Skip to content
Recaptra
  • Features
  • How it works
  • Pricing
  • Start free trial

Privacy Policy

Effective Date: July 15, 2026  ·  Last Updated: July 15, 2026

This Privacy Policy explains how UpTechBiz Solutions Inc, doing business as Recaptra (“Recaptra,” “we,” “us,” or “our”), collects, uses, discloses, and protects information in connection with our website and management portal (the “Portal”), our missed-call and after-hours text/voice recovery service (the “Service”), and any related products or communications we offer.

Recaptra is a business-to-business SaaS platform. Our direct customers are appointment- and service-based businesses (“Clients,” “you,” or “your business”) across supported verticals including hair salons, barbershops, blow-dry bars, med spas, weight-loss/GLP-1 clinics, wellness clinics, dental practices, auto repair shops, home services companies, and other appointment-driven small businesses we may add over time. Our Client base is primarily U.S.-based, and we also accept and directly bill Clients based in Canada. This Policy also describes how we handle information about End Users — the customers, prospects, and callers who text or call a Client’s business and are engaged by Recaptra on the Client’s behalf.

If you do not agree with this Policy, please do not use the Portal or the Service.

Privacy at a Glance

This summary is a convenience, not a substitute for the full Policy below. Where the two differ, the full Policy controls.

What we hash, not store in plain textCaller/texter phone numbers — converted to a one-way SHA-256 hash by default.
What we never collectSocial Security numbers, full payment card/bank numbers, government ID numbers, precise geolocation, biometric data.
What we never doSell personal information. Share opt-in texting consent with third parties for their own marketing. Let the AI invent appointment availability, promise refunds, or block a request to speak with a human.
Consent is layered, not bundledConsent to a missed-call recovery text (transactional) is separate from consent to marketing/win-back messages — the second always requires its own opt-in.
Where data livesInfrastructure is U.S.-based; the company itself (UpTechBiz Solutions Inc) is incorporated in Ontario, Canada.
Health-adjacent useRecaptra is not a HIPAA covered entity/business associate and is not designed to handle Protected Health Information.
Your choicesReply STOP to any text at any time; reply HELP for assistance. See the Consent Options section for the full menu.

1. Scope and Roles

Recaptra typically acts as a service provider / data processor on behalf of our Clients with respect to End User conversation data, and as a data controller with respect to Client account, billing, and business-configuration data. Where applicable law assigns different roles or terminology, those legal definitions control over the informal descriptions in this Policy.

Each Client is independently responsible for obtaining and documenting all consents required from their own End Users, giving customers appropriate notice that an AI-assisted recovery service is in use, and complying with the laws and professional regulations applicable to their own industry. This Policy is not a substitute for a Client’s own privacy notice to their customers.

2. Information We Collect

2.1 From Clients (Businesses)

  • Account and contact information: business name, business address, industry/vertical, owner/admin name, email address, and business phone number.
  • Billing information: processed through our payment processor (Stripe); we do not store full payment card numbers on our own servers.
  • Business configuration data (“Knowledge Card”): structured facts you choose to provide — services, pricing, hours, policies, booking links, and FAQ-style answers — used to generate AI responses.
  • Portal usage data: login activity, feature usage, conversation review actions, and support communications.

2.2 From End Users (Callers and Texters)

When someone calls or texts a Client’s business and is engaged by the Service, we may collect a phone number (hashed by default), the text of the conversation (including any name, appointment preference, service interest, or issue description the End User chooses to share), outcome/classification metadata (e.g., booked/answered/qualified/escalated, timestamps, channel), and consent/opt-out status.

2.3 What We Collect vs. What We Never Collect

Data categoryCollected?Detail
Phone numberYes — hashedOne-way SHA-256 hash by default; see 2.4 for narrow exceptions
SMS/chat conversation contentYesText of the conversation, including anything the End User volunteers
Name, appointment/service interestYes, if sharedOnly what the End User provides in the conversation
Booking/outcome metadataYesOutcome tag, timestamps, channel
Social Security numberNeverAI is configured not to solicit; not a supported data field
Full payment card / bank account numberNeverBilling runs through Stripe directly; not collected via SMS/chat
Government ID numberNeverNot a supported data field
Precise/real-time geolocationNeverNot collected by the Service
Biometric dataNeverNot collected by the Service
Protected Health Information (PHI)Not solicitedSee Section 8 — may still appear if an End User volunteers it unprompted

2.4 Governed Exceptions to Hashing

A plaintext or reversible phone number field may be retained, instead of hashed, only where the End User has separately agreed to a feature that requires it — for example, a booking confirmation tied to a live number, or a Client-enabled retention/marketing feature that requires a maintained contact record under its own consent. These exceptions are access-controlled and documented internally, and do not apply to the default missed-call recovery flow.

