Privacy Policy

Run With Jarvis LLC (“Run with Jarvis,” “we,” “us,” or “our”) operates the Run with Jarvis platform available at runwithjarvis.com and the related products marketed under the Run With Jarvis brand, including KeyBot, GetTimePad, IntelliDrive, CallFlux, and the Jarvis AI brain (collectively, the “Services”). The Services are designed for service-based businesses that use AI automation, customer relationship management, scheduling, payments, and communications in a single operating system.

This Privacy Policy explains how we collect, use, retain, secure, disclose, and otherwise process information when you visit our website, sign up for the Services, embed our widgets on your site, place or receive calls or messages through our communications stack, accept payments, connect bank accounts, or otherwise interact with us.

We act as a controller of personal information about visitors, prospects, and administrators of business accounts that subscribe to our platform. We act as a processor of personal information that our business customers (each, a “Customer”) submit to the Services about their own end users (such as their callers, leads, patients, or purchasers). When we process information on behalf of a Customer, we do so under that Customer’s instructions and the terms of our applicable subscription or data processing agreement. End users with questions about a Customer’s data practices should contact that Customer directly.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

We collect information in three broad ways: (i) information you provide to us directly, (ii) information we collect automatically when you use the Services, and (iii) information we receive from third parties such as payment processors, communications providers, identity-verification vendors, and integrated business systems.

Information you provide

• Account data — business name, contact name, email, phone number, password, billing address, role, time zone, and the industry or vertical you operate in.
• Onboarding and configuration data — service catalog, pricing, hours of operation, service area, technician roster, brand voice preferences, AI prompts, scripts, and integration credentials you choose to connect.
• Customer-record data — information you (or your end users) submit through CRM forms, intake widgets, calendars, chat, messaging, or voice flows. This may include name, contact details, address, vehicle or property information, service requests, photos, and free-form notes.
• Payment data — invoice details, transaction amounts, descriptors, payout instructions, tax information, and the limited payment metadata returned by our payment processor (we do not store full card numbers).
• Support data — messages, screenshots, recordings, or files you submit when you contact support, request a demo, file a complaint, or interact with our team.

Information collected automatically

• Device and log data — IP address, user-agent, device identifiers, browser, operating system, language, referring URL, pages and features accessed, request and response timing, and approximate geolocation derived from IP.
• Usage data — events emitted as you click, scroll, send messages, place calls, schedule appointments, generate invoices, run reports, or invoke AI tools.
• Cookies and similar technologies — see Section 11.

Information from third parties

• Payment, payout, KYC, and bank-verification information from Stripe (including Stripe Connect, Stripe Treasury, and Stripe Financial Connections).
• Call metadata, recordings, transcripts, and messaging delivery status from Twilio, WhatsApp, our voice runtime providers, and call-tracking partners.
• Identity, fraud-signal, and ownership-verification data from identity-verification vendors and our payment processors.
• Profile and operational data from integrations you authorize, such as Google, calendar systems, accounting software, advertising platforms, and analytics tools.

To enable invoicing, payouts, ACH transfers, banking, and related financial features, the Services may collect or receive financial information about your business and, in certain cases, the individual representatives or beneficial owners of your business. This may include business legal name, doing-business-as name, employer identification number (EIN) or social security number (SSN) where required, date of birth, government-issued identification, beneficial-ownership disclosures, representative role, address, bank routing and account numbers, account ownership, transaction history, balances, and payout instructions.

Financial information is treated as sensitive data. We only collect it where required to deliver the Services you have requested, to satisfy legal and regulatory obligations (including anti-money-laundering, know-your-customer, and tax-reporting rules), to verify account ownership, to prevent fraud, and to enable our payment and banking partners to provide the underlying financial services.

Where we receive sensitive identifiers such as full SSN, EIN, or government-issued ID, we transmit them directly to our regulated payment and banking partners (including Stripe and its affiliated banks) over encrypted channels and minimize their retention within our own systems. Wherever feasible, we tokenize or reference financial accounts through opaque identifiers issued by our processor instead of storing raw account data.

