# Changelog — Business Privacy Policy (EN) **Version:** 2026-06-21 **File:** `GreetaVoice-Business-Privacy-Policy-EN-2026-06-21.md` **Replaces:** Landing `privacy.html` template (placeholder dates/emails), dashboard `privacy-en.ts` draft (Greeta Voice Inc., Square payment error) --- ## Added (new sections or topics) | Section | What was added | |---------|----------------| | **Legal entity & address** | J.A.P TECH CONSULTING LLC dba Greeta Voice; 111 Town Square Place, Suite 1201, Jersey City, NJ 07310 | | **Scope / audience** | Business Users, End Customers, website visitors; distinction from Customer Privacy Policy | | **§1.2 Demo Plan** | $0 demo; sample services/staff/hours; **empty customer list**; limited test-call minutes; no live forwarding/integrations until upgrade | | **§1.3 Waitlist / newsletter** | Email, signup time, language, UTM; launch notifications and discounts; unsubscribe | | **§1.4 End Customer** | Controller/processor split; explicit “We do not” list; aggregated metrics only | | **§1.7 DNT / §1.8 third-party links** | From lawyer docx, simplified | | **Stripe billing** | Checkout + automatic card charge + Stripe Invoice; no card storage by Greeta Voice | | **§3 Call recording (full)** | Optional/default off; disclosure tied to setting; no audio when off; real-time processing + transcripts still possible | | **State-based recording defaults** | IL/TX mentioned as disabled/unavailable by default (not caller geo-block) | | **§3.4 SMS** | TCPA on Business User; pointer to Customer Privacy | | **Subprocessor table** | Stripe, Twilio, xAI, Supabase, Cloudflare R2, Square, Google | | **§5 Retention table** | Concrete periods (90d audio, 12m transcripts, 7y billing, waitlist, etc.) | | **§10 Emergency** | Not 911 | | **§11 Non-medical / HIPAA** | Standard product scope; prohibited medical uses; no PHI; no automated health scrubbing | | **§11.4 Future medical product** | Separate URL, terms, pricing, technical environment | | **§12 Voice / biometrics** | No voiceprints, no diarization, BIPA context explained | | **§12.2 User compliance** | No geographic call blocking | | **§13 International** | US processing; EU/PL transfer acknowledgment | | **§14 DPA** | Standard template at `legal/GreetaVoice-DPA-EN-2026-06-21.md`; request at legal@greetavoice.com | | **§16 AI optimization** | No training on identifiable data without **express written authorization** | | **Related policies links** | Customer Privacy, Terms | --- ## Changed (from previous drafts) | Topic | Before | After | |-------|--------|-------| | **Company name** | Greeta Voice, Inc. / placeholders | J.A.P TECH CONSULTING LLC | | **Payment processor** | Square (incorrect for subscriptions) | **Stripe** (Square = optional integration only) | | **Call recording retention** | 30 days (old landing) or vague (docx) or 24mo min transcripts (dashboard draft) | **90 days audio** when enabled; **12 months** transcripts | | **Recording default** | Implied always on | **Off by default**; optional toggle | | **Health data (docx §11.3)** | Claimed automated health scrubbing | **Removed** — honest: no redaction in standard product | | **IL/TX (docx §12.2)** | Prohibited routing calls from IL/TX | **Removed geo-ban** — user compliance + recording defaults by business state | | **Subprocessors (docx)** | OpenAI, ElevenLabs, Deepgram as primary examples | **xAI, Supabase, R2** as actual stack; legacy providers removed | | **Material policy changes** | Continued use only | **Email for Privacy**; **dashboard accept for TOS** | | **Contact email** | hello@yourdomain.com, privacy@yourdomain.com | **legal@greetavoice.com** | | **Effective date** | [DATE] / May 20, 2026 draft | **June 21, 2026** | --- ## Removed - Automated real-time health data scrubbing claims (not implemented) - Absolute prohibition on serving Illinois/Texas callers - Greeta Voice, Inc. entity reference - Square as default payment processor for account billing - Word TOC artifacts / placeholder domains - Overly vague “reasonably necessary” as sole retention standard (now table + fallback in prose elsewhere) --- ## Not in this document (separate artifacts) | Document | Audience | |----------|----------| | **Customer Privacy** (`/customer-privacy`) | Salon clients / callers / SMS | | **Customer Terms** (`/customer-terms`) | End customers | | **Business Terms of Service** | To be published separately (TOS modal flow) | --- ## Suggested env after publish ```env CURRENT_LEGAL_PRIVACY_VERSION=2026-06-21 ``` Bump when material Privacy changes require re-notification (email workflow).