Unified Privacy Policy

1. Who We Are and What This Policy Covers

4Trades.ai LLC ("4Trades.ai," "we," "us," or "our") is an Oregon limited liability company that provides AI-powered automation and communication services to independent trades businesses.

This Privacy Policy describes how we collect, use, disclose, and protect information in connection with all of our products, services, and our website at 4trades.ai (collectively, the "Services").

This Privacy Policy applies to:

• Business customers who subscribe to our Services ("Clients")
• Individuals authorized by Clients to access our Services ("Authorized Users")
• Visitors to our website
• Prospective business customers who inquire about our Services
• Personal information we process on behalf of Clients as part of PAA, FECA, or other Services (for example, callers and customers of a Client)

Controller and Processor Roles

For Client business contacts, Authorized Users, and website visitors, 4Trades.ai generally acts as the data controller.

For information we process on behalf of a Client about the Client's callers, customers, or employees, the Client is the data controller and 4Trades.ai acts as a data processor or service provider.

1.5 Custom Agent Development and Integration Services

4Trades.ai may develop custom AI agents, integrations, or automation solutions for Clients under separate engagement agreements (such as Statements of Work, Master Services Agreements, or similar documents). These custom solutions may involve data categories, processing activities, or third-party integrations not enumerated in Sections 3.2 through 3.5 of this Policy.

For custom agent engagements:

• The Data Schedule or equivalent exhibit attached to the applicable engagement agreement governs the specific data categories collected, purposes of processing, retention periods, and subprocessors used for that engagement.
• Where the Data Schedule conflicts with or supplements this Privacy Policy, the Data Schedule controls for that specific engagement.
• This Privacy Policy continues to apply to all matters not specifically addressed in the Data Schedule, including our general commitments in Section 8 (Information We Do Not Intend to Collect or Use), Section 7 (Your Rights), and Section 10 (Security).
• Clients are responsible for providing any required notices to their End Users regarding data processing by custom agents.

1.6 Future Services and Material Changes

This Policy applies to the services listed above and any future services that are substantially similar in their data collection and processing practices. If we introduce services that involve materially different data collection, processing purposes, or categories of personal information, we will either:

• Update this Privacy Policy with appropriate notice to Clients (per Section 14), or
• Provide supplemental privacy terms specific to those services before making them available.

2. Definitions

• • "Authorized User" means a person authorized by a Client to access or administer the Services.
• • "Automation Data" means information processed through FECA on behalf of a Client, such as customer contact information from the Client's CRM, appointment and status data, message content, delivery metadata, and customer replies.
• • "Caller Data" means information processed through PAA on behalf of a Client, such as call audio, transcripts, Call Summaries, and call metadata.
• • "Call Summary" means the structured output generated from a call and delivered to a Client, which may include extracted fields such as caller name, phone number, intent, urgency, and outcomes, as well as narrative summaries.
• • "Client" means a business customer that subscribes to or uses the Services.
• • "Client Data" means information a Client or Authorized Users provide to us or connect to our Services, including configuration data, integration credentials, and information contained in Client systems that we access under an agreement.
• • "Custom Agent Data" means information processed by a custom agent or integration built for a Client, as described in the applicable engagement agreement and any Data Schedule.
• • "Data Schedule" means the exhibit or appendix attached to a custom agent engagement agreement that specifies data categories, processing purposes, retention periods, and subprocessors for that engagement.
• • "End User" means an individual whose information is processed through the Services on behalf of a Client. End Users may include callers to a Client, a Client's customers, and a Client's employees or contractors.

3. Information We Collect and Process

3.1 Information from Clients and Authorized Users

When a business signs up for or uses our Services, we may collect:

Account and Contact Information:

• Business name, address, and contact details
• Name, email address, and phone number of account administrators
• Account credentials and authentication information
• User roles and permissions

Billing Information:

• Billing contact details and invoicing information
• Payment card or bank account information (processed by our payment processor; see Section 5)
• Subscription plan and payment history

Service Configuration:

• Call routing rules, business hours, greeting preferences, escalation numbers
• Message templates, communication sequences, and integration settings

Communications:

• Support requests and correspondence
• Feedback, survey responses, and service communications
• Sales and onboarding communications

Usage and Log Data:

• IP address and general location
• Browser type and device information
• Pages visited, actions taken within our Services, and session data
• Authentication events and error logs

3.2 Caller Data (Phone Answering Agent)

When PAA answers calls for a Client, we process Caller Data on the Client's behalf. This may include:

Call Audio and Recordings:

• Live audio from inbound telephone calls routed to the Phone Answering Agent
• Audio recordings of those calls (with automated consent disclosure)

Transcripts:

• Text transcriptions generated from call audio using automated speech recognition via the OpenAI Realtime API

Call Summaries:

• Caller name (if provided)
• Callback phone number (as stated by caller)
• Caller ID / inbound phone number
• Call intent or reason for calling
• Urgency indicators (emergency escalation if # pressed)
• Callback preference (next business day vs. no rush)

Call Metadata:

• Call timestamps and duration
• Routing and delivery status
• Error events and system logs

Call recording disclosure: PAA is designed to play a call recording disclosure at the start of the call. If a caller does not wish to be recorded, they can choose not to continue the call.

