Privacy Policy

Last updated on May 9, 2026.

Responsebird, Inc. ("Responsebird," "we," "us," or "our") provides software that helps local-services businesses respond to and qualify inbound leads across multiple platforms. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to the Responsebird website, dashboard application, and any other service we operate that links to this policy (collectively, the "Services").

1. Who this policy is for

This policy covers two groups of people:

  • Customers - the businesses and their team members that sign up for a Responsebird account.
  • End users / Leads - the consumers who contact a Responsebird customer through a connected platform (for example, by sending a Thumbtack request, a Yelp message, or a website form). When we process information about end users, we act as a processor on behalf of the customer.

2. Information we collect

2.1 Information customers give us

  • Account details: name, work email address, business name, phone number.
  • Authentication credentials managed by our identity provider (Supabase Auth).
  • Billing information processed by our payments provider (DodoPayments). We do not store full card numbers on our servers.
  • Configuration content: business hours, service area, FAQ knowledge base, AI assistant tone, escalation rules, and similar settings.

2.2 Information we receive from connected platforms

When a customer connects a third-party platform to Responsebird (for example, Thumbtack, Yelp, Google Local Services, Facebook Lead Ads, or Facebook Messenger), we receive data about the leads that platform sends to the customer. The exact fields depend on the platform; broadly, we receive:

  • The lead's name, phone number, and email when provided by the platform.
  • Service request details (category, description, ZIP / city / state, scheduling preferences).
  • Messages between the lead and the customer that take place on the platform.
  • Platform-side metadata: lead ID, conversation ID, business ID, timestamps, negotiation status, price, and event type.

2.3 Information generated by the Services

  • Outbound SMS, email, and voice calls placed by Responsebird on behalf of the customer, including transcripts and recordings of voice calls (subject to recording consent rules and applicable law).
  • Audit and event logs (which lead was contacted, when, by which automation rule).
  • Standard usage telemetry: IP address, browser/device type, page views, error reports.

3. How we use information

We use the information described above to:

  • Operate the Services - receive leads from connected platforms, generate AI replies, place outbound calls, schedule follow-ups, route conversations, and surface them in the customer's dashboard.
  • Provide customer support and respond to incidents.
  • Bill customers and prevent fraud.
  • Improve reliability and performance - for example, debugging webhook failures or sizing infrastructure.
  • Comply with legal obligations, including responding to lawful requests and enforcing our Terms of Service.

We do not sell personal information. We do not use lead content (the messages and details of consumers contacting our customers) to train shared or third-party AI models.

4. How we share information

We share information only as needed to operate the Services, and only with:

  • The customer who owns the account. Lead data we ingest from a connected platform is only made available inside that customer's account.
  • Sub-processors who help us run the Services. As of the date of this policy, our core sub-processors are:
    • Supabase (Postgres database, authentication, edge functions, storage)
    • Vercel (web application hosting)
    • Vapi (voice / telephony)
    • Twilio (SMS, where applicable)
    • Resend (transactional email)
    • DodoPayments (subscription billing)
    • Sentry (error monitoring)
    We require sub-processors to maintain appropriate security and to use the data only to perform services for us.
  • The platforms our customers connect. When a Responsebird automation sends a message back through (for example) the Thumbtack messaging API, the content of that message is transmitted to the relevant platform under its own terms.
  • Authorities, when legally required. We may disclose information in response to a valid subpoena, court order, or other lawful request, and to enforce our agreements or protect rights, property, or safety.
  • An acquirer in the event of a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

5. Thumbtack-specific terms

When a customer connects their Thumbtack Pro account to Responsebird via Thumbtack's Partner API, Thumbtack delivers lead, message, and negotiation events to Responsebird's webhook endpoint. We handle that data as follows:

  • Scope. We request only the OAuth scopes necessary to receive leads, read messages, and (where the customer enables it) send replies on the customer's behalf.
  • Storage. Thumbtack lead and message data is stored in our Postgres database under row-level security, scoped to the customer's account. Access tokens, refresh tokens, and webhook authentication credentials provided by Thumbtack are stored encrypted at rest.
  • Use. We use the data only to deliver the integration the customer signed up for. We do not use Thumbtack data to train AI models, to enrich third-party datasets, or for any advertising purpose.
  • Disconnect and deletion. A customer can disconnect their Thumbtack account at any time from the Sources page in the Responsebird dashboard. On disconnect we revoke the webhook subscription with Thumbtack, invalidate the stored tokens, and stop ingesting new events. The customer may also request deletion of historical Thumbtack data by contacting privacy@responsebird.com; we will action verified deletion requests within 30 days.

6. Retention

We retain customer account data for as long as the account is active. Lead and message records are retained while the source remains connected, and for up to 24 months after disconnection unless the customer requests earlier deletion. Voice call recordings (where retained) follow the customer's per-account retention setting; the default is 90 days. Aggregated and de-identified usage data may be retained indefinitely.

7. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including TLS in transit, encryption of secrets and OAuth tokens at rest, row-level-security on multi-tenant tables, least-privilege access for engineers, and centralized audit logging. No method of transmission over the internet is completely secure, so we cannot guarantee absolute security.

8. International transfers

Responsebird is operated from the United States. If you access the Services from outside the United States, you understand that your information will be transferred to and processed in the United States. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to protect personal information transferred internationally.

9. Your choices and rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete personal information we hold about you.
  • Object to, or restrict, certain processing of your information.
  • Receive a portable copy of your information.
  • Withdraw consent where processing is based on consent.

If you are an end user / lead, the customer who owns the Responsebird account is the controller of your data; please direct rights requests to that customer in the first instance, and we will assist them. You may also contact us directly at privacy@responsebird.com and we will route your request appropriately.

10. Children

The Services are intended for businesses and adults. We do not knowingly collect personal information from children under 16. If we learn we have collected such information, we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date at the top of this page and, for material changes, give notice through the Services or by email to account owners. Continued use of the Services after the effective date of an update constitutes acceptance of the updated policy.

12. Contact us

Responsebird, Inc.
Privacy questions: privacy@responsebird.com
General contact: hello@responsebird.com