The Services use Stripe Financial Connections to enable you to securely link your business bank account to Run with Jarvis. When you choose to link an account, Stripe presents an authentication flow that asks you to select your financial institution and authenticate directly with that institution. Run With Jarvis never sees, receives, or stores your online-banking username or password.

By using Stripe Financial Connections, you authorize Stripe and your financial institution to share information about the linked account with Run With Jarvis. Depending on your institution and the permissions you grant, this may include: account holder name, account type, account and routing numbers, current balance, transaction history, and ownership information used to verify that the account belongs to your business.

We use this information solely for the purposes you authorize, including: verifying ownership and validity of the account, enabling ACH debits and credits, monitoring and reconciling payouts, supporting invoicing and revenue reporting features, preventing fraud and unauthorized transactions, and complying with applicable financial regulations.

You can disconnect a linked financial account at any time from your account settings or by contacting privacy@runwithjarvis.com. Disconnecting an account will revoke our ongoing access to that account’s data through Stripe Financial Connections; previously collected information may be retained as described in Section 19.

Certain features of the Services rely on Stripe Connect and where eligible Stripe Treasury to provide payment acceptance, payouts, balances, and embedded financial services to your business. To enable these features, you (and, where applicable, your business representatives and beneficial owners) will be onboarded onto a connected account managed by Stripe.

During connected-account onboarding, you may be asked to provide identity, business, and financial information necessary for Stripe to verify your business and to satisfy its and our regulatory obligations. This includes information used for know-your-customer (KYC), know-your-business (KYB), beneficial-ownership disclosure, sanctions screening, anti-money-laundering monitoring, tax reporting (such as IRS Form 1099-K), and ongoing risk assessment.

Information you submit during connected-account onboarding is collected and processed jointly by Stripe and Run with Jarvis. Stripe processes that information as a money-services provider in accordance with the Stripe Privacy Policy, the Stripe Connected Account Agreement, and where applicable the Stripe Treasury Services Agreement. Stripe Treasury accounts are issued by Stripe’s bank partners and are subject to those partners’ terms.

Run with Jarvis receives a limited subset of connected-account data from Stripe (such as verification status, balances, payouts, transaction summaries, and dispute notifications) so that we can render dashboards, generate reports, trigger workflows, and provide support. We do not have direct custody of funds held in Stripe Treasury accounts.

Payments accepted through the Services — including invoice payments, deposits, point-of-sale charges, subscription billing for our own platform, and any customer-paid amounts collected on your behalf — are processed by Stripe and routed through Stripe’s payment network.

When a payer enters card details into a payment form served through the Services, those details are submitted directly to Stripe through a secure, PCI-compliant integration. Run with Jarvis does not receive or store full card numbers, full magnetic-stripe data, full track-2 data, CVV2/CVC2/CID values, or PINs. We retain only the limited transaction descriptors that Stripe returns to us, such as a payment identifier, last four digits, brand, expiration month and year, country, and risk signals.

We use payment information to: process transactions you or your end users authorize; deliver receipts, refunds, and chargeback notifications; reconcile payouts and balances; detect, investigate, and prevent fraud and unauthorized transactions; bill you for our subscription and usage fees; comply with tax and accounting obligations; and enforce our terms.

Disputes, refunds, and chargebacks may be handled jointly by Run with Jarvis and Stripe in accordance with applicable network rules. We may share transaction details with Stripe, card networks, and issuing banks as needed to respond to a dispute.

The Services support ACH debits, ACH credits, and other bank-account-based money movement using Stripe and its bank partners. To initiate ACH transactions on your behalf, we and Stripe must verify that the bank account you provide is valid and is owned by you or your business.

Verification may be performed in one of several ways:

• Instant verification via Stripe Financial Connections, in which you authenticate directly with your financial institution.
• Micro-deposit verification, in which Stripe deposits and reverses two small amounts in your account that you confirm back to us.
• Manual review of routing and account numbers that you submit, combined with name and ownership information already on file.

By submitting a bank account through the Services, you represent that you are an authorized signer or owner of that account and that you authorize Run with Jarvis and Stripe to: verify the account; transmit ACH credits and debits to and from the account in connection with the Services you have requested; and obtain account ownership, balance, and transaction information solely to operate, secure, and improve those features.