Emergency routing: PAA may provide an option for callers to signal an emergency and be routed to an on-call or emergency number configured by the Client.

3.3 Automation Data (FECA)

When FECA sends communications for a Client, we process Automation Data on the Client's behalf. This may include:

Customer Contact and Job Information (from Client's CRM):

• Customer name
• Phone number, phone type (mobile, landline, unknown)
• Email address
• Service address
• CRM contact and job identifiers
• CRM status and appointment scheduling fields (appointment date and time, arrival windows, assigned estimator)

Communication Records and Delivery Metadata:

• Message content (SMS, email, and voice call scripts or prompts used for delivery)
• Delivery timestamps, delivery status, and failure reasons (carrier delivery receipts, webhook callbacks, SMTP responses)
• Retry and fallback sequencing across channels (for example, SMS then voice then email, if configured)
• Customer replies and response content (for example, confirmation responses, wrong number messages, opt-out signals)

CRM Writeback: Delivery outcomes, timestamps, and certain customer replies may be written back to the Client's CRM as configured.

Estimator or Staff Data (only if enabled by Client): FECA may process contact information for Client staff (for example, estimator name and phone number) to support delivery, escalation, or ETA workflows.

3.4 Consulting Engagement Data (GROUNDWORK)

During GROUNDWORK consulting engagements, we may access:

• CRM data, workflow configurations, and system settings as authorized by the Client
• Client business process documentation and operational information
• Team member names and roles (for training and configuration purposes)

We access Client systems only as necessary to perform the agreed-upon services and as authorized by the applicable agreement. We do not retain copies of Client system data after the engagement concludes, except for deliverables provided to the Client and internal quality assurance records that do not contain personal information.

3.5 Website Data

When you visit 4trades.ai, we may collect:

• Information you provide through contact forms (name, email, message)
• Device and browser information, IP address, and general location data
• Pages visited, time on site, and referring URLs
• Cookies and similar technologies as described in Section 9

3.6 Custom Agent Data

For custom agent or integration engagements, Custom Agent Data categories are defined in the applicable agreement and Data Schedule. Generally, Custom Agent Data may include:

End-User Inputs:

• Text, voice, or other inputs provided by End Users interacting with a custom agent
• Files, images, or documents submitted to the agent (if applicable)

Agent Outputs:

• Responses, recommendations, summaries, or other content generated by the custom agent
• Classifications, extractions, or structured data derived from End User inputs
• Actions taken or triggered by the agent (for example, system updates, notifications, API calls)

Integration Data:

• Data transmitted to or received from Client systems or third-party services connected to the custom agent
• Authentication tokens, API responses, and synchronization records

Operational Metadata:

• Interaction timestamps, session identifiers, and conversation logs
• Performance metrics, error logs, and reliability telemetry

The Data Schedule for each custom agent engagement specifies which of these categories apply, any additional categories specific to that engagement, applicable retention periods, and any engagement-specific subprocessors.

4. How We Use Information

4.1 Service Delivery

We use information to provide, maintain, and operate our Services, including:

• Phone Answering Agent: Answering calls, generating transcripts and Call Summaries, delivering summaries to Clients, and routing emergency calls
• FECA: Triggering automated messages based on CRM events, executing multi-channel delivery (SMS, voice, email), processing customer replies, and writing delivery outcomes back to Client CRMs
• GROUNDWORK: Mapping workflows, configuring Client systems, implementing automations, and delivering training
• Custom Agents: Building, deploying, and operating custom AI agents as specified in Client agreements
• Website: Responding to inquiries and providing requested information

4.2 Account Administration

• Create and manage Client accounts
• Authenticate Authorized Users
• Process payments and manage billing
• Provide customer support and troubleshoot issues

4.3 Service Improvement, Security, and Quality

• Monitor, secure, and protect our Services (fraud prevention, abuse detection, incident response)
• Maintain system reliability and performance
• Debug issues and improve service quality
• Conduct internal quality assurance, including limited human review of call interactions by authorized personnel subject to confidentiality obligations
• Generate aggregated or de-identified analytics

4.4 Communications

• Send service-related communications (administrative messages, billing notices, security alerts)
• Respond to support requests and inquiries

If we send promotional communications to business contacts, we provide opt-out mechanisms as required by applicable law.

