In short.BuyBackHours is a small consulting practice. We collect what we need to run an assessment for you, deliver your roadmap, and follow up about your business — nothing more. We don't sell your data, we don't share it for advertising, and we don't keep it longer than necessary. If you want your data deleted, we'll delete it.
This page is the long version of that promise.
Who we are
This privacy policy applies to Casa Thebeau LLC, doing business as BuyBackHours.AI(referred to as “BuyBackHours,” “we,” “us,” or “our”), reachable at:
- Email: reply@buybackhours.com
- Privacy questions: privacy@buybackhours.com
- Mailing address: 1065 SW 8th St #1855, Miami, FL 33130
We operate buybackhours.com and buybackhours.ai (the “Site”) and provide AI-assisted diagnostic and consulting services (the “Service”). This policy explains how we handle your information when you use the Site or the Service.
What this policy covers
This policy covers personal information we collect from:
- Visitors to buybackhours.com and buybackhours.ai
- People who take our diagnostic quiz
- People who book a paid assessment
- People who speak with our AI intake specialist during an assessment call
- People who call our published phone number
- People who reply to our emails or text messages
It does not cover third-party websites that we link to, or services you sign up for separately (for example, the tools our roadmap recommends — once you sign up with those vendors, their privacy policies apply).
The information we collect
From visiting the Site
- Server logs. Standard technical information from your browser when you load a page: IP address, user agent (browser type and version), referrer URL, timestamp. Used to keep the site secure and diagnose problems. Stored by our hosting provider (Vercel) and rotated on their standard schedule.
- Cookies. We use only essential cookies necessary to run the Site (for example, to remember your quiz progress within a session). We do not use third-party tracking, advertising, or analytics cookies as of the effective date above.
From taking the diagnostic quiz
- Name and email address (collected at the end of the quiz so we can send your action plan).
- Your quiz answers — the seven multiple-choice responses and the four-option archetype scoring derived from them. Used to send you the right archetype-specific action plan and to inform any conversation we have with you afterward.
- The archetype assigned to you (Skeptic / Overwhelmed / Delegator / Operator-Architect).
From booking a paid assessment
- Phone number. Required at booking so we can text you the call link and reminders. Format E.164 normalized for SMS delivery.
- Calendar selection. The date and time you booked.
- Payment information.Processed directly by Stripe through Cal.com's payment flow — we never see or store your card number, expiration date, CVV, or full billing details. We receive only a receipt confirmation and the last four digits of the card (for our records, in case of a refund request).
From the assessment call itself
- Your voice and the content of what you say.The 45-minute assessment is conducted by an AI voice agent we call “Sunny.” Sunny is operated for us by Retell (retellai.com) and uses ElevenLabs voice technology and underlying large language models to converse with you.
- A full transcript of the conversation, generated by Retell from the audio.
- Standard call metadata: duration, start and end timestamps, disconnection reason, audio quality indicators.
- The business operational information you choose to share during the conversation. This typically includes information about your workflows, the tools you currently use, your team structure, and where time is leaking in your business. Sunny is designed to ask only about your own business — please avoid sharing personal data about your employees, clients, or third parties beyond what's strictly necessary to describe a workflow.
Call recording disclosure: Sunny states at the start of every call that the conversation is recorded and transcribed for the purpose of preparing your roadmap. By staying on the line after this disclosure, you consent to the recording. Florida is a two-party consent jurisdiction; this notice and your continued participation constitute your consent under Florida law (Fla. Stat. § 934.03). If you do not consent, you may end the call at any time and we will refund your assessment fee in full.
From inbound phone calls or text messages
- The phone number you called from or texted from.
- Standard telecommunications metadata (call duration, message timestamps).
- For inbound voice calls to our assessment number: a transcript of the conversation, as above.
From email correspondence
- The contents of any email you send us, plus your email address and any other information you choose to include.
Why we collect this information and what we do with it
We use your information only for the purposes below. We do not use it for any other purpose without your additional consent.
| Information | Purpose | Legal basis |
|---|---|---|
| Name + email from quiz | Send your archetype-specific action plan and follow-up emails | Consent + legitimate interest |
| Quiz answers | Tailor your action plan and our conversations with you | Consent |
| Phone number from booking | SMS reminders, call link, post-call follow-up | Performance of the contract |
| Calendar slot | Schedule your assessment and create the calendar event | Performance of the contract |
| Payment confirmation from Stripe | Confirm payment, issue refunds if needed | Contract + tax recordkeeping |
| Assessment call transcript | Write your roadmap; deliver the service you paid for | Performance of the contract |
| Business operational info from the call | Identify time-leakage and write specific recommendations | Performance of the contract |
| Email correspondence | Respond to you and continue our working relationship | Legitimate interest |
| Server logs | Site security, troubleshooting | Legitimate interest |
We do not use your information to:
- Sell to third parties for marketing
- Train external AI models outside the immediate task of writing your roadmap
- Target advertising at you or others
- Profile you for purposes beyond delivering the service you paid for
Who we share information with
We share information only with the service providers below, and only as needed for them to perform their function in our service delivery. We have data processing agreements (or their equivalents) with each.