You may revoke ACH authorization at any time by removing the account from your settings or by contacting privacy@runwithjarvis.com, subject to a reasonable period for in-flight transactions to settle.

The Services use artificial intelligence and large language models to power features such as voice agents, chat assistants, AI follow-up, summarization, scheduling suggestions, classification, and analytics. To deliver these features, we send the inputs and contextual data necessary to fulfill your request to model and inference providers (collectively, our “AI Providers”), which may include OpenAI, Anthropic, Deepgram, ElevenLabs, and similar third-party providers.

Inputs may include the message a caller or chat user sends, partial or full transcripts of voice conversations, customer-record context retrieved from your workspace, your AI prompts and scripts, knowledge-base snippets, and operational metadata. AI Providers process that information solely to return a response. Where the AI Provider supports it, we contract for terms that prohibit them from using your inputs or outputs to train their underlying models.

AI outputs are generated probabilistically and may be inaccurate or incomplete. You are responsible for reviewing AI-generated content before relying on it for decisions that affect health, safety, finance, employment, or legal status. We log AI prompts, responses, tool calls, and outcomes to operate, debug, audit, and improve the Services and to detect abuse.

The Services use Twilio and WhatsApp Business (a Meta Platforms service made available through Twilio or other Business Solution Providers) to deliver SMS, MMS, voice, and WhatsApp messaging. When you or your end users send or receive a message or call through the Services, we collect and process information including originating and destination phone numbers, sender and recipient identifiers, channel, message body, attachments, delivery status, error codes, opt-in status, and timestamps.

Voice features may transmit and receive audio streams in real time. We use this data to route the message or call, deliver content, generate transcripts and summaries, enforce opt-out requests and quiet-hours rules, prevent spam and fraud, comply with carrier and messaging-channel rules (including 10DLC registration in the U.S. and WhatsApp Business policies), and report on deliverability.

Twilio and Meta may also process this data as independent data controllers or processors of their own services pursuant to their respective privacy policies. End users can opt out of marketing or promotional messages at any time by replying STOP, UNSUBSCRIBE, or CANCEL to a text message, by following the unsubscribe instructions in a WhatsApp template, or by contacting our Customer for Customer-initiated communications.

The Services may record inbound and outbound voice calls, capture transcripts, and analyze conversations for purposes including quality assurance, training, fraud prevention, AI improvement, dispute resolution, attribution of calls to advertising or marketing sources, summarization for CRM records, and reporting.

Where call recording is enabled, our Customers configure a verbal disclosure or pre-call announcement informing callers that the call may be recorded. Customers are responsible for ensuring that recording is conducted in compliance with applicable federal, state, and local laws, including jurisdictions that require all-party consent. If you do not consent to a call being recorded, you should notify the operator and discontinue the call.

Call recordings, transcripts, and derived metadata (including duration, hold time, sentiment scores, classifications, and outcomes) may be associated with customer records, dispatched to AI Providers for transcription and analysis, and made available to the relevant Customer through the Services. Call analytics may also include caller line type, geographic region inferred from area code or routing data, ad source, landing page, keyword, and visitor identifier when call-tracking is in use.

We and our service providers use cookies, local storage, pixels, software development kits (SDKs), and similar technologies (collectively, “cookies”) to operate, secure, analyze, and improve the Services and our marketing channels.

• Strictly necessary — required to authenticate you, maintain session state, balance load, prevent fraud, and remember your cookie preferences.
• Functional — remember choices you make (such as language, time zone, or last-viewed dashboard) to personalize your experience.
• Analytics and product — help us understand how visitors and users interact with our marketing site and product so we can improve performance, debug issues, and prioritize features.
• Advertising and attribution — measure the performance of marketing campaigns, attribute calls and form submissions to ad sources, and, where you have consented, deliver tailored advertising on third-party platforms.

You can control cookies through your browser settings, by using the consent controls we provide where required by law, and by sending a Global Privacy Control (GPC) signal, which we will treat as a request to opt out of sale or sharing of personal information for cross-context behavioral advertising in jurisdictions that recognize such signals.

