Privacy Policy
Last updated: April 28, 2026
Outpush AI ("we," "our," or "us") operates the Outpush AI Studio platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — used for account identification, login, and communication
- Display name / username — chosen by you for identification within the platform
- Password — stored only as a cryptographic hash; we never store or have access to your plaintext password
1.2 OAuth / Single Sign-On
If you sign in via Google, GitHub, or Discord, we receive limited profile information from that provider:
- Your email address
- Your display name
- Your profile picture URL
- A provider-specific user identifier
We do not receive or store your password from any OAuth provider. We request only the minimum scopes necessary for authentication.
1.3 Payment Information
Payments are processed entirely by Stripe, Inc. We do not collect, store, or have access to your credit card numbers, bank account details, or other financial instruments. We retain only:
- Your Stripe customer ID and subscription ID (for managing your subscription)
- Your selected plan and credit balance
1.4 Content You Provide
When using our AI generation tools, you may provide:
- Text prompts — for chat, image generation, voice synthesis, or video creation
- Uploaded images — for image editing or image-to-video/3D generation
- Persona data — including names, personality descriptions, writing samples, and voice samples for our digital persona features
1.5 Automatically Collected Information
We automatically collect certain technical information:
- IP address — used for rate limiting, security, and abuse prevention
- Session cookies — essential cookies to maintain your login session
- User agent string — recorded in security audit logs
We do not use tracking cookies, analytics services, advertising pixels, or browser fingerprinting.
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and authentication | Email, display name, password hash | Contract performance |
| AI content generation | Prompts, uploaded images | Contract performance |
| Subscription and billing management | Stripe IDs, plan, credits | Contract performance |
| Security and abuse prevention | IP address, rate limit counters | Legitimate interest |
| Audit logging | User ID, action, IP, user agent | Legitimate interest |
| Persona features and digital legacy | Persona data, writing/voice samples | Explicit consent |
3. Data Storage and Retention
3.1 Where Data Is Stored
All data is stored on our dedicated servers. AI processing occurs entirely on our own hardware — your prompts and generated content are never sent to third-party AI providers.
3.2 Generated Content
AI-generated outputs (images, audio, video, 3D models) are stored temporarily for delivery to you and are automatically deleted within minutes of generation. We do not retain copies of generated content for training, analytics, or any other purpose.
3.3 Account Data
Account data is retained for as long as your account is active. If you request account deletion, your account is deactivated and personal data is removed from active systems. Audit logs may be retained for security and compliance purposes.
3.4 Persona Data
Writing samples, voice samples, and persona configurations are stored for as long as you maintain them. You may delete persona data at any time through the platform.
4. Third-Party Services
We use the following third-party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription metadata |
| Cloudflare Turnstile | Bot protection | IP address, browser challenge data |
| Google OAuth | Optional sign-in | Authentication tokens (if you choose to use Google sign-in) |
| GitHub OAuth | Optional sign-in | Authentication tokens (if you choose to use GitHub sign-in) |
| Discord OAuth | Optional sign-in | Authentication tokens (if you choose to use Discord sign-in) |
We do not sell, rent, or share your personal information with advertisers or data brokers. We do not send your prompts or generated content to any third-party model providers — all AI inference runs on our own hardware.
5. Cookies
We use only essential session cookies required for authentication and maintaining your login state. These cookies:
- Are marked
HttpOnly(not accessible to JavaScript) - Use
SameSite=Laxfor CSRF protection - Are marked
Securein production (HTTPS only) - Do not track you across websites
We do not use analytics cookies, advertising cookies, or any form of cross-site tracking.
6. Data Security
We implement the following security measures to protect your data:
- Passwords stored as cryptographic hashes (never plaintext)
- API keys stored as SHA-256 hashes
- HTTPS encryption for all data in transit (production)
- Security headers including HSTS, X-Frame-Options, and Content-Type-Options
- Rate limiting to prevent abuse
- Sensitive file paths blocked from public access
- Cloudflare Turnstile to prevent automated attacks
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data
- Deletion — request deletion of your personal data and account
- Portability — request your data in a portable format
- Objection — object to processing based on legitimate interests
- Withdrawal of consent — withdraw consent for persona and legacy features at any time
To exercise any of these rights, contact us at the email address listed below.
7.5 Voice & SMS Data (Outpush Voice)
Outpush Voice is our AI receptionist product for small home-services businesses. When a customer of yours calls your business line, our service processes their call and sends you SMS notifications about what was said. This section explains how that data is handled.
What we collect from inbound callers
- Phone number — the calling number, captured automatically by the telephony layer
- Conversation transcript — what was said during the call, transcribed via our speech-to-text provider
- Extracted lead details — caller name, service address, request summary, and urgency, derived from the transcript
- Call audio recording — when the assistant configuration enables recording (off by default; controlled per business)
- Call metadata — start/end timestamps, duration, AI cost
These records are associated with the receiving business's account and are accessible only to that business's authorized account members and to Outpush AI personnel for support and operational purposes.
What we collect from business owners receiving SMS
- Mobile phone number — provided at signup for lead notifications
- SMS opt-in timestamp and consent text — recorded when the consent checkbox is submitted
- SMS delivery status — sent / delivered / failed, retained for 12 months for operational and compliance purposes
- Reply keywords — STOP, HELP, START, YES — logged for subscription management and to trigger callback bridges
Service providers (sub-processors)
We use the following providers to deliver Outpush Voice. Each receives only the data it needs to perform its function:
- Vapi — voice orchestration, transcription, and real-time conversation. Receives caller phone, audio, and transcript.
- Twilio — SMS delivery and inbound telephony trunk. Receives the business owner's phone number, SMS message content, and inbound call routing data.
- OpenAI — large language model inference for transcript-to-fields extraction. Receives transcript text only; does not receive owner phone numbers or other PII outside the transcript.
- ElevenLabs / Deepgram — speech synthesis and recognition. Receive only the audio stream during the call.
Retention
- Call transcripts and lead records: retained for the lifetime of your account, then deleted within 30 days of account closure
- Call audio recordings: retained for 90 days, then deleted unless the business explicitly opts to retain longer
- SMS delivery logs: retained for 12 months
- SMS consent records: retained for the lifetime of the account plus 4 years (consistent with TCPA recordkeeping recommendations)
What we do not do with voice & SMS data
- We do not sell or rent caller phone numbers, owner phone numbers, or any voice/SMS data to third parties
- We do not use call content for training general AI models. Aggregate, anonymized usage statistics may be used to improve our service.
- We do not send SMS to the inbound callers (the people calling your business). SMS notifications go only to opted-in business owners.
- We do not enroll any phone number in SMS notifications without affirmative consent via the signup checkbox described at outpush.ai/sms-consent
Caller disclosure
When the AI receptionist answers a call on behalf of a business, it identifies itself as an automated assistant. This satisfies disclosure requirements in jurisdictions where two-party consent for call recording is required, in conjunction with appropriate disclosures from the business. Business owners are responsible for compliance with state-level call recording laws applicable to their jurisdiction, including any additional disclosure or consent requirements beyond what the AI provides.
8. Children's Privacy
Our services are not directed to individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.
9. International Data Transfers
Our servers are located in the United States. If you access our services from outside the United States, your information may be transferred to and processed in the United States. By using our services, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the platform after changes constitutes acceptance of the updated policy.
11. Contact
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Outpush AI
Email: [email protected]