Foreman
Privacy Policy

Privacy Policy

Last updated: May 1, 2026

Foreman (“we”) operates the website at this domain and provides done-for-you Google Business Profile management to home-service businesses. This policy explains what information we collect, why, and what choices you have.

What we collect

Free-audit form (/book). When you request a free audit we collect your name, business name, Google Business Profile URL, email, phone, trade category, and your optional “biggest frustration” comment. We use this to deliver the audit and to follow up with you about it.

Subscription customers. When you subscribe via Stripe we receive your billing email and the metadata Stripe collects to process the charge. Stripe handles your card data directly — we never see or store it. After checkout we ask you to complete an onboarding form covering business details we need to perform the work (service-area cities, brand-voice notes, etc.).

Operational data. While we manage your profile we generate and store internal records of posts, review replies, Q&As, and monthly reports we’ve produced for you.

Call data (Growth/Premium plans). If your plan includes the AI receptionist, inbound calls to your dedicated number are answered by an AI assistant. We record the call (where legally permitted — the assistant plays a recording disclosure at the start of every call), generate a transcript, and store both for your review. Recordings and transcripts are retained for 12 months and then deleted.

Authentication cookies. If you sign in to any owner-only area, we set a session cookie issued by Supabase Auth. This is the only cookie we set. We do not run third-party analytics, advertising trackers, or session replay tools on this site.

How we use it

  • Deliver the audit, posts, replies, Q&A, and reports you signed up for.
  • Communicate with you about your account, the work, and any service changes.
  • Respond to support requests and improve our internal templates.

We do not sell your information. We do not share your information with advertisers.

Subprocessors we use

Running Foreman requires a small set of trusted vendors. Each is bound by their own privacy policy and DPA:

  • Supabase — database and authentication.
  • Stripe — payments and subscription billing.
  • Internal drafting tools — we use third-party language services to draft posts, replies, and reports. Your business profile context is sent with each request and is not retained or repurposed by those services.
  • Google Workspace — our email (sender and inbox).
  • Vercel — hosts the website and serverless functions.
  • Vapi — voice AI runtime that powers the receptionist. Call audio passes through Vapi to be transcribed and synthesized.
  • Twilio — provisioning your phone number and routing calls. Twilio is the carrier-of-record for the receptionist line.

Retention

We retain your data for as long as you’re an active client. If you cancel, we keep records for up to 12 months to handle billing reconciliation and any disputes, then delete them. Audit-request submissions from non-clients are deleted after 24 months.

Your rights

You can request a copy of the information we hold about you, or ask us to delete it, at any time. Email privacy@foreman.co from the address on file. We’ll respond within 14 days.

If you’re a California resident, the CCPA gives you specific rights including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

Changes to this policy

We may update this policy occasionally. The “last updated” date at the top will reflect any changes. If we make a material change to how we use your data, we’ll email active clients in advance.

Contact

Questions? Email privacy@foreman.co.

See also: Terms of Service