We use information for the following purposes:

• To provide, operate, and maintain the Services, including AI agents, CRM, scheduling, dispatch, voice, messaging, payments, payouts, and analytics features.
• To create and administer your account, authenticate users, and provision access to the appropriate Services and tenants.
• To process payments, payouts, refunds, ACH transfers, and other financial transactions through Stripe.
• To verify identity and account ownership, prevent fraud, monitor for unauthorized or prohibited transactions, and comply with anti-money-laundering and sanctions obligations.
• To respond to support requests, troubleshoot issues, and improve product reliability and performance.
• To communicate with you about service updates, security alerts, billing notices, transactional confirmations, and policy changes (you cannot opt out of essential service messages while using the Services).
• To send marketing communications, where permitted by law and subject to your right to opt out at any time.
• To comply with legal obligations, respond to lawful requests, enforce our terms, and protect the rights, property, and safety of Run with Jarvis, our Customers, end users, and the public.
• To produce de-identified, aggregated, or statistical data that does not identify any individual and that we may use for any lawful purpose, including improving and benchmarking our Services.

Run with Jarvis and our payment, banking, and communications partners use a combination of automated risk-scoring, identity verification, behavioral signals, velocity checks, device fingerprinting, and human review to detect, investigate, and prevent fraud, account takeover, payment risk, money laundering, and other misuse of the Services.

For these purposes we may collect or generate signals including device and browser characteristics, IP address and approximate location, login patterns, payment behavior, ACH return history, dispute history, transaction velocity, suspected stolen-card or stolen-bank-account indicators, and the outputs of our payment processor’s risk engine.

We may use this information to: decline or hold a transaction; require additional verification; suspend or terminate an account or feature; report suspected violations of law to appropriate authorities; cooperate with payment networks, banks, and law enforcement; and pursue civil remedies. By using the Services, you authorize us and our partners to perform these fraud-prevention activities and to retain the resulting records for as long as necessary to satisfy our legal, regulatory, and risk-management obligations.

We implement administrative, technical, and physical safeguards designed to protect personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction. These safeguards include:

• Encryption of data in transit using industry-standard TLS, and encryption of data at rest using industry-standard algorithms.
• Tenant isolation enforced at the application and database layers so that one Customer’s data is not exposed to another.
• Role-based access controls, least-privilege production access, and multi-factor authentication for personnel with access to systems that process personal information.
• Continuous monitoring, logging, and alerting on authentication events, configuration changes, and suspected security incidents.
• Use of regulated and audited cloud-infrastructure providers and processors (such as Stripe and our hosting providers) for the storage and processing of sensitive data.
• Vendor risk reviews, secure software development practices, code review, dependency scanning, and regular vulnerability and penetration testing.

No method of transmission over the Internet or electronic storage is one-hundred-percent secure. While we strive to use commercially reasonable means to protect personal information, we cannot guarantee absolute security.

Run with Jarvis is based in the United States and the Services are operated primarily from the United States. Personal information that we collect or that you submit through the Services is stored and processed on infrastructure located in the United States, including cloud regions operated by our hosting providers and the U.S.-based systems of Stripe, Twilio, our AI Providers, and other service providers.

If you access the Services from outside the United States, you understand and agree that your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from those of your jurisdiction. We rely on lawful transfer mechanisms (such as standard contractual clauses, where applicable) and require our processors to handle international transfers in accordance with applicable law.

We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising except where you have consented through our cookie or marketing controls. We share information only as described below:

• With Customers — when you interact with a business that uses the Services (for example, by calling, messaging, or booking with them), we share the information you submit with that business so they can serve you.
• With service providers — payment processors, banks, communications providers, AI Providers, identity-verification vendors, cloud-infrastructure providers, analytics providers, email-delivery providers, and customer-support tooling that process information on our behalf and under written contracts that limit their use of the data.
• With your authorization — integrations you connect (such as Google, calendar systems, accounting software, advertising platforms, and CRMs) may receive or send data based on the scopes you authorize.
• For legal and safety reasons — to comply with applicable laws, regulations, legal process, or governmental requests; to enforce our agreements; to protect the rights, property, or safety of Run with Jarvis, our Customers, end users, or the public; and to investigate or prevent fraud or illegal activity.
• In connection with a business transaction — in the event of a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy, personal information may be transferred to the successor or acquirer subject to commitments consistent with this Privacy Policy.