2.5 Collected Automatically (Portal/Website)

When you visit our website or use the Portal, we may automatically collect IP address, browser/device type, pages viewed, and similar log/analytics data, typically via cookies. See Section 13.

3. How We Use Information

We use the information above to operate the Service (detecting missed calls, generating AI responses from the Client’s approved Knowledge Card, routing to a booking link or human escalation), prevent duplicate or unwanted messaging, generate Client reporting, maintain and improve platform reliability and AI quality, bill and administer subscriptions, provide Client support, comply with legal obligations, and — only with separate, explicit consent — support Client-enabled retention/marketing features.

We do not use End User conversation content to build public AI training datasets, and we do not sell End User personal information.

4. SMS, Telephone, and Automated Messaging Disclosures

The Service is fundamentally a text-messaging (and, in later product phases, voice-based) recovery tool. The applicable messaging-consent framework depends on where a given Client’s own End Users are located: U.S.-based Clients and End Users are governed primarily by the U.S. Telephone Consumer Protection Act (TCPA), CTIA messaging guidelines, and applicable state analogs; Canada-based Clients and End Users are governed primarily by Canada’s Anti-Spam Legislation (CASL). In every case:

  • Consent to text. By providing their phone number to a Client business, an End User may receive automated text messages related to that missed contact. Clients are responsible for ensuring their business practices provide a clear, compliant basis for this contact, including appropriate notice at the point their phone number is collected.
  • Opt-out. End Users may reply STOP at any time, and HELP for assistance. Opt-out status is checked and honored before every send.
  • No sharing of opt-in data for unrelated marketing. Texting origination data and consent are not shared with third parties for their own independent marketing.
  • Frequency and charges. Message frequency varies by conversation. Message and data rates may apply per the End User’s carrier plan.
  • Carrier registration. We register U.S. Client messaging campaigns with U.S. mobile carriers under A2P 10DLC rules as required.

5. How We Share Information

We do not sell End User or Client personal information. We disclose it only:

  • To service providers/subprocessors, under contract and only as needed: Twilio (SMS/voice transport), Anthropic (the AI model generating responses), Supabase (database hosting), n8n (workflow automation), and Stripe (payments).
  • To the Client whose business the End User contacted — a Client can view conversations and outcomes for their own account only; row-level security prevents cross-Client visibility.
  • For legal and safety reasons — where required by law or valid legal process, or to protect the rights, safety, or property of Recaptra, a Client, an End User, or the public.
  • In a business transfer — e.g., a merger, acquisition, or sale of assets, subject to this Policy or a materially similar successor policy.
  • As aggregated/de-identified data that no longer identifies a specific individual or business.

6. Your Consent Options

Consent under Recaptra is layered by purpose — agreeing to one type of contact does not enroll you in another.

Consent typeWhat it coversHow to withdraw
Transactional recovery SMSThe missed-call recovery text itself and the conversation that followsReply STOP at any time; suppression is applied immediately and checked before every future send
Marketing / retention SMSAny promotional or retention message, only where a Client has enabled this feature (separate, explicit opt-in — never bundled)Reply STOP, or request removal from the Client; withdrawing does not affect transactional service
Portal cookies / analyticsWebsite and Portal cookies used for login and basic analyticsAdjust or block via your browser settings (Section 13)
Client account data processingBusiness/account/billing data Recaptra processes to deliver the ServiceClose your account (Section 10); certain billing/legal records are retained per Section 10

Withdrawing consent does not retroactively make prior, already-consented contact unlawful, and withdrawing transactional consent will limit or end Recaptra’s ability to text you back after a missed call. Consent and opt-out events are timestamped and logged.

