Drupefruit™ LLC ("Drupefruit," "we," "us," or "our") operates payment-enabled software products and selective consulting practices. This Privacy Policy describes how we collect, use, and protect information across all Drupefruit-operated products and the drupefruit.com website.
1. Information We Collect
Account Information
When you create a Drupefruit account, we collect your email address, display name, and optional profile details (business name, phone number, address, website, vertical/industry).
Phone Numbers
Account holders: Phone numbers you provide are used for account verification, security alerts, and transactional notifications. You may opt out of SMS at any time without losing access to your account (email-based verification remains available).
Customers of merchants on Drupefruit-built platforms: When you book an appointment with, or text/call, a merchant operating on a Drupefruit-built platform through their public booking page or masked contact routing, your phone number is collected to facilitate that conversation and is shared only with the specific business owner you contacted.
Messages & Call Data
SMS messages, voicemail transcripts, and call metadata (duration, timestamp, routing decisions) sent through Drupefruit products are stored to enable conversation threading, AI-powered message analysis, and CRM features for business owners.
Catalog & Transaction Data
Profile data, item listings, sale events, bookings, and payment records are stored to operate Drupefruit's products.
Usage Data
We collect standard usage analytics including pages visited, features used, and device/browser information to improve our service.
2. How We Use Your Information
Service delivery: To operate our products — routing messages, processing payments, managing listings, generating AI analysis of customer intent.
Communication: To send transactional messages (account verification, booking confirmations, payment receipts, voicemail follow-ups) and account-related notifications.
Security: To detect fraud, validate identities, and enforce our terms of service.
Improvement: To analyze aggregate usage patterns and improve features. Individual message content is not used for general AI model training.
3. What We Do NOT Do
We do not sell, rent, lease, or trade your personal information, phone numbers, or message content to third parties for marketing or any other purpose.
We do not send unsolicited marketing messages or promotional SMS blasts.
We do not share your phone number with other Drupefruit users beyond the specific business owner you are communicating with.
4. Information Sharing
We share your information only in these limited circumstances:
Service providers: We engage third-party service providers for infrastructure, payments, communications, voice and AI processing, and identity-related services. These providers process data on our behalf under their own privacy policies and data processing agreements. A list of categories of subprocessors is available on request to privacy@drupefruit.com.
Merchants on Drupefruit-built platforms: Customer phone numbers and message content are shared with the specific business owner whose booking page or masked contact routing you contacted. This is the core purpose of the service.
Legal requirements: We may disclose information when required by law, subpoena, or legal process, or to protect our rights and safety.
5. Data Security
We implement industry-standard security measures including:
Encrypted data transmission (TLS/HTTPS)
Row-level security on all database tables
JWT-based authentication
Masked contact routing that prevents exposure of personal contact information across Drupefruit-built platforms
Signed URLs for private file access (voicemail recordings, documents)
6. Data Retention
Account data: Retained while your account is active and for 30 days after deletion.
Messages and call records: Retained for the business owner's use until they delete them or close their account.
Voicemail recordings: Stored for up to 90 days, then automatically deleted unless saved by the business owner.
Payment records: Retained as required by financial regulations (typically 7 years).
SMS opt-in records: Retained for the period required by applicable carrier messaging policies and law.
7. Your Rights
You have the right to:
Access your personal data by contacting us
Correct inaccurate information in your account settings
Delete your account and associated data
Opt out of SMS by replying STOP to any message
Export your data in a portable format
If you are a California resident, you have additional rights under the CCPA and CPRA, including the right to know, the right to delete, and the right to limit use of sensitive personal information. To exercise any of these rights, contact privacy@drupefruit.com.
8. Children's Privacy
Drupefruit's products are not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify account holders of material changes via email. The "Effective date" at the top of this page indicates the latest revision.