The Services rely on the following categories of third-party providers, each of whom processes personal information for limited and described purposes:

• Payments and financial services — Stripe, Inc. and its affiliates, including Stripe Connect, Stripe Treasury, Stripe Financial Connections, and the issuing banks they partner with.
• Communications providers — Twilio Inc. and its sub-processors for voice, SMS, MMS, and WhatsApp; carrier networks; and our voice-runtime providers used for AI voice agents.
• AI Providers — OpenAI, Anthropic, Deepgram, ElevenLabs, and similar providers used to deliver speech recognition, synthesis, language understanding, and reasoning.
• Cloud infrastructure providers — our hosting, database, storage, content-delivery, and observability providers, which provide the underlying compute and storage layer for the Services.
• Analytics providers — product- and marketing-analytics providers that help us understand how the Services are used and attribute marketing performance.
• Identity, fraud, and compliance providers — providers that help us verify identity, screen against sanctions lists, and detect fraud.
• Productivity and integration platforms — providers such as Google Workspace, calendar providers, accounting platforms, and email and ticketing systems that support our business operations or that you choose to connect to your account.

A more detailed sub-processor list is available on request to privacy@runwithjarvis.com.

Depending on where you live and your relationship with us, you may have the following rights regarding personal information we hold about you:

• The right to know or access the categories and specific pieces of personal information we have collected about you.
• The right to correct inaccurate personal information.
• The right to request deletion of personal information, subject to legal and regulatory retention obligations.
• The right to obtain a portable copy of personal information you have provided to us.
• The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising and the right to limit the use of certain sensitive personal information.
• The right to opt out of profiling that produces legal or similarly significant effects.
• The right to withdraw consent where processing is based on consent.
• The right to designate an authorized agent to submit a request on your behalf.
• The right to be free from retaliation for exercising any of these rights.

To exercise any of these rights, please contact us at privacy@runwithjarvis.com. We will verify your request using information already associated with your account or through additional identifiers when necessary, and we will respond within the timeframes required by applicable law. If you are an end user of one of our Customers, please direct your request to that Customer; we will assist them in responding as required.

We retain personal information for as long as necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with our legal and regulatory obligations, resolve disputes, prevent fraud and abuse, and enforce our agreements.

Retention periods vary by data type and use case. As a general matter:

• Account and configuration data is retained for the life of the account and for a reasonable period thereafter to support reactivation, accounting, and dispute resolution.
• Transaction, payout, and tax records are retained for the periods required by financial, tax, and anti-money-laundering laws (typically at least seven years).
• Call recordings, transcripts, and message contents are retained for the period configured by the relevant Customer or, in the absence of a configured period, for the period necessary to deliver the Services.
• Logs, security telemetry, and fraud-prevention signals are retained for the periods necessary to investigate incidents and to satisfy retention obligations.

When we no longer need personal information, we will delete it, anonymize it, or place it beyond further use, subject to technical limitations and backup-rotation schedules.

The Services are designed for businesses and their authorized representatives and are not directed to children under sixteen (16) years of age. We do not knowingly collect personal information from children under sixteen. If we learn that we have collected personal information from a child under sixteen without appropriate consent, we will take steps to delete the information as soon as practicable.

Parents, guardians, or others who believe a child under sixteen may have provided personal information to us should contact privacy@runwithjarvis.com.

This section supplements our Privacy Policy and applies to California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

Categories of personal information collected. In the past twelve months we have collected the following categories of personal information described in the CCPA: identifiers (such as name, email, phone, IP address); customer-record information; commercial information (such as transaction and product-usage data); internet or other electronic network activity information; geolocation data (approximate, derived from IP); audio and electronic information (such as call recordings and chat content); professional or employment-related information; inferences drawn from other categories; and sensitive personal information such as account credentials and, where required for KYC/KYB or banking purposes, government-issued identifiers and financial-account information.

Sources, purposes, and disclosures are described throughout this Privacy Policy and in the sections above on collection, use, and sharing.

