Legal
Privacy Policy
Last updated: July 3, 2026
OC Automations LLC (“we,” “us,” “our”) operates Operator (the “Service”). This Privacy Policy explains what information we collect, how we use it, and your choices.
1. Information We Collect
1.1 Account Information
When you sign up, we collect your email address and a hashed password. We do not store your password in plain text.
1.2 GoHighLevel Connection Credentials
To connect your sub-account, you provide us with a Location ID, a Private Integration Token, and a Firebase-based refresh token associated with your GoHighLevel account. These credentials are encrypted at rest using industry-standard encryption (AES-256-GCM) and are never displayed back to you or any other party after entry, never logged in plain text, and never transmitted to our AI provider.
1.3 Business Data From Your Connected Sub-Account
To generate and execute automations, the Service reads certain data from your connected sub-account, which may include contact records, pipeline and opportunity data, custom fields and values, workflow configurations, and calendar/appointment data. This data is used solely to provide the Service to you and is not used to train any AI model or shared with other customers.
1.4 Chat and Usage Data
We store your conversations with the Operator agent, the action plans proposed, and a record of actions executed, in order to provide the Service, maintain your audit history, and calculate billing (including usage-based overage). We also log token usage per organization for billing and cost-tracking purposes.
1.5 Payment Information
Payment processing is handled by Stripe. We do not store your full payment card information on our own servers; Stripe’s handling of your payment data is governed by Stripe’s own privacy policy.
1.6 Automatically Collected Information
We may collect standard technical information such as IP address, browser type, and access timestamps, for security, rate-limiting, and fraud-prevention purposes.
2. How We Use Information
We use the information described above to:
- Provide, operate, and maintain the Service;
- Process your requests through the Operator agent, including sending relevant context to our AI processing provider (currently Anthropic) as described in Section 3;
- Process billing and calculate usage-based charges;
- Communicate with you about your account, including transactional emails (verification, billing, connection status) sent through our email provider (currently Resend);
- Monitor for and prevent fraud, abuse, or violations of our Terms of Service, including patterns that may indicate circumvention of subscription tier limits;
- Improve and maintain the security and reliability of the Service.
We do not sell your personal information, and we do not use your business data or your connected sub-account’s data to train any AI model.
3. Third-Party Service Providers
We share information with the following categories of third-party service providers, solely as necessary to operate the Service:
| Provider | Purpose | What is shared |
|---|---|---|
| Anthropic | AI processing for the Operator agent | Chat messages, a snapshot of relevant sub-account data (e.g., pipeline names, tags, custom field definitions) needed to generate accurate plans. Connection credentials/tokens are never sent to this provider. |
| Stripe | Payment processing and subscription billing | Billing contact information, subscription and payment status |
| Resend | Transactional email delivery (account verification, billing notices, reconnect prompts) | Email address, email content necessary for the specific transactional message |
| Railway | Application hosting and database infrastructure | All data described in this policy, as necessary to operate the Service |
We do not control and are not responsible for the privacy practices of GoHighLevel itself; your use of your GHL sub-account is governed by GoHighLevel’s own privacy policy and terms.
4. Data Retention
We retain account information and audit logs for as long as your account is active and for a reasonable period thereafter for legal, billing, and security purposes. You may request deletion of your account and associated data as described in Section 6, subject to reasonable retention of records required for legal or billing compliance.
5. Data Security
We implement industry-standard security measures, including encryption of sensitive credentials at rest, encrypted connections in transit, and access controls limiting who can access your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
6. Your Rights and Choices
Depending on your location, you may have rights to access, correct, delete, or export your personal information, or to object to certain processing. To exercise these rights, contact us at tyler.ocautomations@gmail.com. You may disconnect a sub-account or delete your account at any time through the Service’s settings.
7. Children’s Privacy
The Service is not directed to individuals under 18, and we do not knowingly collect personal information from children.
8. International Data Transfers
Our infrastructure is hosted in the United States via Railway. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
10. Contact Us
Questions about this Privacy Policy may be directed to tyler.ocautomations@gmail.com.