Privacy Policy

This Privacy Policy explains what information ServiceRoot collects, how we use it, and the choices you have. ServiceRoot builds and operates Beacon and Gateway. We have written this in plain language because privacy should be easy to understand.

1. Who we are

ServiceRoot LLC, a Texas limited liability company (“ServiceRoot,” “we,” or “us”), is the company responsible for the personal information described in this policy — in legal terms, the “data controller.” If you have any privacy questions, contact us using the details in the “Contact us” section below.

2. Which products this policy covers

This policy applies to all ServiceRoot products and services, including:

• Beacon — call and lead tracking, booking analytics, and dispatcher coaching;
• Gateway — website lead capture; and
• any future ServiceRoot products, unless we provide a separate privacy notice for a specific product.

It also covers our websites and any communication you have with us.

3. Information we collect

We collect a few different kinds of information.

Account information

When you or your business sign up, we collect details such as name, email address, business name, role, and login credentials. If you subscribe to a paid plan, payments are processed by Stripe. Stripe collects and stores your full payment details; ServiceRoot itself stores only your Stripe customer identifier, your subscription status, and the last four digits of your payment method. We never receive or store full card numbers, security codes (CVV), or bank account details.

Information from tools you connect

When you connect a third-party tool to Beacon, we read information from that tool to provide the service. This includes:

• from Jobber: job, client, request, and quote records;
• from Dialpad: call records, call metadata, and call recordings (which we transcribe into text); and
• from other call, lead, or CRM tools you connect in the future: similar job, contact, and call information.

Customer information captured on your behalf

Beacon and Gateway collect information about your customers and prospective customers so we can provide our service to you. For example, Gateway captures leads submitted through your website — typically a name, phone number, email address, and message — and Beacon stores call and lead records that include your customers’ contact details. This information belongs to your business; we process it on your behalf.

Usage and device information

Like most online services, we automatically collect basic technical information when you use our products — for example, IP address, browser type, pages viewed, and actions taken — so we can keep the service secure and understand how it is used.

4. How we use information

We use information to:

• provide, operate, and maintain our products;
• set up and run the integrations you connect;
• generate the analytics, scores, and coaching insights that are the point of Beacon;
• transcribe call recordings so calls can be reviewed and scored;
• analyze call transcripts using artificial intelligence to generate dispatcher coaching insights;
• communicate with you about your account, support requests, and service updates;
• handle billing and subscriptions;
• keep our services secure, prevent abuse, and meet legal obligations; and
• improve our products and develop new features.

Our use of AI

Beacon uses artificial intelligence — specifically Anthropic’s Claude, accessed through Anthropic’s API — to analyze call transcripts and produce dispatcher coaching insights. We want to be clear about what this does and does not mean:

• Your customer data, call recordings, and call transcripts are not used to train or fine-tune any AI or machine-learning model— not ServiceRoot’s, and not Anthropic’s.
• Anthropic does not train its models on data submitted through its API. We send transcripts to Anthropic only to generate the coaching insights you see in Beacon.
• AI output is informational — it supports your decisions and does not replace your judgment.

5. Third-party integrations — what we access and why

When you connect a third-party account, you are authorizing ServiceRoot to access it on your behalf. We want to be specific about this:

• Jobber. When you connect your Jobber account, Beacon reads your job, client, request, and quote data. We use it to match completed jobs back to the calls and leads that produced them, so we can show you which calls and leads turned into booked work.
• Dialpad. When you connect Dialpad, Beacon reads your call records and recordings. We transcribe recordings into text and use them to score calls and coach your dispatchers.
• Other CRMs and phone systems. As you connect additional tools (such as ServiceTitan, Housecall Pro, or Workiz), we read similar job and call information for the same purposes.

All of our integrations are read-only: Beacon reads data from the tools you connect and never writes, changes, or deletes data in them. This applies to every integration we offer today and to integrations we add in the future.

We use this information only to provide dispatcher coaching and booking analytics to your business. We do not sell it. We do not share it with anyone other than the service providers that help us run our products (described in the next section) and the integrations you yourself choose to connect. You can disconnect any integration at any time from your settings.

