Privacy Policy

Effective Date: March 13, 2026 — Last Updated: March 27, 2026

NavamaCo, LLC, a California limited liability company, doing business as “Push Zero” (“Company,” “we,” “us,” or “our”)

1. Introduction and Scope

This Privacy Policy describes how NavamaCo, LLC d/b/a Push Zero collects, uses, discloses, retains, and protects personal information when you visit our website at pushzero.ai (the “Site”), use our AI phone answering, SMS, and web chat service (the “Service”), or otherwise interact with us.

This policy applies to two categories of individuals:

  • Business Subscribers (“Subscribers”): Business owners and their authorized users who register for and configure the Service.
  • Callers / End Users (“Callers”): Individuals who place calls, send SMS messages, or use web chat that is answered or handled by the Service.

By using the Site or Service, you acknowledge that you have read and understood this Privacy Policy. If you are a California resident, please see Section 11 (Your California Privacy Rights) for additional disclosures required under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), the California Online Privacy Protection Act (“CalOPPA”), and California's Shine the Light law (Cal. Civ. Code § 1798.83).

2. Categories of Personal Information We Collect

We collect the following categories of personal information (as defined by CCPA/CPRA, Cal. Civ. Code § 1798.140(v)):

CCPA CategoryExamplesCollected
A. IdentifiersName, email, phone number, IP address, account IDYes
B. Cal. Civ. Code § 1798.80(e) CategoriesName, address, telephone number, credit/debit card number (via payment processor)Yes
C. Protected ClassificationsNot intentionally collectedNo
D. Commercial InformationPurchase history, minute pack transactions, usage records, billing historyYes
E. Biometric InformationVoiceprints (not extracted or stored separately)No
F. Internet / Electronic Network ActivityBrowser type, OS, pages visited, referral URLs, session duration, device identifiersYes
G. Geolocation DataApproximate location derived from IP address; business address provided by SubscriberYes
H. Sensory DataCall recordings, voice data processed during callsNo — call recording is not currently enabled
I. Professional / Employment InformationBusiness name, business type, role/title (if provided)Yes
J. Education InformationNot collectedNo
K. InferencesCall classification (e.g., customer, solicitation, spam), lead scoringYes
L. Sensitive Personal InformationAccount login credentials (email + password/PIN); payment card number processed by Stripe (we do not store full card numbers)Yes (limited)

We do not intentionally collect personal information from children under the age of 16. The Service is designed for business use. If we learn that we have collected personal information from a child under 16, we will delete it promptly. If you believe we have collected information from a minor, contact us at privacy@pushzero.ai.

3. Sources of Personal Information

We collect personal information from the following sources:

  • Directly from you: When you register for an account, configure your Knowledge Base, contact support, or provide feedback.
  • From Callers: When Callers interact with your Agent by phone, SMS, or web chat, including call recordings, transcripts, and information voluntarily provided during the interaction.
  • Automatically: When you visit our Site or use the Service, through cookies, web beacons, log files, and similar technologies.
  • From Third-Party Platforms: When you connect booking, ordering, or other platforms to the Service (e.g., Square, Mindbody, Vagaro).
  • From service providers: From our telephony, payment, and analytics providers in connection with delivering the Service.

4. How We Use Personal Information

We use the personal information we collect for the following business and commercial purposes:

  • Service Delivery: To provide, operate, and maintain the Service, including answering calls, capturing leads, processing bookings, and routing messages.
  • Agent Training: To train, configure, and improve your business-specific AI Agent using your Knowledge Base data.
  • Communications: To send call summaries, account notifications, billing statements, service alerts, and support responses.
  • Billing and Payments: To process payments, manage minute balances, handle auto-recharge, and maintain billing records.
  • Analytics and Improvement: To analyze usage patterns, measure service performance, diagnose technical issues, and improve the Service.
  • Security and Fraud Prevention: To detect, prevent, and address fraud, spam, abuse, and security threats (including maintaining our screening rules and call classification systems).
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Marketing: With your opt-in consent only, to send promotional communications about new features and services.

5. How We Disclose Personal Information

We may disclose personal information to the following categories of recipients for the business purposes described above:

Service Providers / Processors:

  • Retell AI — Voice AI processing (call handling, speech-to-text, text-to-speech)
  • Twilio — Telephony, SMS delivery, and phone number provisioning
  • Stripe — Payment processing and billing (Stripe receives payment card data directly; we do not store full card numbers)
  • Loops — Email marketing automation (only if you opt in to marketing communications)
  • Railway — Cloud infrastructure hosting

Business Subscribers: Caller information (call recordings, transcripts, lead data) is shared with the Subscriber whose Agent handled the interaction. The Subscriber is an independent data controller with respect to Caller data they receive through the Service.

Third-Party Platforms: When a Subscriber connects a Third-Party Platform (e.g., Square for booking), we transmit the minimum data necessary to complete the requested action (e.g., booking name, time, service).