7. Data Security

We apply safeguards including one-way SHA-256 hashing of caller phone numbers by default, row-level security so each Client’s data is logically isolated, a stateless application layer with all state in a single access-controlled datastore, encrypted transport (TLS), least-privilege access controls, and audit logging of key account, consent, and opt-out events. No system is completely secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting personal information, we will notify affected Clients and, where required by law, affected individuals and/or regulators.

8. Special Notice for Health-Adjacent Verticals

Recaptra is not a covered entity or business associate under HIPAA, and the Service is not designed, warranted, or intended to store, transmit, or process Protected Health Information (PHI). The AI is configured never to provide medical diagnosis, dosing guidance, or clinical advice, and escalates any health-risk or clinically sensitive message immediately to Client staff. Clients in health-adjacent verticals are solely responsible for ensuring their own use of the Service complies with HIPAA, state health-privacy law, and their own professional obligations, and should not configure the Service to solicit detailed medical history, diagnosis information, or insurance/health-plan identifiers over SMS. No Business Associate Agreement is offered as of the effective date of this Policy.

9. Your Privacy Rights

If you are a U.S. resident: depending on your state, you may have rights to know/access, delete, or correct your personal information, to opt out of sale or sharing (we do not sell personal information or share it for cross-context behavioral advertising), and to non-discrimination for exercising these rights — consistent with frameworks including the CCPA/CPRA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), UCPA (Utah), and other applicable state statutes.

If you are a Canadian resident: you have rights of access, correction, and complaint under Canada’s federal PIPEDA, including the right to complain to the Office of the Privacy Commissioner of Canada. Residents of provinces with their own private-sector privacy statutes — notably Quebec, under Law 25 — may have additional rights.

To exercise these rights, contact us using the details in Section 15. Because Recaptra typically holds End User conversation data as a service provider on behalf of a Client, we may direct a request to the relevant Client, or fulfill it on the Client’s behalf. We will verify the requester’s identity using a method reasonable in light of the sensitivity of the data involved.

10. Data Retention

Conversation and hashed-identifier data is retained for the Client’s active subscription term plus a limited post-termination window (for account recovery, dispute resolution, and recordkeeping), then deleted or de-identified, except where longer retention is required by law. Governed plaintext contact records (Section 2.4) are retained only as long as necessary for their specific consented purpose and deleted on consent withdrawal, subject to legal retention requirements. Billing records are retained as required by tax and accounting law. A Client may request deletion of their account and associated data upon termination, subject to these exceptions.

11. Children’s Privacy

The Service is intended for adult business owners and their general adult customer base, and is not directed to children under 18. We do not knowingly collect personal information from children under 18. If we learn we have inadvertently done so, we will take reasonable steps to delete it.

12. International Users and Cross-Border Data Handling

Recaptra’s Client base is primarily U.S.-based, and we also accept and directly bill Clients based in Canada. The underlying infrastructure (database hosting, messaging transport) is currently U.S.-based for both. Because UpTechBiz Solutions Inc is incorporated and headquartered in Ontario, Canada, personal information collected through the Service is accessed, controlled, and administered from Canada regardless of which country a given Client or End User is in.

13. Cookies, Do Not Track, and Third-Party Links

Our website and Portal use cookies for authentication and basic analytics, not third-party cross-site advertising; you can control cookies through your browser (disabling them may affect Portal functionality). Our website does not currently respond to browser “Do Not Track” signals; where required by law, we will honor applicable opt-out preference signals. The Service may link to third-party booking platforms (e.g., Booksy, Vagaro, Square); Recaptra is not responsible for the privacy practices of those third parties.

14. Changes to This Policy

We may update this Policy to reflect changes in our practices, the Service, or legal requirements, posting the updated version with a new “Last Updated” date and, for material changes, providing additional notice to Clients (e.g., by email or in-Portal notice).

15. Contact Us

UpTechBiz Solutions Inc (d/b/a Recaptra)
42 Main St
Odessa, ON K0H 2H0
Canada
privacy@recaptra.com
← Back to home
Recaptra

Capture every interaction. Route the right response.

Opt-outs, consent, and message history are tracked automatically in the background — so you stay compliant without having to think about it.

  • Privacy Policy
  • Terms & Conditions

© Recaptra. All rights reserved.