Privacy Policy

Effective date: April 11, 2026

1. Introduction

Text Boss ("we," "us," or "our") operates an AI-powered business communication assistant available at textboss.ai. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using Text Boss, you agree to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

• Email address -- provided when you access Text Boss or purchase a subscription. Used for authentication, session management, and subscription verification.
• Subscription and billing data -- your subscription tier (Core, Pro, or Black), subscription status, billing period, and Stripe customer identifiers. Payment card details are processed and stored exclusively by Stripe; we do not store card numbers.
• Chat messages -- the messages you send to the Text Boss AI assistant during a session. These are transmitted to OpenAI for processing and are not permanently stored on our servers beyond the duration of your active session, except for conversation threads in Pro and Black tiers which are stored to maintain continuity.
• Scheduling data (Pro and Black tiers) -- availability slots, appointment details, client names, contact information, and business profile data you provide to the AI scheduling assistant.
• Push notification subscriptions (Pro and Black tiers) -- Web Push endpoint and key data required to deliver appointment reminders to your device.

3. How We Use Your Information

We use the information we collect to:

• Authenticate your identity and manage your session
• Verify your subscription status and enforce tier-based access
• Deliver the Text Boss AI communication assistant and scheduling features
• Process subscription payments through Stripe
• Send appointment reminders via Web Push notifications (if enabled)
• Maintain and improve the service

4. Third-Party Services

Text Boss relies on the following third-party services to operate:

• Stripe -- payment processing and subscription management. Stripe processes your payment information under its own privacy policy. See stripe.com/privacy.
• Supabase -- database hosting for entitlement records, scheduling data, and conversation threads. Data is stored in Supabase-managed infrastructure.
• OpenAI -- AI model provider. Chat messages are sent to OpenAI's API for processing. OpenAI's data usage policies apply to this processing. See openai.com/policies/privacy-policy.
• Netlify -- hosting and serverless function execution. See netlify.com/privacy.

5. Cookies

Text Boss uses a single HttpOnly session cookie (textboss_session) to authenticate your session after email verification. This cookie contains your email, subscription tier, and session expiration data, signed with an HMAC key. It expires after 30 days. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

6. Data Retention

• Session data -- session cookies expire after 30 days. No server-side session storage persists beyond this period.
• Entitlement records -- retained for the duration of your subscription and a reasonable period afterward for billing and dispute purposes.
• Chat messages -- Core tier messages exist only in your browser session. Pro and Black tier conversation threads are retained until you delete them or your subscription ends.
• Scheduling data -- appointment and availability data is retained for the duration of your subscription.

7. Data Security

We implement security measures including HMAC-signed session cookies with timing-safe comparison, HTTPS-only transmission, HttpOnly cookie flags to prevent client-side script access, and server-side entitlement verification on every API request. No system is perfectly secure, and we cannot guarantee absolute security of your data.

8. Your Rights

You have the right to:

• Request access to the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data, subject to legal and contractual obligations
• Cancel your subscription at any time through Stripe
• Clear your session by logging out, which removes the session cookie

To exercise any of these rights, contact us at privacy@textboss.ai.

9. Children's Privacy

Text Boss is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the "Effective date" at the top of this page. Your continued use of Text Boss after changes are posted constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or requests, contact us at privacy@textboss.ai.