Privacy Policy
Last updated June 23, 2026
SUMMARY
Site Command System is a veteran-owned operations automation service for local service businesses. This Policy explains our own privacy practices and the practices that apply when we process information for a business client.
SITE COMMAND SYSTEM
Privacy Policy
How we collect, use, disclose, and protect personal information
Last updated June 23, 2026
This Privacy Policy applies to sitecommandsystem.com and to the consulting, automation, communications, artificial intelligence, customer relationship management, reputation, scheduling, lead follow-up, and related services offered by Site Command System (collectively, the “Services”).
SUMMARY
Site Command System is a veteran-owned operations automation service for local service businesses. This Policy explains our own privacy practices and the practices that apply when we process information for a business client.
Contents
1. Scope and Our Role
This Policy applies when you visit our website, request information, book a consultation or Revenue Leak Diagnostic, purchase or use our Services, communicate with us, receive messages from us, or otherwise interact with Site Command System.
Information we process for our own business
When Site Command System determines why and how personal information is processed—for example, information from our own website visitors, prospects, customers, contractors, and business contacts—we act as the business or controller responsible for that processing.
Information we process for clients
Many Services are provided to local businesses. In those situations, a client may give us access to its CRM, contact lists, calendars, messages, calls, reviews, or other customer information. We generally process that information only on the client’s documented instructions as its service provider or processor. The client controls its relationship with its customers and is responsible for providing required notices, obtaining required consents, and responding to privacy requests. If your request concerns information we process for one of our clients, we may direct you to that client and assist it as required by contract or law.
This Policy does not replace a client’s own privacy notice. It also does not apply to third-party websites or services that have their own privacy policies.
2. Personal Information We Collect
Information you provide directly
- Contact and business information. Name, company name, job title, email address, telephone number, mailing address, and similar details.
- Inquiry and appointment information. Information submitted through forms, calendars, chat tools, surveys, support requests, diagnostics, or consultations.
- Account and authentication information. Usernames, access permissions, authentication tokens, and credentials when an account or integration requires them. We encourage use of secure authorization methods rather than sharing passwords.
- Communications. Emails, SMS messages, chat messages, call recordings, voicemails, transcripts, summaries, attachments, reviews, and other content you send or receive through the Services.
- Commercial information. Services requested or purchased, agreements, invoices, transaction status, customer-support history, and related records.
- Testimonials and feedback. Reviews, survey responses, testimonials, and other feedback you choose to provide. We obtain permission before publishing personally identifying testimonial content when required.
Information processed for clients
A client may upload, connect, or authorize access to information about its leads, customers, employees, vendors, and other contacts. This may include names, telephone numbers, email addresses, appointment records, service history, CRM notes, communication preferences, consent records, call and message content, review activity, and workflow status. We use this Client Data only to provide, secure, support, and improve the contracted Services, to comply with law, and as otherwise instructed by the client.
Information collected automatically
- Device and usage data. IP address, browser type, operating system, device identifiers, referring pages, pages viewed, dates and times, clicks, interactions, error logs, and similar technical information.
- Approximate location. General location inferred from IP address. We do not intentionally collect precise GPS location through our public website unless a feature clearly requests it and you permit it.
- Cookies and similar technologies. Cookie identifiers, pixels, tags, local storage, and analytics or advertising identifiers, as described below.
Information from integrations and other sources
We may receive information from clients, referrals, publicly available business sources, advertising platforms, social media platforms, analytics providers, payment processors, communications providers, and integrations you authorize, such as calendars, email, Google Business Profile, or CRM tools. The information received depends on the source, your settings, and the permissions granted.
Sensitive information
Our Services are not designed to collect sensitive personal information unrelated to business communications. However, communication content may incidentally contain sensitive information. Please do not provide government identification numbers, complete payment card details, health information, or other highly sensitive information unless it is necessary, authorized, and requested through an appropriate secure process. We do not use sensitive personal information to infer characteristics about individuals or for targeted advertising.
3. How We Use Personal Information
- Provide, configure, operate, maintain, and support the Services.
- Respond to inquiries, conduct diagnostics, schedule appointments, provide customer service, and manage client relationships.
