What we collect, how we use it, what we don't do with it. Plain language.
The short version
We collect what's necessary to run the service.
We don't sell your data. We don't use it to train AI models.
You can request deletion at any time from the dashboard.
We keep dispatch logs to help you see what happened — you can clear them by deleting your account.
What we collect
From you (the account owner)
Email address, name, business name, slug (subdomain), industry choice.
Vendor / contact list you configure for routing.
Property / matter / client list (subjects) you configure.
Notification preferences, timezone.
Stripe customer / subscription IDs (when billing is added).
From callers using your routing page
Tenant name, phone number, and free-text description as they submit through the form.
Which property + category they selected.
Timestamps of dispatch events.
This data is logged to your account's dispatch history and used to send the routing email to your vendor. We do not aggregate it for analytics or sell it.
Automatically
IP addresses (for abuse detection; not retained beyond 30 days).
Standard server logs (HTTP requests; aggregated, not retained beyond 30 days).
Google Analytics on the marketing site (outofofficepro.com main domain) for traffic patterns. Subscriber dashboards do not have GA tracking.
How we use it
To run the routing service (dispatch emails, store config, render your subdomain page).
To send transactional emails (magic links, dispatch notifications, trial reminders).
To process billing (via Stripe; we don't store card data on our servers).
To detect abuse and enforce the Terms of Service.
What we don't do
We don't sell or rent your data to anyone.
We don't use it to train AI models.
We don't use it for unrelated marketing.
We don't share it with vendors beyond what's needed for the dispatch (the vendor sees only the ticket info you'd expect them to see — caller name, phone, issue, your contact info).
Third parties we use
Cloudflare — hosting, edge compute, DNS. They see traffic patterns and IPs.
Resend — transactional email delivery. They see email addresses and message bodies for the emails we send through them.
Stripe — billing (only when you add a card). They handle card data; we don't.
Google Analytics — marketing-site traffic analytics. Drop a do-not-track or browser-level blocker if you don't want it.
Your rights
Access. You can see your data in the dashboard. For things not visible there, email us.
Correction. Edit your config in the dashboard or email us.
Deletion. Click "Delete account" in your dashboard, or email us. We delete within 7 days; cascades to events and sessions.
Portability. Email us for a copy of your data.
EU/UK residents: same rights as above, plus GDPR rights to object and to lodge complaints with your supervisory authority.
California residents: CCPA rights to know, delete, and not be discriminated against for exercising rights.
Data retention
Dispatch event logs: kept while your account is active. Deleted on account deletion.
Magic links: 15-minute TTL, single-use.
Sessions: 30-day TTL.
Server logs: 30 days.
Slug-hold (after cancellation): 60 days, then slug returns to the pool.
Security
Data is stored in Cloudflare D1 with at-rest encryption. Connections use HTTPS. Magic-link tokens and session tokens are randomly generated; vendor-action tokens are HMAC-signed. We don't store passwords (no password auth — magic-link only).
No security is perfect. Report vulnerabilities to hi@outofofficepro.com and we'll respond within 5 business days.
Children
The service is not intended for users under 13. We don't knowingly collect data from children.
Changes
We may update this Policy. Material changes will be communicated via email. Last updated: 2026-05-10.