← Back to Home

Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how Nextwave Automations (“we,” “us,” “our”) handles information collected through VoiceDesk, our AI voice receptionist platform. By using VoiceDesk, you agree to the practices outlined here.

Information We Collect

We collect information necessary to operate VoiceDesk on your behalf:

  • Google Calendar data — calendar availability and event details, accessed through the Google Calendar API with your explicit authorization.
  • Call recordings — audio recordings and transcripts of calls handled by VoiceDesk for your business.
  • Caller contact information — names, phone numbers, email addresses, and mailing addresses provided by callers during conversations.
  • Appointment details — dates, times, service types, and notes associated with bookings made through VoiceDesk.
  • Account information — your name, email, organization name, and credentials managed through Clerk.
  • Billing information — payment details processed through Stripe. We do not store credit card numbers on our servers.

How We Use Your Information

  • Booking appointments by checking calendar availability and creating, modifying, or canceling events.
  • Sending appointment confirmations, reminders, and follow-ups via email and SMS.
  • Processing inbound calls and routing them according to your configuration.
  • Improving AI call quality through analysis of call interactions.
  • Processing payments and managing subscriptions.
  • Sending service updates, security notices, and support responses.

Google API Usage

Data Accessed

VoiceDesk requests access to your Google Calendar through the following OAuth scopes:

  • google.com/auth/calendar.events — to read, create, modify, and delete calendar events on your behalf when callers book, reschedule, or cancel appointments.
  • google.com/auth/calendar.readonly — to read your calendar availability so VoiceDesk can offer open time slots to callers.

We do not request access to Gmail, Google Drive, Google Contacts, or any other Google service. Only Google Calendar data is accessed.

How Google Data Is Used

Google Calendar data is used exclusively to check your availability and to create, modify, or cancel appointments on behalf of your business. When a caller requests an appointment, VoiceDesk reads your calendar to identify open slots, then creates a new event with the caller's details (name, phone, service type, notes). VoiceDesk does not use Google data for advertising, analytics unrelated to appointment scheduling, or any purpose other than operating the receptionist service you have configured.

Data Sharing

Google Calendar data is not sold, rented, or shared with third parties for their own purposes. Calendar data may pass through the following service providers solely to operate VoiceDesk:

  • Amazon Web Services (AWS) — database hosting where appointment records (derived from calendar events) are stored.
  • Vercel — application hosting where the VoiceDesk backend processes calendar API requests.

No other third party receives access to your Google Calendar data.

Data Storage and Protection

Google OAuth tokens are stored encrypted in our PostgreSQL database on AWS RDS (encryption at rest via AES-256). Tokens are used only to authenticate calendar API requests. All communication with Google APIs occurs over HTTPS/TLS. Access to stored tokens is restricted to the VoiceDesk backend application through role-based access controls.

Data Retention and Deletion

Google OAuth tokens are retained for the duration of your subscription and are deleted within 30 days of account cancellation. You may revoke VoiceDesk's access to your Google Calendar at any time through your Google Account permissions page. When access is revoked, VoiceDesk will no longer be able to read or modify your calendar. Stored tokens become invalid immediately upon revocation and are purged from our database within 24 hours. Appointment records previously created from calendar data are retained per our standard data retention policy below.

Limited Use Disclosure

VoiceDesk's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google data to provide and improve the calendar scheduling features of VoiceDesk.
  • We do not transfer Google data to third parties except as necessary to operate the service, as required by law, or with your explicit consent.
  • We do not use Google data for serving advertisements.
  • Human review of Google data occurs only with your consent, for security purposes, or to comply with applicable law.

SMS and Messaging

VoiceDesk sends transactional SMS messages on behalf of the businesses that use our platform. These messages are related to appointments and service interactions only.

Types of Messages

  • Appointment confirmations — sent after a caller books an appointment via phone.
  • Appointment follow-ups — sent after a scheduled service appointment.

We do not send marketing, promotional, or advertising messages. All SMS messages are transactional and directly related to appointments the caller has initiated.

Consent and Opt-In

Callers consent to receive SMS notifications when they voluntarily call a VoiceDesk-powered business and verbally confirm an appointment with our AI receptionist. No unsolicited messages are sent. Only callers who actively book an appointment receive SMS notifications.

Opt-Out

You may opt out of SMS messages at any time by replying STOP to any message. You may also request opt-out by calling the business directly or contacting us at nathan.j.wafer@icloud.com. For help, reply HELP to any message.

Message Frequency and Rates

Message frequency varies based on appointment activity. Typically, callers receive 1–2 messages per appointment. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Amazon Web Services (AWS) RDS with encryption at rest. All data in transit is protected with TLS encryption. Access is restricted through role-based controls and regular security reviews.

Data Retention

Call recordings are retained for 90 days by default. This period is configurable in your account settings. Account and appointment data is retained for the duration of your subscription. Upon account deletion, all data is removed within 30 days except where retention is required by law.

Third-Party Services

VoiceDesk relies on the following services:

  • VAPI — voice AI infrastructure for call processing.
  • Google Calendar API — scheduling and availability management.
  • Resend — transactional email delivery.
  • Stripe — payment processing and subscription management.
  • Clerk — authentication and session management.
  • Twilio — SMS delivery for appointment confirmations and notifications.

Each service operates under its own privacy policy. We share only the minimum data necessary for each service to perform its function.

Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate personal data.
  • Deletion — request deletion of your personal data, subject to legal retention obligations. To request deletion of all your data, email us at the address below.
  • Data portability — request your data in a structured, machine-readable format.
  • Revoke consent — revoke Google Calendar access at any time through your Google Account settings.

Contact

For questions about this Privacy Policy or to exercise your data rights, reach us at nathan.j.wafer@icloud.com.