| Provider | What they receive | What they do with it |
|---|---|---|
| Vercel | Server logs from your visits | Host the Site, maintain uptime |
| Cal.com | Name, email, phone, calendar selection, payment confirmation | Booking and payment flow |
| Stripe | Card details (collected directly by Stripe; we never see them) | Process the $1,000 assessment payment |
| Retell | Phone number, call audio, transcript | Operate the AI voice agent that conducts your assessment |
| ElevenLabs | Real-time text-to-speech of Sunny's responses | Generate the voice you hear on the call |
| Anthropic and/or OpenAI | The text content of the conversation as it happens | Power the language model Sunny uses |
| Twilio | Phone number, content of SMS we send you | Deliver SMS reminders and notifications |
| Loops | Name, email, archetype, account events | Send marketing and transactional emails |
| Pipedrive | Name, email, phone, archetype, transcripts, deal stage | Track the assessment from booking to delivery |
| Google (via Cal.com) | The calendar event for your booking | Sync the booking to our calendar |
| iPostal1 | Our business mailing address only; not your personal data | Receive postal mail addressed to our business |
We may also disclose information if we are required to by law, court order, or government request, or to protect the safety of any person. We will resist overbroad requests and notify you where legally permitted to do so.
We do not sell or rent your personal information to anyone for any purpose.
Where your information is stored
Most of the providers above are based in the United States. Some (Retell, Anthropic, OpenAI, Vercel) may process or store data in other countries as part of their standard operations. Where your data leaves your country of residence — particularly for EU/EEA residents — we rely on standard contractual clauses or equivalent protections offered by each provider.
How long we keep your information
| Information | Retention |
|---|---|
| Quiz responses + archetype | Indefinitely while you remain in our system; deleted on request |
| Email address + name | Indefinitely while you remain subscribed; you can unsubscribe at any time |
| Phone number | 12 months after your last booking, or sooner on request |
| Assessment call transcript | 2 years from the call date, unless you request a longer retention |
| Audio recording of the call | 90 days, then automatically deleted by Retell |
| Payment records | 7 years (U.S. tax recordkeeping) |
| Server logs | 30 days, per Vercel defaults |
You can ask us to delete any of the above at any time, subject to legal-recordkeeping obligations for payment records.
Your rights
Depending on where you live, you may have some or all of the following rights:
- Access — Ask for a copy of the personal information we hold about you.
- Correction— Ask us to fix anything that's wrong.
- Deletion — Ask us to delete your information. We will, subject to legal-recordkeeping obligations (most commonly, payment records we must keep for tax purposes).
- Portability — Ask for your information in a structured, machine-readable format that you can move elsewhere.
- Opt-out of marketing emails— Click “unsubscribe” at the bottom of any email, or email reply@buybackhours.com.
- Object to processing — For EU/EEA residents, you may object to certain processing under GDPR.
- No sale, no share — California residents have the right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. There is nothing to opt out of.
To exercise any of these rights, email privacy@buybackhours.com. We will respond within 30 days (or sooner if local law requires).
We will not discriminate against you for exercising any of these rights.
Security
We rely on the security practices of the service providers listed above (each of which maintains industry-standard security controls including encryption at rest, encryption in transit, and access controls). We use unique strong passwords and two-factor authentication on our administrative accounts. We rotate API keys periodically and restrict access to production systems to a small number of authorized individuals.
No system is ever 100% secure. If we become aware of a data breach affecting your information, we will notify you and any required regulators within the timeframes required by applicable law.
Children's information
The Service is not directed to children under the age of 16. We do not knowingly collect information from anyone under 16. If you believe we have inadvertently collected information from a child under 16, please email privacy@buybackhours.com and we will delete it.
Do Not Track
Some browsers send a “Do Not Track” signal. We do not currently respond to it because we do not engage in cross-site tracking that would be affected by it. As described above, we use only essential first-party cookies.
Changes to this policy
We may update this policy from time to time. When we do, we will change the “Last updated” date at the top of the page. For material changes — for example, adding new categories of data collection or new sharing arrangements — we will give you at least 30 days' notice by email (if we have your email address) before the changes take effect.
Contact
Questions, requests, or complaints about this policy or your data?
- Email: privacy@buybackhours.com
- Mail: Casa Thebeau LLC, 1065 SW 8th St #1855, Miami, FL 33130
If you're in the EU/EEA, you may also lodge a complaint with your local data protection authority. We'd appreciate the chance to address your concern directly first.