivery and response metadata, opt-outs, and unsubscribes.
Database reactivation. Customer or lead lists the client uploads or syncs from their CRM, including names, phone numbers, email addresses, history of engagement, the content of reactivation messages, responses, and opt-outs.
AI reputation management. Published online reviews about the client’s business, AI-drafted responses, posted responses, and review-related metadata across the platforms we monitor.
AI social posting. Brand assets the client provides, content drafts the AI produces, posts scheduled or published on the client’s connected social accounts, and engagement metrics returned by those platforms.

Email correspondence. We keep the emails we exchange with you about scheduling, billing, troubleshooting, and follow-up.

Analytics and advertising pixels. Our public website uses analytics and advertising tools, which may include Google Analytics, PostHog, Vercel Analytics, Vercel Speed Insights, and a Meta (Facebook) Pixel. Where active, these tools set cookies or use similar technology to record pages you view, general location, device type, referral source, and how you interact with the site. They do not receive information you type into our contact form or any payment information. See Section 8 for opt-out options.

Local storage. Our site saves your light or dark mode preference in your browser’s localStorage under the key nextjs-blog-starter-theme. That value stays on your device. Nothing about you is transmitted to us when we set it.

3. How We Use the Information

For information where we are the controller (such as your contact-form submission, your billing data, your account information, and our direct correspondence with you), we use it to respond to your inquiries, schedule and conduct demo calls, provision and operate your branded platform, process payments, keep records of our engagement, improve the website and our services, monitor service quality and safety, and understand which marketing channels are working. If you ask us about additional services, we use the same information to prepare a quote.

For Client Data (information about your customers and leads that you upload, sync, or otherwise direct into the services — see Section 5), our purposes are limited to delivering the services as described, plus security monitoring, abuse prevention, troubleshooting, and aggregate, de-identified product analytics that do not identify any client, individual, or business. We do not use identifiable Client Data to train AI models, build benchmarks, or improve products for the benefit of other clients.

AI model providers. To deliver the AI agents, we send relevant data (such as call transcripts, lead messages, and reactivation prompts) to third-party AI model providers (for example, OpenAI and Anthropic). Those providers process the data under their own terms in order to return a response. We use providers’ enterprise or API settings that opt our traffic out of model training where that option is available, but we do not control those vendors’ underlying systems and cannot guarantee a particular vendor will not change its policies.

4. Call Recording and Two-Party Consent

The AI Phone Agent answers calls on the client’s behalf. By design, those calls are recorded and transcribed so the AI can process them and so the client can review what happened on each call. Recording laws vary by state. Some states require all parties to a call to consent to being recorded. Each client is responsible for configuring its AI Phone Agent to disclose recording where its state law requires that disclosure, for confirming that any geography it answers calls from is compatible with its disclosure configuration, and for cooperating with us promptly to update the configuration if the law changes. We provide configuration tools to support this; we do not provide legal advice about whether a particular disclosure satisfies a particular state’s law.

No voice biometrics. The platform does not generate, store, or use biometric voiceprint identifiers of callers. If the underlying technology vendors change their behavior in this regard, we will give clients reasonable notice before any change takes effect.

5. Roles When You Are a Client

For information you upload, sync, or otherwise direct into the services about your own customers and leads (collectively, “Client Data”), you are the controller and we are the processor. We process Client Data only as needed to deliver the services you have subscribed to, on your documented instructions, and for the duration of your engagement plus the retention period in Section 9. You are responsible for ensuring you have all rights, consents, and notices required by law (including the Telephone Consumer Protection Act, the CAN-SPAM Act, the Telemarketing Sales Rule, state telemarketing and recording statutes, and any equivalent laws) before directing us to send communications to any contact in Client Data or to record any conversation.

For information we collect about you as our direct customer (such as your billing information, your account login, or the messages you exchange with us about your engagement), we are the controller.

6. Sub-processors and Third-Party Services

We rely on a small number of vendors to run the business and operate the AI agents. Each one handles information only for the purpose listed.

Stripe processes payments and stores billing data.
SendGrid delivers transactional email, including contact form submissions and client notifications.
Telephony carriers and providers (including but not limited to Twilio) carry inbound and outbound voice and SMS traffic, and may briefly process associated metadata in transit.
Voice AI providers (including but not limited to Retell AI and equivalent vendors) produce the synthesized voice responses used by the AI Phone Agent and process call audio and transcripts to do so.
Large language model providers (including but not limited to OpenAI and Anthropic) produce the language responses used across our services and process the text we send them to do so.
Workflow and automation infrastructure (including but not limited to self-hosted n8n) orchestrates messages and integrations between systems on our infrastructure.
The branded platform underlying client accounts — HighLevel (also marketed as GoHighLevel) — hosts client logins, dashboards, CRM data, calendars, and message records under license. We deliver the experience to you under our brand and yours; the underlying processor is named here for sub-processor disclosure purposes.
Google Analytics measures traffic and page performance on the public website, if enabled.
PostHog measures product usage and funnel behavior, if enabled.
Vercel Analytics and Vercel Speed Insights measure traffic, performance, and Core Web Vitals on the public website, if enabled.
Meta (Facebook) Pixel measures the performance of our advertising, if enabled.
Video conferencing platform (typically Zoom) hosts demo and client calls.