6. How we share information

We do not sell your information or your customers’ information. We share it only in these limited situations:

• Service providers (sub-processors). We use trusted companies to help run our products. They may process information only to perform services for us and under confidentiality obligations. Our current sub-processors are:
  • Supabase — database and hosting (United States region);
  • Vercel — application hosting;
  • Deepgram — transcription of call recordings into text;
  • Anthropic — AI analysis of call transcripts (see “Our use of AI” above);
  • Stripe — payment processing;
  • QStash / Upstash — background job processing.
• Integrations you connect. Information flows to and from the third-party tools you choose to connect, as described above.
• Legal and safety reasons. We may disclose information if the law requires it, or to protect the rights, safety, or property of ServiceRoot, our users, or the public.
• Business transfers. If ServiceRoot is involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction. We will give notice if that happens.

7. Where your data is stored and how we protect it

Your information is stored in the United States using Supabase, our database and hosting provider. We protect it with measures including:

• encryption of data at rest;
• encryption of data in transit (HTTPS);
• row-level security, which technically enforces that each business can only access its own data and cannot see another business’s records; and
• restricted internal access, limited to what is needed to operate and support the service.

No system is perfectly secure, but we take security seriously and work to protect your information.

8. How long we keep information

While your account is active, we keep your information for as long as we need it to provide the service. When your account is closed, we handle it on this schedule:

• we retain your information for 30 days after cancellation, in case you choose to reactivate;
• after that, we permanently delete it within an additional 60 days — within 90 days of termination in total; and
• residual copies may remain in our encrypted backups for up to 180 days from termination, after which they are overwritten.

During the first 30 days after cancellation you may contact us to request an export of your information. We keep information longer only where the law requires it, for example for tax or accounting records. This schedule matches Section 12 of our Terms of Service.

9. Your rights and choices

Depending on where you live, you may have rights over your personal information, such as the right to access it, correct it, delete it, or receive a copy in a portable format.

• If you have a ServiceRoot account, you can view and update much of your information directly in the product.
• For other requests — including access, deletion, or a data export — contact us using the details below, and we will respond as the law requires.
• A note on customer data.Much of the information in our products is your customers’ personal information, which we hold on your behalf. If one of your customers asks us to access or delete their information, we will generally direct that request to your business, since you decide how that information is used. For business customers that need one, a Data Processing Agreement (DPA) is available on request — contact legal@serviceroot.io.

Your rights depend in part on where you live. California residents have rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA — including the right to know what personal information we collect and how we use it, to request its deletion, and to request its correction. We do not sell personal information, and we do not share it for cross-context behavioral advertising. Residents of certain other US states may have similar rights under their own state privacy laws. Residents of the European Union and the United Kingdom may have rights under their local data protection laws. To exercise any of these rights, contact us at privacy@serviceroot.io, and we will respond as the law requires.

10. Cookies and tracking

We keep cookies and tracking to a minimum. We use:

• essential cookies needed to sign you in and keep your session secure; and
• limited product analytics, provided by PostHog, that help us understand how the service is used so we can improve it.

We do not use third-party advertising cookies, and we do not track you across other websites. Where required, we show a cookie consent banner to visitors in the European Union and the United Kingdom so they can make choices about non-essential cookies. Most browsers also let you control or remove cookies, though disabling essential cookies may stop the service from working.

11. Children’s privacy

ServiceRoot is a service for businesses. Our products are not directed to children or to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has provided us with personal information, contact us and we will delete it.

12. International users

ServiceRoot is based in the United States, and our services are hosted in the United States. If you access our products from outside the United States, you understand that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

Our intended audience is US-based businesses. If you are located in the European Union or the United Kingdom and believe we hold personal information about you, you may contact us at privacy@serviceroot.io to exercise your rights, and we will respond as applicable law requires.

13. Changes to this policy

We may update this Privacy Policy as our products and the law change. If we make a significant change, we will update the “Last updated” date at the top and take reasonable steps to notify you, such as an email or an in-product notice. We encourage you to review this page from time to time.

14. Contact us

If you have questions or requests about your privacy, contact us at privacy@serviceroot.io, or by mail at ServiceRoot LLC, Dallas, TX. For questions about our legal agreements, including a Data Processing Agreement, contact legal@serviceroot.io.