Sale and sharing. We do not sell personal information for monetary consideration. We may “share” certain online identifiers with advertising and analytics partners for cross-context behavioral advertising only where you have consented through our cookie controls; you may opt out at any time using those controls or by sending a Global Privacy Control signal.

Sensitive personal information. We use sensitive personal information only for the purposes permitted by the CCPA, including to provide the Services you have requested, to verify identity, to prevent fraud, and to comply with law. We do not use or disclose sensitive personal information to infer characteristics about you for advertising purposes.

Your CCPA rights. Subject to verification, California residents may request to know, access, correct, or delete their personal information; to obtain a portable copy; to opt out of sale or sharing; and to limit the use of sensitive personal information. To submit a request, email privacy@runwithjarvis.com. You may also designate an authorized agent. We will not discriminate against you for exercising any of your CCPA rights.

This section supplements our Privacy Policy and applies to Texas residents under the Texas Data Privacy and Security Act (“TDPSA”).

Run with Jarvis collects and processes personal data about Texas residents as described in this Privacy Policy. Categories of personal data we process include identifiers, contact information, account credentials, commercial and transactional data, audio recordings, geolocation, internet and device activity, and — where you provide them in connection with payments, payouts, banking, or KYC/KYB — sensitive data such as government-issued identifiers and financial-account information.

We process personal data for the purposes described above, including to provide and operate the Services, process payments, prevent fraud, comply with law, and market our Services. We disclose personal data to the categories of recipients described in Section 16 and Section 17.

Notice regarding sale of sensitive and biometric personal data. We do not sell personal data, sensitive personal data, or biometric data. NOTICE: WE MAY SELL YOUR SENSITIVE PERSONAL DATA — this notice does not apply, as Run with Jarvis does not sell sensitive personal data. NOTICE: WE MAY SELL YOUR BIOMETRIC PERSONAL DATA — this notice does not apply, as Run with Jarvis does not sell biometric personal data.

Your Texas rights. Subject to verification, Texas residents may request to confirm whether we are processing their personal data; to access that data; to correct inaccuracies; to delete personal data; to obtain a portable copy; and to opt out of targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects. To submit a request, email privacy@runwithjarvis.com. You may appeal a denied request by replying to our response.

The Services are intended for users in the United States. If you choose to access the Services from outside the United States, you do so on your own initiative and are responsible for compliance with local laws. As described in Section 15, your information will be transferred to and processed in the United States.

Where required by applicable law, we rely on lawful cross-border transfer mechanisms (such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum) and require our processors to provide a comparable standard of protection.

We maintain a written information-security program that is informed by industry standards and frameworks appropriate to the size, scope, complexity, and sensitivity of the data we process. The program covers governance, risk management, asset management, identity and access management, encryption, secure software development, change management, vulnerability management, third-party risk management, business continuity, incident response, and personnel security.

Specific safeguards include: encryption of personal information in transit and at rest; isolation of Customer environments; least-privilege access controls enforced through role-based permissions and short-lived credentials; multi-factor authentication for personnel with access to sensitive systems; centralized logging and monitoring; secret-management infrastructure; regular dependency and vulnerability scanning; application-layer protections such as rate limiting and abuse detection; secure backup and disaster-recovery procedures; and annual review of our security program.

We require service providers that process personal information on our behalf to implement appropriate technical and organizational measures and to notify us of suspected security incidents. In the event of a confirmed security incident affecting your personal information, we will notify you and, where applicable, the relevant regulators in accordance with applicable law.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, our third-party providers, or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email, in-app notice, or other reasonable means.

Your continued use of the Services after a revised Privacy Policy becomes effective constitutes your acceptance of the revised Privacy Policy. If you do not agree with the revised Privacy Policy, you should stop using the Services and contact us to close your account.

If you have questions, comments, or requests regarding this Privacy Policy or our handling of personal information, please contact us at:

For payments-related inquiries that involve our payment processor, you may also contact Stripe directly through the contact channels published in the Stripe Privacy Policy. For communications-related inquiries, please refer to Twilio’s and WhatsApp Business’ respective privacy notices.