Back to home

Privacy Policy

Last updated: March 6, 2026

Who We Are

Waypoint Automation ("we," "us," "our") is a sole proprietorship based in Victoria, British Columbia, Canada. We provide AI-powered missed call recovery and lead qualification services for home service contractors in the Greater Victoria area.

Contact: james@waypointautomation.com

What We Collect

When a customer contacts a business using our service, we collect and process the following information to facilitate lead qualification:

  • Phone number (from the incoming call or SMS)
  • Name, address, and service details (provided voluntarily via SMS conversation)
  • SMS message content (the text conversation between the customer and our AI assistant)
  • Call metadata (time, duration, status)
  • Photos and images sent via MMS (stored securely for service qualification and contractor review)

For contractor clients, we also collect business contact information, Twilio phone number assignments, and CRM integration credentials (encrypted at rest).

How We Use It

We use collected information solely to operate the service:

  • Qualifying and routing leads to the appropriate contractor
  • Sending SMS messages on behalf of the contractor's business
  • Providing lead details and conversation history to the contractor via our dashboard
  • Syncing qualified leads to the contractor's CRM (when integrated)
  • Monitoring system health and improving service quality

We do not sell, rent, or share personal information with third parties for marketing purposes.

AI Processing

Our service uses AI models (provided by Anthropic) to qualify leads and generate responses. SMS conversation content is sent to Anthropic's API for processing. Anthropic's commercial API terms provide that they do not train on customer data. We use pinned model versions and prompt caching to ensure consistent, predictable behavior.

When customers send photos via MMS, we use AI vision capabilities to classify the image for the contractor (e.g., identifying the type of issue visible). All visual analysis is framed as "appears to show" — the AI does not make definitive diagnoses or assessments. Photos are provided to the contractor for their professional evaluation.

The AI identifies itself as operating on behalf of the contractor's business. It does not make autonomous decisions about service delivery, pricing, or scheduling — it qualifies interest, collects contact details, and routes to the business owner.

Data Storage and Security

  • Location: All data is stored on servers in Toronto, Canada (DigitalOcean), within Canadian jurisdiction.
  • Encryption: All connections use TLS. Third-party integration tokens are encrypted at rest using AES-256-GCM. Dashboard action links are HMAC-signed and expire after 48 hours.
  • Access: Only authorized personnel (the business owner and Waypoint Automation staff) can access lead data. Dashboard access is via unique, per-tenant tokens.
  • Backups: Daily encrypted backups with 7-day retention.

Data Retention

Conversation data and lead records are retained for the duration of the contractor's active subscription, plus 90 days after cancellation to support any outstanding inquiries. After this period, data is permanently deleted.

Photos and images: Customer-submitted photos are stored in private cloud storage (Cloudflare R2, Canadian-proximate infrastructure) for a maximum of one year from the date received, after which they are automatically and permanently deleted. This retention period complies with BC PIPA requirements for information used in decision-making. Photos are only accessible to the contractor and authorized Waypoint Automation staff.

SMS message logs through Twilio are subject to Twilio's own retention policies.

Your Rights (PIPEDA / BC PIPA)

Under Canadian federal (PIPEDA) and British Columbia (PIPA) privacy legislation, you have the right to:

  • Know what personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Withdraw consent for future communications

To exercise any of these rights, contact us at james@waypointautomation.com. We will respond within 30 days.

SMS Communications (CASL)

Our service sends SMS messages in response to customer-initiated contact (missed calls or inbound texts). These transactional messages are sent on behalf of the contractor's business to facilitate the service request. Under Canada's Anti-Spam Legislation (CASL), transactional messages responding to a customer inquiry are exempt from prior consent requirements.

Customers may opt out at any time by replying STOP to any message. We honor all opt-out requests immediately.

Third-Party Services

We use the following third-party services to operate:

  • Twilio — SMS and voice communications
  • Anthropic (Claude) — AI language processing
  • Cloudflare — DNS, CDN, web hosting, and image storage (R2)
  • DigitalOcean — Server infrastructure (Toronto, Canada)
  • Jobber — CRM integration (when enabled by contractor)

Each service has its own privacy policy governing how they handle data.

Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top indicates when the most recent changes were made. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or requests:

James MacPherson
Waypoint Automation
Victoria, BC, Canada
james@waypointautomation.com