Privacy Policy

3a. Information You Provide Directly

When you contact us, submit a form, book a discovery call, or engage our services, we may collect:

• Identity information: name, business name, job title
• Contact information: email address, phone number, mailing address
• Scheduling information: calendar availability, meeting preferences
• Project and scoping details: workflow descriptions, goals, pain points
• Files and documents: samples, templates, or examples you share for scoping or delivery
• Billing and payment details: invoicing information (we do not store payment card numbers)

3b. Website and Usage Data

When you visit our website, we and our service providers may automatically collect:

• Technical data: IP address, device type, operating system, browser type and version
• Usage data: pages visited, time on page, referring URL, links clicked, form interactions
• Cookie and tracking data: see Section 7 (Cookies) below

3c. Call and Voice Data

If you or your business contacts interact with an AI voice agent we operate or have deployed, we may collect:

• Call metadata: caller ID, call duration, time and date, call outcome
• Call recordings and transcripts: subject to applicable consent and disclosure requirements (see Section 9)
• Voice inputs: audio processed by our AI voice platform to generate responses

3d. Client Workflow Data

When we build or operate automations on your behalf, we may process business records, CRM data, customer communications, scheduling entries, documents, and other operational data you or your systems make available to us. We act as a data processor for this information; your privacy obligations to your own customers remain your responsibility and are addressed in your DPA with us.

We do not use personal information for automated decision-making that produces legal or similarly significant effects without human oversight. If an automation we build for a client incorporates such decisions, this will be disclosed in the applicable SOW and DPA.

5a. Service Providers and Sub-processors

We use trusted third-party platforms to deliver our services. These providers process data on our behalf and are contractually required to protect it. Categories include:

• Cloud hosting and infrastructure
• Workflow automation platforms (e.g., n8n)
• AI voice and telephony platforms (e.g., Retell AI)
• AI language model providers
• CRM and business management software
• Email delivery and marketing platforms (e.g., Brevo)
• Scheduling and calendar tools
• Analytics and website performance tools
• Accounting and invoicing platforms

Each provider operates under its own privacy and security terms. Upon request, we can provide a current list of key sub-processors.

5b. Legal Requirements and Protection

We may disclose information if required by law, regulation, court order, or governmental authority, or where necessary to protect the rights, property, or safety of Hercules Automation, our clients, or others.

5c. Business Transfers

If Hercules Automation is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.

Non-essential cookies (analytics, marketing) are placed only with your consent where required by applicable law. A cookie consent banner on our website allows you to accept or reject non-essential cookies.

You may also control cookies through your browser settings. Disabling certain cookies may affect the functionality of parts of our website. For more information, visit allaboutcookies.org.

When retention periods expire, we delete or de-identify personal information using reasonable technical measures.

Recording Consent

Calls handled by AI voice agents may be recorded and transcribed for quality assurance, training, and service delivery purposes. Callers are informed at the start of a call that they are speaking with an automated system and that the call may be recorded. Continued participation constitutes consent to recording under applicable one-party and two-party consent laws.

State-Specific Compliance

Call recording laws vary by state. In two-party (all-party) consent states — including California, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington — all parties must consent to recording. Our voice agent scripts are configured to obtain affirmative consent in these states before recording begins. Clients are responsible for informing us of the jurisdictions in which their callers are located so we can configure disclosures appropriately.

TCPA Compliance

Our inbound voice agents respond to calls initiated by end users and do not place unsolicited outbound calls using auto-dialers. If outbound calling campaigns are scoped as an add-on service, a separate TCPA compliance addendum will govern that engagement.

AI Disclosure

Callers are informed at the beginning of each interaction that they are communicating with an automated AI system, not a human agent. This disclosure is provided clearly and before any personal information is requested.

Data Breach Notification

In the event of a data breach that affects personal information and triggers notification obligations under applicable law, we will notify affected individuals and relevant supervisory authorities within the timeframes required by law (e.g., 72 hours for GDPR supervisory authority notification; applicable US state law timeframes for individual notification).

All Users

Regardless of your location, you may:

• Request access to personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of personal information, subject to legal or contractual retention requirements
• Unsubscribe from marketing emails via the unsubscribe link in any email or by contacting us

California Residents (CCPA / CPRA)

California residents have the following additional rights:

• Right to Know: request details about the categories and specific pieces of personal information we have collected about you
• Right to Delete: request deletion of personal information we collected from you
• Right to Correct: request correction of inaccurate personal information
• Right to Opt-Out: we do not sell personal information or share it for cross-context behavioral advertising, so no opt-out is currently required; however, you may direct any related request to us
• Right to Limit Use of Sensitive Personal Information: to the extent we collect sensitive personal information (as defined by CPRA), you may request we limit its use to purposes permitted by law
• Right to Non-Discrimination: we will not discriminate against you for exercising any CCPA/CPRA rights

To submit a California privacy rights request, contact us at privacy@herculesautomated.com. We will verify your identity before processing your request and respond within 45 days (with one possible 45-day extension).

EEA, UK, and Swiss Residents (GDPR / UK GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure / right to be forgotten (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object to processing based on legitimate interests (Article 21 GDPR)
• Right to withdraw consent at any time, where processing is based on consent
• Right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, or your EU member state’s data protection authority)

To exercise any of these rights, contact us at privacy@herculesautomated.com. We will respond within 30 days, with a possible 60-day extension for complex requests.

Business clients are responsible for ensuring they have a lawful basis for sharing data with us and for complying with applicable privacy laws with respect to their own customers.