Each of these vendors publishes its own privacy policy. Data handled by them is governed by their terms in addition to ours. We require each sub-processor to be bound, by contract or by its published terms, to confidentiality and data-protection obligations no less protective of Client Data than those in this Privacy Policy. We maintain a current list of sub-processors and will provide it on request.

The list of sub-processors may change as we add or remove vendors. We will give active clients at least thirty (30) days’ advance notice of any new sub-processor added to a category that materially changes the data flow for an active service, during which the client may object in writing. If we cannot reasonably accommodate the objection, the client’s sole remedy is to terminate the affected service under Section 5 of our Terms without further obligation for the unused portion of the then-current month.

7. What We Do Not Do

We do not sell your personal information. We do not share personal information with third parties for their own marketing. We do not use identifiable client customer data to train third-party AI models or our own models for the benefit of any other client. We do not access client systems beyond what is necessary to deliver the subscribed services, and our access is governed by the engagement we have with the client.

8. Cookies, Analytics, and Opt-Out

Most browsers let you block or clear cookies through their settings. You can also opt out of specific ad and analytics products directly:

Google Analytics opt-out: tools.google.com/dlpage/gaoptout
Meta ad preferences: facebook.com/adpreferences
Industry opt-out pages: optout.aboutads.info and optout.networkadvertising.org

9. Data Retention

We keep contact form submissions and business email correspondence indefinitely unless you ask us to delete them. Payment and invoice records are retained by Stripe and by us for as long as needed to comply with tax and financial recordkeeping obligations. Demo call notes and recordings are retained for the life of the engagement and for a reasonable period after, unless you ask us to delete them sooner.

Client Data retention. For Client Data processed through the AI agents, we retain the data for the active term of the engagement plus a reasonable period after termination (typically 30–90 days) to allow the client to export or migrate the data. At the end of that period, we delete or anonymize the data within the platforms we control. Some sub-processors may retain logs and metadata under their own retention policies; we cannot reach into those systems to delete on a client’s behalf, but we can request standard deletion where the vendor supports it. Backups and archival copies, where they exist, are purged on routine cycles.

10. Your Rights

You can ask us what information we hold about you, correct it if it is wrong, or ask us to delete it. You can also ask us to stop sending you marketing email.

For requests about Client Data. If you are an end customer or lead of one of our clients and your data was uploaded or directed to our services by that client, please direct your request to the client first. They control the data and they decide what to do with it. We will support the client in honoring a valid request. If you are unable to reach the client, you can contact us and we will do our best to route the request.

California residents. IDARITY is a small business and, based on our current revenue and the number of California residents whose information we handle, we do not believe we meet the thresholds that make the California Consumer Privacy Act (CCPA) or the California Privacy Rights Act (CPRA) legally binding on us. Even so, we honor the core rights those laws provide to California residents on a good-faith basis: the right to know what personal information we hold about you, the right to request deletion, the right to correct inaccurate information, and the right not to be discriminated against for exercising those rights. We do not sell your personal information, and we do not share it for cross-context behavioral advertising in exchange for money.

Other jurisdictions. We are based in the United States and do not actively market to residents of the European Union, the United Kingdom, or other jurisdictions outside the United States, so we do not claim GDPR or UK GDPR compliance. Residents of any jurisdiction with stricter requirements are welcome to contact us and we will accommodate reasonable requests where we can.

To exercise any of these rights, reach us through our contact page. We will respond within 45 days.

11. Security

We use commercially reasonable administrative, technical, and physical safeguards to protect information from loss, misuse, unauthorized access, alteration, and destruction. We rely on the security controls of the sub-processors listed in Section 6 for the portions of the services they operate. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you as required by applicable law and within a reasonable timeframe.

12. Children’s Privacy

Our services are for businesses and their operators. We do not market to children, and we do not knowingly collect information from anyone under 13. If you believe a child has submitted information to us, please contact us so we can remove it.

13. Changes to This Policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For material changes that affect how we handle your personal information, we will give at least 30 days advance notice by posting a prominent notice on the site and, for active clients, by sending an email to the address on file. Continuing to use the site or our services after the effective date of the change means you accept the updated policy.

14. Relationship to Our Terms

Your use of our website and services is also governed by our Terms of Service. Please review them alongside this policy.

15. Contact

Questions, requests, or concerns about this policy? Please contact us.