Legal Obligations: We may disclose personal information if required by law, subpoena, court order, or governmental request, or to protect the rights, safety, or property of Push Zero, our users, or the public.

Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, personal information may be transferred to the successor entity. We will notify you via email and/or prominent notice on the Site of any change in ownership or use of your personal information.

6. Sale and Sharing of Personal Information

Push Zero does not sell personal information. We have not sold personal information in the preceding twelve (12) months.

Push Zero does not “share” personal information for cross-context behavioral advertising as defined by CCPA/CPRA (Cal. Civ. Code § 1798.140(ah)). We do not use third-party advertising cookies or tracking pixels that would constitute “sharing” under the CCPA/CPRA.

We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age.

SMS/Text Messaging Data: No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties, except aggregators and providers of the text messaging services.

All categories of data disclosure described in Section 5 above exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, excluding aggregators and providers of the text messaging services.

7. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies on our Site:

  • Strictly Necessary Cookies: Required for the Site to function (e.g., authentication, security). Cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use the Site (e.g., page views, traffic sources). We use these to improve the Site experience.

We do not use advertising or cross-site tracking cookies.

Do Not Track: Pursuant to CalOPPA (Cal. Bus. & Prof. Code § 22575), we disclose that our Site does not currently respond to “Do Not Track” (DNT) browser signals because there is no uniform standard for DNT compliance. However, because we do not engage in cross-site tracking or sell/share personal information for advertising, the practical effect of DNT is already reflected in our practices.

Global Privacy Control (GPC): We honor the Global Privacy Control signal as a valid opt-out of the “sale” or “sharing” of personal information under CCPA/CPRA, as required by the California Attorney General. Because we do not sell or share personal information, no additional action is taken in response to GPC signals, but the signal is logged.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. Our standard retention periods are:

  • Call recordings: N/A — call recording is currently disabled. If recording is enabled in the future, recordings will be retained for 90 days from the date of the call, then permanently deleted.
  • Transcripts: Retained for the duration of the Subscriber's active account; deleted within 30 days of account closure.
  • Lead and Caller data: Retained for the duration of the Subscriber's active account; anonymized or deleted within 30 days of account closure.
  • Billing records: Retained for seven (7) years as required by tax and accounting regulations.
  • Account data: Deleted within 30 days of account closure, except as required for legal compliance.
  • Consent records: Retained as an immutable audit trail for the duration required by applicable law (minimum 5 years beyond the consent period).
  • Server logs: Automatically purged after 90 days.

9. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect personal information, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Strict access controls with role-based permissions and multi-factor authentication for administrative access
  • Regular security reviews and vulnerability assessments
  • Service-to-service authentication between internal components
  • Webhook signature verification for third-party integrations
  • Immutable audit logs for consent and data access events

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect personal information, we cannot guarantee its absolute security. In the event of a data breach involving personal information, we will notify affected individuals and the California Attorney General as required by California Civil Code Section 1798.82 (California Data Breach Notification Law).

10. Your General Privacy Rights

Depending on your location, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Deletion: Request deletion of your personal information, subject to legal exceptions.
  • Correction: Request correction of inaccurate personal information.
  • Portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Opt-Out of Marketing: Unsubscribe from marketing communications at any time.

To exercise any of these rights, submit a request to privacy@pushzero.ai or use the Data Subject Access Request form accessible through your account settings. We will respond to verifiable requests within the timeframes required by applicable law.

11. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100–1798.199.100):

(a) Right to Know / Right to Access (§ 1798.100, § 1798.110): You have the right to request that we disclose: (i) the categories of personal information we have collected about you; (ii) the categories of sources from which we collected personal information; (iii) the business or commercial purpose for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we disclose personal information; and (v) the specific pieces of personal information we have collected about you.

(b) Right to Delete (§ 1798.105): You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations, or conducting solely internal uses reasonably aligned with your expectations).

(c) Right to Correct (§ 1798.106): You have the right to request that we correct inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing.

(d) Right to Opt-Out of Sale or Sharing (§ 1798.120): You have the right to direct us to not sell or share your personal information. As stated in Section 6, we do not sell or share personal information for cross-context behavioral advertising.

(e) Right to Limit Use of Sensitive Personal Information (§ 1798.121): You have the right to limit our use or disclosure of sensitive personal information to that which is necessary to perform the Service. We use sensitive personal information (account login credentials) only for authentication and security purposes.

(f) Right to Non-Discrimination (§ 1798.125): We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying services, charging different prices, providing a different level of service, or suggesting that you will receive a different level of service.

How to Submit a Request: You or your authorized agent may submit a request by:

  • Emailing privacy@pushzero.ai with the subject line “CCPA Request”
  • Using the Data Subject Access Request (DSAR) form in your account settings

Verification: We will verify your identity before processing your request. For account holders, we verify through your authenticated session or registered email address. For non-account holders (e.g., Callers), we may require additional identifying information to match you to our records. We will not fulfill a request if we cannot reasonably verify your identity.

