Privacy Policy

Hazel ("Hazel," "we," "our," or "us") is operated by Valsoft Corporation. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with the Hazel service available at hazelhere.com (the "Service") — an AI voice assistant and CRM for licensed childcare centers, schools, and home-based childcare providers.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

From the centers using Hazel

• Account information (name, email, role, center name and address, phone number)
• Authentication data (hashed passwords, OAuth tokens for connected services)
• Center configuration (business hours, programs, classrooms, staff names, knowledge base entries)
• Tour bookings, leads, and CRM records you create or that Hazel creates on your behalf

From callers and families

• Caller phone number, recordings of inbound calls, and transcripts
• Information shared during the call: parent name, child name and age, requested tour times, questions asked
• Email addresses and phone numbers if provided so the center can follow up

Recordings and transcripts are processed to deliver call answering, tour booking, and CRM functionality. Centers control retention of these records through their Hazel account settings.

From connected third-party services

• Google Calendar: when a director connects Google, we access calendar free/busy data and the events on the calendar they choose so Hazel can offer accurate tour times and write tour bookings back. Specific scopes are listed below.
• Microsoft 365 / Outlook: equivalent scopes for read/write of the connected calendar (own or delegated shared mailbox).
• Calendly: event-type configuration, availability, and booking creation if the center connects Calendly as their scheduling source of truth.

Hazel's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, when a director connects Google Calendar, Hazel:

• Requests only the minimum scopes needed to provide tour scheduling: read/write access to events on calendars the connecting user has access to, for the limited purpose of (a) detecting busy/free times to avoid double-booking and (b) creating Hazel-booked tours on the chosen calendar.
• Does not use Google user data to train generalized AI / ML models.
• Does not use Google user data for serving advertisements.
• Does not sell Google user data, and does not transfer it to third parties except as needed to provide the Service (e.g., infrastructure providers acting on Hazel's behalf), to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.
• Allows directors to disconnect Google at any time from the Hazel CRM Settings page; on disconnect, stored OAuth tokens are deleted and synced unbooked tour slots are removed.

• Provide the Service: answer calls, book tours, manage leads, sync calendars, send confirmations
• Maintain account and billing
• Improve product quality, debug issues, and prevent abuse — using only what's necessary and using anonymized aggregates where possible
• Comply with applicable law and respond to lawful requests
• Communicate with center staff about service updates, security notices, and support requests

We do not use voice recordings, transcripts, or connected-calendar data to train AI models that are then made available to other customers or third parties. Models that power Hazel's voice and text features are commercial models from third-party providers (OpenAI, Anthropic, Google) used under their respective API terms; data sent to those providers is governed by their data-processing terms.

• Service providers (sub-processors): infrastructure (AWS), database hosting, transcription, voice AI (Sadie / underlying voice model providers), email (Amazon SES, Resend), error monitoring. Each is bound by contract to use data only to provide their service to Hazel.
• Connected accounts: when a center connects Google, Microsoft, or Calendly, Hazel sends and receives data with that service as needed to deliver scheduling features.
• Legal compliance: we may disclose information if required by law, subpoena, or to protect Hazel, our customers, or the public from harm.
• Business transfers: in the event of a merger, acquisition, reorganization, or sale of assets, information may be transferred to the successor entity, subject to this Privacy Policy.

We do not sell personal information to advertisers or data brokers.

Hazel is intended for use by adult childcare professionals and parents/guardians. We do not knowingly collect personal information directly from children under 13. Information about children that the Service handles (e.g., a child's first name, age, allergies in a tour-booking note) is provided by the parent/guardian or the childcare center as part of operating the center, and is processed under the center's direction in accordance with their own privacy practices and applicable law (including COPPA where it applies).

If you believe a child has provided information directly to Hazel without parental consent, contact us at the address below and we will delete it.

We retain account information for the duration of the customer relationship and for a reasonable period after termination as needed for legal, accounting, or audit purposes. Call recordings, transcripts, and CRM records are retained according to the center's configured retention setting (default: 12 months) and can be exported or deleted on request.

We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for stored credentials and recordings, role-based access controls, and regular dependency security review. No system is perfectly secure; we will notify affected users without undue delay in the event of a breach affecting their data.

You can:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion of your information (subject to legal retention requirements)
• Disconnect any connected third-party service from the CRM Settings page
• Export your CRM data
• Withdraw consent at any time by closing your account

To exercise these rights, email info@hazelhere.com. We will respond within 30 days.

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected and the right to delete it. EEA/UK residents have rights under the GDPR / UK GDPR. Contact us using the address above to exercise any of these rights.

Hazel is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when. Material changes will be communicated via email or in-app notice. Continued use of the Service after changes take effect constitutes acceptance.

Hazel · operated by Valsoft Corporation
Email: info@hazelhere.com
Web: hazelhere.com