Effective date: 2026-06-16 Entity: Kippera LLC, a Georgia limited liability company ("Kippera," "we," "us," "our")
Kippera provides an AI-powered communications platform that answers calls, text messages, web chat, email, and social-media messages for small businesses, books appointments, sends follow-up communications, and manages customer relationships (the "Service").
We act in two different roles, and this policy distinguishes them:
kippera.com currently uses only essential cookies required for the site to function. We do not currently use analytics or advertising cookies.
We do not sell personal information, and we do not use End-User conversation content to train our own AI models.
The Service uses artificial intelligence to understand and respond to communications. Specifically:
Our AI identifies itself as an AI assistant in conversations, as required by applicable law and our policies. AI-generated responses may not always be accurate; see our Terms of Service for the associated disclaimers.
Call recordings, where enabled by a Customer, are stored securely and accessible only to authorized users. Two-party recording consent disclosures are delivered as required by applicable law.
We share information with vendors who process it on our behalf, under contract, only to provide the Service:
| Sub-processor | Purpose |
|---|---|
| Anthropic | AI language processing of conversation content |
| Twilio | Voice and SMS transport; phone-number provisioning |
| ElevenLabs | AI text-to-speech voice generation |
| Stripe | Subscription billing, payment processing, and invoicing |
| Square | Payment processing for customer deposits and invoices (where a Customer enables it) |
| PayPal | Payment processing for customer deposits and invoices, including Venmo as a PayPal-owned funding option for U.S. customers (where a Customer enables it) |
| Amazon Web Services (AWS) | Cloud hosting and storage |
| Mailgun | Inbound email processing for lead ingestion |
| Calendar sync, Business Profile posting, sign-in authentication, and advertising/conversion measurement (where a Customer connects these) | |
| Meta (Facebook / Instagram) | Unified inbox message ingestion and social posting (where a Customer connects a Facebook Page or Instagram account) |
Where a Customer connects an optional integration (such as a CRM, accounting, or calendar system), we transmit relevant data to that system at the Customer's direction. Those systems act under the Customer's control, not as our sub-processors.
What we access. When a Customer connects Google Calendar, Kippera requests the Google
Calendar events scope (https://www.googleapis.com/auth/calendar.events) and accesses
only event data on the calendar the Customer connects: event times, busy/free status, and
event titles within a rolling sync window, plus the OAuth tokens Google issues for the
connection. Kippera does not access any other Google data.
How we use it. This data is used solely to provide two-way calendar sync for that Customer: creating, updating, and cancelling appointment events the Customer's business books through Kippera, and reading events on the connected calendar so booked times are treated as unavailable and double-bookings are prevented. Google Calendar data is displayed only to the connected Customer's own account and is never used for advertising or profiling.
What we share. Google Calendar data is not sold and is not transferred to third parties — including data brokers and advertisers — except to our cloud hosting sub-processor (AWS) as necessary to store and serve it, or as required by law. Raw Google event details (such as event titles) are never sent to AI providers; only derived open/busy availability informs the appointment times the AI receptionist offers, and our AI provider (Anthropic) does not use data submitted through its API to train its models.
How it is protected. OAuth tokens are stored encrypted at rest using application-layer encryption; mirrored event details are likewise encrypted at rest. All communication with Google's APIs occurs over TLS, and access is limited to the connected Customer's own tenant.
Retention and deletion. Google Calendar data is retained only while the integration is connected, and mirrored events cover only a limited rolling window. When a Customer disconnects Google Calendar in Settings, the stored OAuth tokens and all mirrored Google event data are deleted immediately. Deleting a Kippera account (Settings → Data & Privacy) removes all remaining data under our standard deletion process. A Customer can also revoke Kippera's access at any time at myaccount.google.com/permissions.
Kippera's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Kippera does not use raw or derived Google user data — including data received from Google Workspace APIs such as Google Calendar — to develop, improve, or train generalized (non-personalized) artificial-intelligence or machine-learning models.
We may also disclose information: to comply with law or legal process; to protect rights, safety, and security; and in connection with a merger, acquisition, or sale of assets (with notice as required by law).
Where Kippera sends text messages — both on behalf of our business Customers and from Kippera's own support and account lines — it does so subject to consent and opt-out requirements:
See also the Customer's own privacy notice and the messaging disclosures presented at the point of opt-in.
We use technical and organizational measures to protect personal information, including encryption of sensitive data at rest (including phone numbers, conversation content, and stored credentials) and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
If you are a California resident, you have the right to:
To exercise these rights, contact us at [email protected]. We will verify your request as required by law. You may use an authorized agent. For data we process on behalf of a business Customer, we will route your request to that Customer.
Residents of other states with comprehensive privacy laws may have similar rights to access, correct, delete, and appeal. Contact us at [email protected] to exercise them.
The Service is directed to businesses and users in the United States. We do not currently target the EU/UK market.
The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children under 18.
For real estate Customers, Kippera's AI is built with Fair Housing guardrails. It does not characterize neighborhoods, schools, or any area by demographic, racial, religious, or other protected-class terms, and it will not answer "steering" questions about who does or doesn't live in an area or whether a neighborhood is "safe" or "good." Instead, it redirects those questions to objective third-party sources (such as public school ratings sites or crime-data portals) that the Customer can point buyers and renters to directly. Every time the AI refuses or redirects a question like this, it logs the refusal internally as compliance evidence, so Customers have a record showing the guardrail worked as intended.
We may update this policy from time to time. We will post the updated version with a new effective date and, where required, provide additional notice.
Kippera LLC 1485 Derby Ct. NE, Ranger, GA 30734 Email: [email protected]