Privacy Policy

Last Updated: March 29, 2026

Patch ("we", "us", "our") operates the website https://getpatch.app and the Patch application at https://dashboard.getpatch.app. This Privacy Policy describes how we collect, use, and protect your information.

1. Information We Collect

1.1 Account Information

When you create a Patch account, we collect your email address for authentication purposes. Authentication is handled via Supabase Auth using magic link email.

1.2 Call Data

Patch provisions local tracking phone numbers through Twilio on your behalf. When calls are made to your tracking numbers, Twilio records the calls and Patch processes the recordings to classify call outcomes. We collect and store:

  • Call metadata (timestamp, duration, direction, caller phone number)
  • Call disposition (the classified outcome, e.g., "booked", "missed call", "spam")
  • Customer status classification (new, existing, or not established)
  • A short, sanitized evidence snippet (1–2 lines) that justifies the classification
  • Tracking number association

1.3 What We Do NOT Store

Patch does not store full call transcripts, full call recordings, or raw audio files. Call audio is processed ephemerally in memory — it is transcribed, classified, and immediately discarded. Only the metadata, disposition, and short evidence snippet described above are retained.

This is an architectural commitment, not a policy preference. Patch is designed so that full transcripts never exist in persistent storage.

1.4 Sensitive Data Handling

Before any AI processing, call content is automatically sanitized. Credit card numbers, CVV codes, and expiry dates are replaced with placeholders (e.g., {{CARD}}, {{CVV}}, {{EXPIRY}}) before the content reaches the classification engine.

1.5 Billing Information

Payment processing is handled entirely by Stripe. Patch does not store credit card numbers or payment credentials. We receive subscription status and billing metadata from Stripe.

1.6 Google Ads Data

If you use the Google Ads Enhanced Conversions feature, Patch exports caller phone numbers in raw E.164 format to Google via CSV. Google handles hashing and matching on their end. This data is shared with Google only when you explicitly initiate an export.

2. How We Use Your Information

We use the information we collect to:

  • Provide call outcome classification services
  • Display call outcomes, metrics, and conversion data on your dashboard
  • Process billing and manage your subscription
  • Improve classification accuracy
  • Communicate with you about your account

We do not use your call data to train AI models. Call content is processed ephemerally and discarded.

3. Transcript Handling

Patch's transcript lifecycle is: record → transcribe → sanitize → classify → discard.

Transcripts are:

  • Processed in memory only
  • Never written to database tables
  • Never logged in full (raw or sanitized)
  • Never cached, indexed, or made searchable
  • Never exportable

Because transcripts are never stored, transcript retrieval or deletion requests do not apply.

4. Data Storage and Security

Your data is stored on secure managed infrastructure (Supabase Cloud). We implement the following protections:

  • API keys and credentials are stored server-side only, never exposed to browsers
  • Row-level security (RLS) enforces data isolation between accounts
  • All webhook endpoints enforce signature or token validation
  • Internal functions are secured with dedicated authentication tokens

5. Third-Party Services

Patch uses the following third-party services:

  • Supabase — Database, authentication, and serverless functions
  • Twilio — Phone number provisioning, call routing, and call recording
  • Stripe — Payment processing and subscription management
  • OpenAI — AI classification of call outcomes (ephemeral processing only)

These services have their own privacy policies and data handling practices.

6. Data Sharing

We do not sell, rent, or share your personal information or call data with third parties for marketing purposes.

We may share data only:

  • With service providers listed above, as necessary to operate Patch
  • When you explicitly export data (e.g., Google Ads Enhanced Conversions CSV)
  • When required by law or legal process

7. Your Data Rights

You have the right to:

  • Access your account data and call classifications
  • Request deletion of your account and associated data
  • Export your call outcome data

Note: Because Patch never stores full transcripts, transcript retrieval or deletion rights do not apply — there is nothing to retrieve or delete.

To exercise your rights, contact support@getpatch.app.

8. Cookies and Tracking

The Patch application uses minimal cookies required for authentication. We use Rybbit analytics for basic usage tracking. We do not use advertising cookies or third-party tracking pixels within the Patch application.

x9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the application or sending an email to your registered address.

10. Contact

For privacy-related questions or concerns, contact us at support@getpatch.app.