Kestrel
Sign In
Back to home

Privacy Policy

Last updated: April 20, 2026

This is a placeholder document. The live Privacy Policy must be reviewed by counsel before public launch and kept current as sub-processors or data flows change.

1. Who we are

  • Kestrel Portal Inc. ("Kestrel", "we", "us") operates the Kestrel Portal service ("Service"). This Privacy Policy explains how we collect, use, and share information when you use the Service.

2. Information we collect

  • Account data: name, email, phone number, business details you provide during signup and configuration.
  • Usage data: logs of your interactions with the Service, including timestamps, IP address, and feature usage.
  • Customer data: messages, bookings, and payment records you process through the Service on behalf of your customers.
  • Payment data: processed by Stripe; Kestrel does not store full card numbers.

3. How we use information

  • Operate the Service, including authentication, messaging, scheduling, and payments.
  • Improve product quality, detect abuse, and secure the Service.
  • Communicate with you about your account and product updates.
  • We do not sell your personal information.

4. AI processing

  • Customer messages are processed by Anthropic's Claude API to generate AI replies. Message content is sent to Anthropic solely for the purpose of generating a reply and is not used by Anthropic to train models. See Anthropic's privacy policy for details.

5. Sharing

  • Sub-processors: Stripe (payments), Twilio (SMS), Anthropic (AI), Clerk (authentication), AWS (hosting), Vercel (landing pages), UptimeRobot (monitoring).
  • Legal: we disclose information when required by law or to protect rights, safety, or property.
  • Business transfers: in the event of a merger or acquisition, information may transfer subject to this policy.

6. Your rights (GDPR + CCPA)

  • If you are in the EU/EEA (GDPR) or California (CCPA), you have the right to access, correct, delete, or port your personal data, and to object to certain processing. Submit requests to privacy@kestrelportal.com. We will respond within 30 days.
  • You may also opt out of marketing emails at any time via the unsubscribe link or by contacting us.

7. Data retention

  • Account data is retained while your account is active plus 30 days after cancellation. Booking and payment records are retained for 7 years to comply with tax and regulatory requirements. Aggregated and anonymized data may be retained indefinitely.

8. Security

  • We use TLS for data in transit, encryption at rest for sensitive fields, MFA for staff access, and principle-of-least-privilege for internal systems. No service is perfectly secure; notify us immediately of any suspected incident at security@kestrelportal.com.

9. Children

  • The Service is not intended for children under 18. We do not knowingly collect data from children. If we learn we have, we will delete it.

10. International transfers

  • Our primary infrastructure is in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US under appropriate safeguards.

11. Changes

  • We may update this policy. Material changes will be announced at least 30 days before taking effect.

12. Contact

  • Privacy questions: privacy@kestrelportal.com. EU Data Protection Representative: see contact form at kestrelportal.com/contact.