Privacy Policy

Effective Date: May 23, 2026
Last Updated: May 23, 2026

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email, phone number, password, role
  • Business information: company name, address, contact details, tax IDs, EIN
  • Content you submit: documents, communications, configurations, customer records you upload
  • Payment information: handled by third-party PCI-DSS-compliant processors; we do not store full card numbers
  • Communications with us: support requests, feedback, recorded calls (with notice)

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, click events, timestamps
  • Device and connection information: browser, operating system, IP address, device identifiers, time zone
  • Cookies and similar technologies (see Section 6)
  • Server logs and error telemetry

1.3 Information From Third Parties

  • Authentication providers (e.g., AWS Cognito) — sign-in tokens and basic profile information
  • Integrations you or your administrator connect to the Services
  • Telecommunications partners (e.g., Twilio) — message delivery status and inbound replies

1.4 Sensitive Personal Information

Under California law (CCPA/CPRA) and similar state laws, "sensitive personal information" (SPI) includes categories such as government IDs, precise geolocation, financial account credentials, and the contents of messages and calls.

Ardenus may process the following SPI:

  • Contents of text messages and voice calls routed through the Services (limited to delivering, auditing, and complying with telecom rules)
  • Precise geolocation only when explicitly enabled by you for a specific feature
  • Government IDs / tax IDs for business identity verification (EIN, etc.)

We use SPI only for the purposes described in this Policy and only as necessary to provide the Services. We do not use SPI for profiling, targeted advertising, or any purpose beyond service delivery and legal compliance.

2. How We Use Information

We use information to:

  • Provide, operate, and secure the Services
  • Authenticate users and prevent fraud, abuse, and unauthorized access
  • Communicate with you about your account, billing, security, and (with consent) marketing
  • Comply with legal obligations and enforce our Terms of Service
  • Improve the Services and develop new features
  • Send SMS messages, place calls, and route conversational AI responses on behalf of you or your authorized administrator (see Sections 3 and 5)

3. Mobile Information and SMS / Text Messaging

This section explains how we handle mobile and text-messaging information. It applies both to people who use Ardenus directly and to people who receive messages that our business customers send through the platform.

3.1 No Sale, No Sharing for Marketing — Bright-Line Rule

Your mobile information will not be sold or shared with third parties or affiliates for promotional or marketing purposes. This is an absolute rule.

More specifically: SMS opt-in data, mobile phone numbers, text-messaging consent records, conversation contents, and any related metadata are not — and will never be — sold, rented, leased, traded, shared with affiliates, or otherwise disclosed to any third party for that third party's marketing, promotional, lead-generation, or advertising purposes.

The categories of personal information described elsewhere in this Policy exclude text-messaging originator opt-in data and consent; this information will not be shared with any third parties. SMS opt-in is a direct, one-to-one agreement between you and the business sending the message — it is never transferred, rented, or sold.

3.2 Consent and Opt-In

We (and our business customers using the platform) send SMS messages only to recipients who have explicitly opted in via one of the following channels:

  • A web form on a customer-facing site that includes a clear consent checkbox (unchecked by default) and discloses the program name, message frequency, opt-out instructions, applicable Terms link, and Privacy Policy link
  • In-person consent recorded by authorized personnel at the point of service
  • A customer-initiated reply of START or SUBSCRIBE to an existing conversation thread

Each opt-in event is logged with a timestamp, source, IP address (for web opt-ins), and evidence of the disclosure shown at the time of consent. This audit record is retained for at least four (4) years from the last interaction.

Providing your mobile number and consenting to receive text messages is never a condition of purchasing any product or service. You can use the Services, and do business with our customers, without opting in to SMS.

3.3 Types of SMS Messages Sent

  • Transactional: appointment reminders, service updates, technician arrival alerts, order confirmations, account notifications, security alerts
  • Conversational: two-way customer-service messages initiated by either party
  • Marketing or promotional: special offers, recall campaigns, win-back outreach — sent only to recipients who have separately opted in to marketing messages (transactional consent does not imply marketing consent)
  • AI-assisted: certain messages may be drafted, suggested, or sent by an automated AI agent operating on behalf of the business sender. See Section 5 for AI-specific disclosures.

3.4 Message Frequency and Rates

Message frequency varies by program and use case. Standard message and data rates may apply per your wireless carrier plan. Ardenus does not charge end recipients for receiving messages.