- Operate CRM workflows, lead routing, missed-call text back, appointment reminders, follow-up sequences, review requests, database reactivation, and related automation.
- Process transactions, issue invoices, administer subscriptions, and maintain business records.
- Communicate administrative, service-related, and—where consent or another lawful basis exists—marketing information.
- Personalize and improve website content, workflows, user experience, and service performance.
- Measure website and advertising effectiveness, subject to applicable choices and consent requirements.
- Detect, investigate, prevent, and address security incidents, fraud, abuse, technical failures, and violations of agreements.
- Comply with legal, regulatory, tax, accounting, carrier, and industry requirements; respond to lawful requests; and establish or defend legal claims.
- Create aggregated or de-identified operational statistics that do not reasonably identify an individual.
We do not use Client Data, mobile opt-in data, call recordings, transcripts, or private communication content for our own unrelated marketing, and we do not sell Client Data.
4. Artificial Intelligence and Automated Communications
The Services may use artificial intelligence, machine learning, rules-based automation, and similar technologies to answer inquiries, route communications, summarize conversations, schedule appointments, draft or send responses, identify follow-up needs, request reviews, and support business operations.
- AI providers. Inputs, outputs, and relevant personal information may be sent to contracted AI or infrastructure providers, such as OpenAI, solely to provide the requested functionality, maintain security, and support the Services.
- Training. Site Command System does not use Client Data, mobile opt-in data, call recordings, transcripts, or communication content to train general-purpose AI models for our own independent purposes. Where available, we use business or API services under which business data is not used for provider model training by default.
- Human review. Authorized personnel may review communications when reasonably necessary for setup, quality assurance, troubleshooting, security, legal compliance, or support, subject to confidentiality and access controls.
- Accuracy. AI-generated content may be incomplete or inaccurate. We do not use automated systems to make decisions about credit, employment, housing, insurance, healthcare eligibility, or other decisions that produce legal or similarly significant effects.
- Choice. When reasonably available, a person may request human assistance or another communication method.
5. Call Recording and Transcription
Calls handled by or routed through the Services may involve an AI voice assistant and may be recorded, transcribed, summarized, or analyzed for appointment handling, customer service, quality assurance, security, and workflow execution. We and our clients are responsible for providing notice and obtaining consent before recording or transcription when required by applicable law.
Where required, the caller will receive a disclosure at the beginning of the interaction. A person who does not consent may end the call or request another available method of communication. Clients are responsible for configuring recording practices for the states and jurisdictions in which they operate and for using recordings only for lawful purposes.
6. How We Disclose Personal Information
We may disclose personal information only as reasonably necessary for the purposes described in this Policy:
- Clients. When we process an interaction for a client, relevant information is made available to that client and its authorized users.
- Service providers and subprocessors. Vendors that provide CRM and automation, telecommunications, messaging, email, hosting, cloud storage, artificial intelligence, analytics, advertising, payment processing, scheduling, security, support, and professional services. Examples may include GoHighLevel/LeadConnector, Twilio or other telecommunications providers, OpenAI, Stripe, Google, Meta, LinkedIn, and hosting or security providers.
- Integrations you authorize. Third-party accounts, applications, calendars, email systems, social platforms, or business tools that you or a client choose to connect.
- Professional advisers. Attorneys, accountants, auditors, insurers, consultants, and other advisers bound by appropriate duties.
- Legal and safety purposes. Government authorities or other parties when required by law or when reasonably necessary to protect rights, safety, security, and the integrity of the Services.
- Business transactions. Parties involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate safeguards.
- With consent or direction. Other parties when an individual or client directs or authorizes the disclosure.
Service providers are permitted to process information only for contracted purposes and are expected to protect it. We do not permit them to use mobile opt-in data or consent for their own marketing.
7. Mobile Messaging Privacy and Consent
We may send SMS or MMS messages for appointment confirmations and reminders, responses to inquiries, account or service updates, support, requested follow-up, and—only with appropriate consent—marketing or promotional communications. Consent to marketing messages is not a condition of purchase. Message frequency varies, and message and data rates may apply.