4.5 Legal and Compliance

• Comply with applicable laws, regulations, and legal obligations
• Enforce our Terms of Service and other agreements
• Protect against fraud, abuse, and security threats

5. How We Share Information

5.1 Service Providers (Subprocessors)

We engage third-party service providers ("Subprocessors") to assist in delivering our Services. All Subprocessors are engaged under contractual terms that restrict their processing of data to service provision and require appropriate security measures.

Current Subprocessors:

A current list of Subprocessors is maintained at 4trades.ai/subprocessors. We may update Subprocessors as operational needs change and will update the list at that URL.

5.2 Delivery to Clients

• Call Summaries generated by PAA are delivered to Clients via email (and SMS if configured) immediately upon call completion.
• Automation Data delivery outcomes and customer replies are written back to Client CRMs as configured.

Once delivered, such information is under the Client's control, and the Client determines how it is stored, retained, or used.

5.3 Client-Connected Third-Party Services

If a Client connects third-party services to our platform (for example, Salesforce, Outlook, QuickBooks), we may transmit data to those services as necessary to provide the requested integration. Those third parties process information under their own terms and privacy policies.

5.4 Legal Disclosures

We may disclose information where required or permitted by law, including:

• In response to valid legal process (subpoena, court order, government request)
• To protect the rights, property, or safety of 4Trades.ai, our Clients, or others
• To enforce our agreements

Where practicable and legally permitted, we will notify the affected Client prior to disclosure of Caller Data or Automation Data.

5.5 Business Transfers

In connection with a merger, acquisition, financing, or sale of assets, information may be transferred to the acquiring or successor entity, subject to confidentiality obligations and this Privacy Policy.

5.6 No Other Sharing

We do not share personal information with third parties for purposes other than those described in this Section 5.

6. Data Retention

We retain data only as long as necessary for the purposes described in this Privacy Policy:

Upon termination of a Client's account:

• No new Caller Data or Automation Data will be collected after the effective termination date.
• Existing data will be deleted in accordance with the retention periods above.
• Call Summaries and automation delivery confirmations previously sent to Client remain in Client's possession and control.
• Client may request expedited deletion by submitting a written request, subject to technical feasibility.
• Residual copies may persist for limited periods in backups and logs before being overwritten in the ordinary course.

7. Your Rights and Choices

7.1 End Users (Callers, Client Customers, Client Employees)

If you are an End User whose information is processed through PAA, FECA, or other Services on behalf of a Client, the Client is the data controller responsible for your personal data.

4Trades.ai processes this data on behalf of our Clients. We do not independently verify End User identity or respond to data subject requests received directly from End Users. We provide Clients with tools to manage and delete records and, where applicable, assist Clients consistent with our role as a data processor.

Call recording opt-out: Callers may opt out by not continuing the call after hearing the recording disclosure played at the start of each call.

SMS opt-out: Client Customers may reply "STOP" to any SMS message to opt out of future automated messages from that Client.

7.2 Oregon Consumer Privacy Act (OCPA) Rights

If you are an Oregon resident, you may have the following rights under the Oregon Consumer Privacy Act:

4Trades.ai does not sell personal data, does not engage in targeted advertising, and does not profile individuals for decisions with legal or similarly significant effects. Therefore, opt-out rights for these activities do not change how we process your data.

Note: Because our Services are designed for business-to-business use, most interactions with 4Trades.ai occur in a commercial context. The OCPA applies to individuals acting in a non-commercial capacity. If you believe you have rights under the OCPA, please contact us at the address below.

7.3 California (CCPA/CPRA) Rights

If you are a California resident, you may have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: Opt out of sale or sharing of personal information for cross-context behavioral advertising

4Trades.ai does not sell personal information and does not share personal information for cross-context behavioral advertising.

Categories of personal information we may process:

• Identifiers (name, phone number, email address)
• Customer records / service request information
• Commercial information (transactions, invoices if enabled)
• Internet/network activity (usage logs, IP addresses)
• Audio information (call recordings if enabled)
• Geolocation information (service addresses)

7.4 Global Privacy Control (GPC) and Universal Opt-Out

Effective January 1, 2026, we honor Global Privacy Control (GPC) signals and other recognized universal opt-out mechanisms as opt-out requests for targeted advertising and sale of personal data under applicable state laws, including the OCPA and the CCPA/CPRA.

Because 4Trades.ai does not engage in targeted advertising or sale of personal data, GPC signals will be logged but will not change our processing activities.

7.5 How to Exercise Your Rights

To submit a request, contact us at:

We will respond to verified requests within 45 days. If we need additional time (up to an additional 45 days), we will notify you of the extension and the reason.

7.6 Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny services, charge different prices, or provide different quality of service based on your exercise of privacy rights.

7.7 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require: (1) written authorization from you; and (2) verification of your identity directly.