Authorized Agents: You may designate an authorized agent to make a request on your behalf. The authorized agent must provide written proof of authorization signed by you or a valid power of attorney. We may still require you to verify your identity directly.

Response Timing: We will respond to verifiable consumer requests within forty-five (45) calendar days of receipt. If we require additional time (up to an additional 45 days), we will inform you in writing of the reason and the extension period.

Scope of Deletion: When we process a deletion request, we will delete or anonymize personal information from our active systems, direct our service providers and processors (Retell, Twilio, Stripe, Loops) to delete the corresponding data from their systems, and invalidate any cached data snapshots. Active call sessions will complete, and data will be purged at the session boundary.

Financial Incentive Programs (§ 1798.125(b)): Our free minutes offering (60 free minutes for new accounts) is not a financial incentive program conditioned on the collection of personal information. All accounts receive the same free minutes regardless of data practices.

12. California Shine the Light (Cal. Civ. Code § 1798.83)

California residents may request information regarding our disclosure of personal information to third parties for those third parties' direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes. If this practice changes, we will update this policy and provide an opt-out mechanism. You may send such requests to privacy@pushzero.ai with “Shine the Light Request” in the subject line.

13. CCPA Metrics Disclosure

Pursuant to California Code of Regulations, Title 11, Section 999.317(g), we will publish annual metrics regarding the number of CCPA requests received, complied with (in whole or in part), and denied, as well as the median response time, once we have been in operation for twelve (12) months following the effective date of this policy. This information will be posted on this page.

14. Call Recording Privacy

Current Status: Call recording is not currently enabled in the Push Zero service. Calls are processed by our AI Agent in real time and transcripts are generated, but audio recordings of calls are not captured or stored.

If Recording Is Enabled in the Future: Should call recording be activated, we will update this Privacy Policy and provide advance notice to all Subscribers. At that time, Callers will receive a clear disclosure at the beginning of each call, consistent with California Penal Code Section 632 and any other applicable two-party consent laws. Subscribers will be responsible for ensuring that recording disclosures remain enabled and appropriate for their jurisdiction(s). Recordings would be stored encrypted at rest and in transit, accessible only to the Subscriber and authorized Push Zero personnel for support purposes, and automatically deleted after 90 days.

15. AI and Automated Decision-Making

Push Zero uses artificial intelligence to process and respond to calls, classify call types (e.g., customer inquiry, solicitation, spam), capture lead information, and generate analytics.

Profiling: We use automated call classification to distinguish customer calls from spam and solicitations. This classification affects billing (non-billable calls are not charged) and screening (repeat offenders may be blocked). Subscribers may request reclassification of any call, and billing credits are issued for incorrect classifications.

Right to Opt Out of Automated Decision-Making (CPRA § 1798.185(a)(16)): Under the CPRA, you have the right to opt out of automated decision-making technology, including profiling, to the extent it produces legal or similarly significant effects. Our call classification and spam screening are designed to protect Subscribers from unwanted calls and do not produce legal effects on Callers. If you believe you have been incorrectly classified or blocked, contact privacy@pushzero.ai for review.

16. International Data Transfers

Push Zero is based in the United States and processes data in the United States. If you access the Service from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to such transfer and processing. We apply the same protections described in this policy regardless of where data is processed.

17. Third-Party Links

The Site may contain links to third-party websites or services that are not owned or controlled by Push Zero. This Privacy Policy does not apply to those websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least thirty (30) days' prior notice via email to registered Subscribers and will post the updated policy on our Site with a revised “Last Updated” date.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this policy periodically. The prior version of this policy is available upon request to privacy@pushzero.ai.

19. Contact Information

NavamaCo, LLC
d/b/a Push Zero

Privacy inquiries: privacy@pushzero.ai

CCPA / DSAR requests: privacy@pushzero.ai (subject line: “CCPA Request”)

General inquiries: support@pushzero.ai

20. Supplemental Disclosures for Callers

If you are a Caller (i.e., you placed a call, sent an SMS, or used web chat with a business that uses Push Zero), the following additional information applies to you:

  • Data Controller: The business you contacted is the data controller for the interaction data. Push Zero acts as a data processor on that business's behalf. For questions about how a specific business uses your data, contact that business directly.
  • What We Collect: Your phone number, the content of your call/message (including recordings and transcripts), any information you voluntarily provide (name, appointment details, etc.), and call metadata (time, duration, classification).
  • Your Rights: You may exercise your privacy rights (access, deletion, correction) directly with Push Zero at privacy@pushzero.ai. Please include the phone number used and the approximate date of interaction so we can locate your records.
  • Consent Revocation: If you revoke consent to recording during a call, the recording will stop and the call may be terminated. This does not retroactively delete the portion already recorded under valid consent.