You may opt out at any time by replying STOP. You may reply HELP for assistance. We may send a final confirmation of your opt-out. Opting out of one messaging program may not opt you out of other programs for which you separately enrolled, but you may contact us to manage your preferences. We maintain records of consent, message delivery, and opt-out requests as reasonably necessary for compliance.
Carrier-required mobile-data statement: No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Mobile opt-in information and consent are specific to the identified sender and messaging program and are not transferable to another business for that business’s marketing. Additional program terms appear in our Mobile Messaging Terms.
8. Cookies, Analytics, and Advertising
We and our providers may use cookies, pixels, web beacons, tags, local storage, and similar technologies. These technologies may support:
- Essential functions. Security, form submission, session management, preference storage, and basic website operation.
- Analytics. Understanding traffic, page use, conversion activity, performance, and errors.
- Advertising. Measuring campaigns, creating audiences, limiting repetition, and displaying more relevant advertisements.
Advertising and analytics providers may receive identifiers, device data, approximate location, and interaction data. Under some state laws, the use of advertising cookies may be considered “sharing” for cross-context behavioral advertising even when no money changes hands. We do not sell personal information for money.
You may control cookies through any preference tool presented on our website and through your browser settings. Blocking cookies may affect site functionality. Traditional “Do Not Track” signals do not have a uniform industry standard. Where applicable and supported, you may also use a legally recognized opt-out preference signal, such as Global Privacy Control.
9. Google API Data
If you or a client connects a Google account or Google service, we access only the permissions needed to provide the requested integration. Information received from Google APIs is used and transferred in accordance with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data for advertising, sell it, or allow human access except when permitted by that policy, such as with explicit consent, for security, to provide support, or to comply with law.
You may revoke Google authorization through your Google account settings. Revocation may disable features that depend on the connection.
10. Payments
Payments may be processed by Stripe or another payment processor. The processor collects payment card information directly through its secure interface. Site Command System may receive transaction details such as the amount, date, status, billing contact information, and limited payment-method details, but we do not store complete payment card numbers or card security codes on our systems. Payment information is governed by the payment processor’s privacy policy and terms.
11. Data Retention
We retain personal information only for as long as reasonably necessary for the purposes described in this Policy. The period depends on the type of information, client instructions, contractual requirements, consent and opt-out recordkeeping, the duration of the business relationship, security needs, dispute resolution, and legal, tax, accounting, carrier, or regulatory obligations.
- Client Data. Generally retained during the client relationship and deleted, returned, or de-identified within a reasonable period after termination, subject to client settings, backups, legal obligations, and documented instructions.
- Communications and recordings. Retained according to the client’s configuration and the operational, consent, quality, security, and legal needs associated with the interaction.
- Consent and opt-out records. Retained as reasonably necessary to demonstrate compliance and honor communication preferences.
- Financial and contractual records. Retained for the periods required by tax, accounting, contract, and legal obligations.
- Backups. Information in backups may remain for a limited rolling period and is isolated from ordinary use until overwritten or deleted.
When information is no longer required, we delete, de-identify, or securely isolate it, subject to technical and legal limitations.
12. Data Security
We use reasonable administrative, technical, and organizational safeguards appropriate to the nature of the information and the Services. Measures may include access controls, authentication, encryption in transit, secure vendor platforms, least-privilege access, logging, backups, staff confidentiality obligations, and incident-response procedures.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, and you should use secure devices, protect credentials, enable available multi-factor authentication, and promptly notify us of suspected unauthorized access.
13. Children’s Privacy
The Services are designed for businesses and adults and are not directed to children under 18. We do not knowingly collect personal information directly from children under 18 for our own purposes. If we learn that we collected such information without appropriate authorization, we will take reasonable steps to delete it. Client communications involving minors remain the responsibility of the client and must be handled in accordance with applicable law.
14. Your Privacy Rights
Depending on your location and applicable law, you may have the right to:
- Confirm whether we process your personal information and request access to it.
- Correct inaccurate personal information.
- Request deletion of personal information.
- Obtain a portable copy of certain personal information.
- Opt out of sale, targeted advertising, or certain profiling, where applicable.