8. Information We Do Not Intend to Collect or Use

4Trades.ai commits to the following restrictions:

Sensitive Information: We do not ask for or intend to collect sensitive personal information (such as health data, government identification numbers, racial or ethnic origin, religious beliefs, or sexual orientation) through our Services. However, callers and customers may voluntarily provide such information during calls or in messages. If that occurs, such information is processed as part of the call audio, transcript, or message content in the ordinary course of providing the Services for the relevant Client. We do not extract, categorize, or separately store sensitive information, and we do not use it for any purpose other than delivering the Services.

9. Cookies and Similar Technologies

Our website may use cookies and similar technologies for:

Essential Cookies:

• Session management and authentication
• Security and fraud prevention
• Load balancing and service delivery

Analytics Cookies:

• Understanding how visitors interact with our website
• Measuring website performance
• Identifying technical issues

We do not use tracking cookies for advertising purposes or sell information collected through cookies to third parties.

Most browsers allow you to control cookies through settings. Disabling essential cookies may affect website functionality.

10. Security

4Trades.ai implements administrative, technical, and organizational safeguards designed to protect data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest
• API credentials stored encrypted (AES-256) and rotated regularly
• Least-privilege access controls and role-based restrictions for personnel
• Monitoring of system activity and security events
• Automatic log redaction of personal phone numbers except where required for service delivery
• Regular security reviews and credential rotation

No method of transmission or storage is completely secure. We cannot guarantee absolute security and shall not be liable for unauthorized access or disclosure resulting from circumstances beyond our reasonable control.

11. Artificial Intelligence and Automated Processing

11.1 AI Technologies Used

4Trades.ai uses artificial intelligence technologies in the following ways:

11.2 How We Use Data in Connection with AI

4Trades.ai uses Caller Data, Automation Data, and Custom Agent Data in connection with AI technologies as follows:

• To deliver Services to the applicable Client. We process Client data through AI systems to provide the specific services the Client has engaged (for example, transcribing calls, generating Call Summaries, delivering automated messages, and operating custom agents). This is the primary and expected use of data in connection with our AI technologies.
• To maintain, secure, and improve our platform generally. We may use data processed through the Services to monitor system reliability, debug issues, conduct quality assurance, improve prompt engineering, and enhance platform performance and security. These activities benefit 4Trades.ai's platform as a whole and are not directed at benefiting any specific other Client.

We do not use one Client's identifiable data to directly benefit another specific Client. We do not combine identifiable data from different Clients to train shared models, use insights derived from one Client's identifiable data to build or improve another Client's custom solutions, or share or cross-reference personally identifiable information across Client accounts.

We may use aggregated or de-identified data that cannot reasonably identify any individual or Client for any lawful business purpose, including general platform improvement, benchmarking, and product development.

11.3 Third-Party AI Providers

When we use third-party AI providers (currently OpenAI), we use contractual and technical controls intended to restrict use of Client data for model training and to limit retention. Third-party provider processing is also subject to the provider's applicable terms.

11.4 Probabilistic Output Disclaimer

AI and machine learning technologies are inherently probabilistic and do not produce deterministic results. AI outputs (including transcripts, Call Summaries, intent classifications, and automated messages) may be inaccurate, incomplete, or contextually inappropriate, and may differ from what a human would produce in the same circumstances.

Clients are responsible for:

• Reviewing AI outputs before taking business action
• Maintaining human-in-the-loop oversight processes
• Verifying the accuracy of captured information
• Deciding whether and how AI outputs are used

AI outputs are tools for operational assistance. They do not create any fiduciary, advisory, professional, or legal relationship between 4Trades.ai and any Client, End User, or other person.

12. Third-Party Links and Services

Our website or Services may contain links to third-party websites or integrate with third-party services (such as CRM platforms, payment processors, or communication tools). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Data Processing Addendum

The 4Trades.ai Data Processing Addendum ("DPA"), available at 4trades.ai/dpa, applies where we process personal data on behalf of Clients. The DPA is incorporated by reference into client service agreements and sets forth the parties' obligations regarding data processing, security, and compliance with applicable data protection laws.

In the event of a conflict between this Privacy Policy and the DPA regarding the processing of personal data, the DPA shall prevail.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Material changes: We will notify Clients by email to the address associated with their account at least thirty (30) days before material changes take effect. We will also update the "Last Updated" date at the top of this Policy.

Non-material changes: We may make non-material updates without advance notice.

Continued use of our Services after the effective date of any updated Policy constitutes acceptance of the revised terms.

15. Contact Information

Questions about this Privacy Policy or 4Trades.ai's data practices may be directed to:

Callers and Client Customers: Please contact the business you interacted with first regarding your information.

16. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Oregon, without regard to its conflict of laws principles. Any disputes arising under or in connection with this Policy shall be resolved in accordance with the dispute resolution provisions of the 4Trades.ai Terms of Service.