3.5 Opt-Out

You may opt out of SMS messages at any time by replying STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT to any message. You will receive a single confirmation that you have been unsubscribed, and no further messages will be sent from that sender. To opt back in, reply START or SUBSCRIBE.

For help, reply HELP to any message or email support@ardenus.com.

Opt-outs are honored per business sender. Opting out of messages from one business does not affect your subscriptions with another business that also uses the Services — each business sender maintains its own consent ledger and operates under its own brand registration.

3.6 We Never Sell or Rent Your Opt-In Data

Your SMS opt-in and consent are a direct, one-to-one agreement between you and the business you chose to hear from. We do not sell, rent, or share that opt-in and consent data with any third party for that party's own purposes.

Section 4, "How We Share Information," describes the service providers that operate the messaging service on our behalf and the limited situations required by law. None of those parties may use your opt-in data for their own marketing.

3.7 Carrier Disclaimers

Mobile carriers are not liable for delayed or undelivered messages.

4. How We Share Information

We share information only as described here. We do not sell your personal information, and we never sell, rent, or share SMS opt-in and consent data with third parties for their own marketing.

  • Service providers (processors) acting on our behalf. We use vetted providers to operate the Services — for example, Twilio for messaging and voice delivery, Amazon Web Services for hosting and storage, and PCI-DSS-compliant payment processors. They act solely on our behalf under contract, only to provide their part of the Services, and may not use your information for their own purposes. Under CCPA/CPRA these are service providers or contractors, not "third parties."
  • The business you opted in to. When you receive messages through the platform, the business that sent them is the party you have a relationship with. We give them only the data needed to run and audit the program you opted in to.
  • Legal and safety. We may disclose information to regulators, carriers, courts, or law enforcement when required by law, subpoena, court order, or carrier compliance audit.
  • Business transfers. If Ardenus is involved in a merger, acquisition, financing, or sale of assets, information may transfer to the successor entity, which remains bound by protections at least as strong as those in this Policy. In any such transfer, your SMS opt-in and consent data stays subject to the no-sale, no-sharing, and no-marketing commitments in Section 3.

The categories above exclude text-messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. AI and Automated Processing

Ardenus uses artificial intelligence ("AI") and automated processing to operate certain features, including drafting SMS replies, classifying inbound messages, summarizing conversations, generating content suggestions, and routing communications to human agents.

5.1 What We Use AI For

  • Conversational SMS and voice responses on behalf of business senders (with consent)
  • Message classification (e.g., urgency, intent, opt-out detection)
  • Summarization and intelligence for business operators
  • Fraud and abuse detection

5.2 What We Don't Use AI For

  • We do not use AI to make solely-automated decisions that produce legal or similarly significant effects on individuals (e.g., credit, employment, housing eligibility) without human review.
  • We do not train third-party general-purpose AI models on identifiable customer content or end-user SMS contents without explicit, separate consent.

5.3 Right to Opt Out of Certain Profiling

In states that grant the right (California, Colorado, Connecticut, Texas, Oregon, and others), you may have the right to opt out of profiling that produces legal or similarly significant effects. To exercise this right, email support@ardenus.com.

5.4 California Frontier AI Transparency Act

To the extent the Services are subject to the California Transparency in Frontier Artificial Intelligence Act (effective January 1, 2026) or analogous laws, we provide the disclosures required by those laws. Contact support@ardenus.com for specific disclosures.

6. Cookies and Tracking Technologies

We use cookies and similar technologies in three categories:

  • Strictly necessary: authentication, session management, security, fraud prevention. These cannot be disabled.
  • Functional: preference storage (theme, language), feature state. You can disable; some features may degrade.
  • Analytics: aggregate usage measurement (no cross-site tracking, no advertising). You can disable.

We do not use cross-site advertising cookies. We do not sell your information to advertisers or share it for advertising. You can control cookies through your browser settings.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
  • Role-based access controls with least-privilege enforcement
  • Audit logging of all data access and modification events
  • Multi-factor authentication for privileged access
  • Regular security reviews and vulnerability scanning
  • Logical separation that keeps each customer's data segregated from every other customer's

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

7.1 Breach Notification

If we determine that a security incident has resulted in unauthorized access to personal information, we will notify affected users and applicable regulators in accordance with applicable law (including state data-breach notification statutes such as California Civil Code § 1798.82 and the New York SHIELD Act).