- Limit certain uses or disclosures of sensitive personal information, where applicable.
- Withdraw consent for processing based on consent.
- Appeal a decision concerning a privacy request, where applicable.
- Receive equal service and not be discriminated against for exercising a privacy right.
To submit a request, email [email protected] with the subject “Privacy Request.” Describe the request and identify the email address or telephone number associated with the relevant information. We may verify your identity and authority before completing the request. An authorized agent may submit a request when permitted by law, but we may require proof of authorization and direct identity verification.
If the information is controlled by one of our clients, please contact that business directly. We will assist the client as required. To appeal a decision, reply to our response and state that you are submitting a privacy appeal.
Marketing email recipients may use the unsubscribe link. SMS recipients may reply STOP. Service-related communications may continue when necessary to provide a requested service or complete a transaction.
15. California and Other U.S. State Disclosures
This section supplements the Policy for residents of states with comprehensive consumer privacy laws, to the extent those laws apply to Site Command System and the relevant processing.
Categories processed
| Category | Examples | Processed | Potential ad sharing |
|---|---|---|---|
| A. Identifiers | Name, email, phone, IP address, account ID | Yes | Possible for online identifiers |
| B. Customer-record information | Contact, billing, and business information | Yes | Generally no |
| C. Protected classifications | Age, race, religion, and similar traits | Not intentionally | No |
| D. Commercial information | Services, transactions, and support history | Yes | Generally no |
| E. Biometric information | Voiceprint or facial template used to identify a person | No | No |
| F. Internet/network activity | Browsing, clicks, interactions, and device data | Yes | Possible |
| G. Geolocation | Approximate location inferred from IP address | Yes, approximate | Possible |
| H. Audio/visual information | Call recordings, voicemail, images, and transcripts | Yes | No |
| I. Professional information | Company, title, work contact details | Yes | Generally no |
| J. Education information | Student records | No | No |
| K. Inferences | Likely interests or workflow status | Yes, limited | Possible |
| L. Sensitive personal information | Credentials and private communication content | Limited circumstances | No |
Sources, purposes, and recipients
We collect these categories from individuals, clients, authorized integrations, service providers, advertising and analytics platforms, referrals, and public business sources. We use them for the business and commercial purposes described in Sections 3 through 5 and disclose them to the categories of recipients described in Section 6.
Sale and sharing
We do not sell personal information for money. Our use of analytics and advertising technologies may be considered “sharing” of identifiers, internet activity, approximate location, or inferences for cross-context behavioral advertising under certain state laws. You may request to opt out by emailing [email protected] and may use available cookie controls. We do not knowingly sell or share personal information of consumers under 16.
Sensitive personal information
We use sensitive personal information only as reasonably necessary to provide requested Services, secure accounts and systems, process authorized communications, comply with law, and perform other purposes permitted without a right to limit. We do not use it to infer characteristics about individuals.
Disclosures for business purposes
During the preceding 12 months, we may have disclosed the categories identified as “Processed” above to service providers, clients, integrations, professional advisers, and legal authorities for the purposes described in this Policy. We retain each category only for the period reasonably necessary under Section 11.
16. International Visitors
Site Command System is based in the United States, and information may be processed in the United States and other countries where our providers operate. Those countries may have different data-protection laws. Where European Economic Area, United Kingdom, or Swiss law applies, our legal bases may include performance of a contract, steps requested before entering a contract, legitimate interests in operating and securing the Services, consent, and compliance with legal obligations. Individuals may also have rights to object, restrict processing, and lodge a complaint with a supervisory authority.
17. Changes to This Policy
We may update this Policy to reflect changes in law, technology, vendors, or our practices. The “Last updated” date identifies the latest revision. If a change materially affects how we use personal information, we will provide additional notice when required. We will not apply materially broader uses to previously collected information without appropriate notice or consent when required by law.
18. Contact Us
Questions, privacy requests, and appeals may be sent to:
Site Command System
Email: [email protected]
Website: https://sitecommandsystem.com
For SMS assistance, reply HELP to a message or email the address above. To stop SMS messages, reply STOP.