To report a suspected vulnerability or security incident, email support@ardenus.com.

8. Data Retention

We retain personal information for as long as necessary to provide the Services and comply with legal obligations.

Data categoryRetention period
SMS consent records, send/receive records, opt-out audit logsAt least 4 years from last interaction
Account informationLife of account + 90 days archival
Customer Content (documents, configurations)Per customer's account; deleted within 90 days of account closure (subject to legal hold)
Billing and financial records7 years (US tax and accounting law)
Security logs, audit logs1 year
Marketing analytics (aggregated)Indefinitely if anonymized
CookiesPer cookie category; session or up to 12 months

You may request deletion of your personal information subject to legal exceptions (see Section 9).

9. Your Rights

You have, depending on your jurisdiction, the following rights:

  • Access — know what personal information we hold about you and obtain a copy
  • Correct — fix inaccurate or incomplete information
  • Delete — request deletion (subject to legal exceptions)
  • Portability — receive your data in a portable format
  • Object / Restrict — limit certain processing
  • Withdraw consent — where processing is based on consent
  • Opt out of sale or sharing — we do not sell or share for cross-context behavioral advertising, but the right exists
  • Opt out of targeted advertising — N/A; we do not engage in this
  • Opt out of profiling that produces legal or significant effects — see Section 5.3
  • Non-discrimination — we do not deny service or charge different prices for exercising privacy rights

9.1 How to Exercise Rights

Email support@ardenus.com with your request. We respond within 45 days as required by California law and most other state laws, with one possible 45-day extension when reasonably necessary.

Verification. Before fulfilling a request, we verify your identity by matching your request against information we already hold and, where additional verification is needed, by requesting government-issued ID or other reasonable proof. We use only the information you provide for verification and delete it once verification is complete.

Authorized agents. You may designate an authorized agent to submit requests on your behalf. We may require the agent to provide proof of authorization and to verify your identity directly.

9.2 Global Privacy Control (GPC) Signal

We honor opt-out preference signals (including the Global Privacy Control signal) that meet the technical requirements of state privacy laws. When we detect a valid GPC signal from your browser, we treat it as a request to opt out of "sale" and "sharing" of your personal information under California, Colorado, Connecticut, and other applicable state laws.

9.3 State-Specific Rights

This Policy is intended to comply with the privacy laws of all U.S. states where comprehensive privacy laws have taken effect, including but not limited to:

  • California (CCPA / CPRA)
  • Virginia (VCDPA)
  • Colorado (CPA)
  • Connecticut (CTDPA)
  • Utah (UCPA)
  • Texas (TDPSA)
  • Oregon (OCPA)
  • Florida (FDBR)
  • Montana (MCDPA)
  • Iowa (ICDPA)
  • Indiana (ICDPA)
  • Tennessee (TIPA)
  • Delaware (DPDPA)
  • New Jersey (NJDPA)
  • New Hampshire (NHPA)
  • Maryland (MODPA)
  • Minnesota (MCDPA)
  • Nebraska (NDPA)

To exercise any state-specific right (including any right to appeal a denial of a privacy request), email support@ardenus.com.

9.4 EU / UK Residents (GDPR / UK GDPR)

We process personal data under the lawful bases of consent, contract, legitimate interest, and legal obligation as applicable. EU/UK residents may also lodge a complaint with their data protection authority.

10. Children's Privacy

The Services are not directed to children under 13 (or under 16 in the EU/UK), and we do not knowingly collect personal information from children. If you believe a child has provided personal information, contact support@ardenus.com and we will delete it.

11. International Transfers

Information may be processed in the United States and other countries where we or our service providers operate. Where required, we use Standard Contractual Clauses or other lawful transfer mechanisms.

12. Third-Party Links

The Services may contain links to websites we do not operate. We are not responsible for the privacy practices or content of those sites. The providers we use to operate the Services are described in Section 4, "How We Share Information."

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notice at least thirty (30) days before they take effect, except where a shorter period is required by law. The "Last Updated" date at the top reflects the most recent revision.

14. Contact

Ardenus LLC — United States

For any question or request — privacy, security, legal, support, or SMS help — email support@ardenus.com.

We respond to privacy rights requests within 45 days as required by applicable law.