top of page

Privacy Policy

This Privacy Policy describes how HMS Innovations LLC, a FL limited liability company, doing business as RipDrip (“HMS Innovations,” “RipDrip,” “we,” “us,” or “our”) collects, uses, processes, discloses, and protects information in connection with all products, services, software, websites, applications, APIs, integrations, and related offerings (collectively, the “Services”).


This Privacy Policy applies to all Services operated by HMS Innovations, including but not limited to RipDrip-DM, RipDrip-AI, and any successor or related offerings, and all websites and domains operated by HMS Innovations, including ripdrip.ai, ripdrip.com, and all subdomains.


By accessing or using the Services, you consent to this Privacy Policy.


 Continued use of the Services after updates constitutes acceptance of the revised Privacy Policy and consent to the processing described herein.

1. Roles and Scope


1.1 Controller and Processor Roles


Depending on your jurisdiction and usage, privacy laws may distinguish between a “controller/business” and a “processor/service provider.”

 

  • You (the customer/user) act as the data controller/business with respect to:
     

    • messaging content, recipients, and targeting;

    • consent/opt-in/opt-out practices and compliance decisions;

    • campaign purpose, messaging cadence, and disclosures;

    • connected social-media account activity;

    • SMS programs and messaging operations;

    • calendar scheduling decisions and event content.

 

  • HMS Innovations generally acts as a service provider / processor, processing information solely to provide the Services on your behalf, consistent with your configurations, instructions, and authorizations.


HMS Innovations does not independently determine the purposes of your messaging or scheduling activities, except where we must process data for our own legitimate operational needs (e.g., security, billing, compliance, and product improvement as described below).

2. Information We Collect


We collect information from multiple sources, including information you provide, information you authorize us to access through integrations, information generated through your use of the Services, and information provided by third parties involved in delivering the Services (e.g., messaging providers).


2.1 Information You Provide or Authorize


We collect information you voluntarily provide or authorize us to access, including any information reasonably necessary to provide, operate, support, secure, and improve the Services and to meet third-party platform, carrier, messaging-provider, or legal requirements applicable to the Services.


This may include, without limitation:


(a) Account and Profile Information

 

  • name, email address, phone number, username, password (hashed), and account preferences;

  • business name and role/authorization details;

  • customer support communications and correspondence.


(b) Billing and Transaction Information

 

  • billing contact information;

  • payment method tokenization and limited transaction data (typically processed and stored by payment processors, not by us in full);

  • invoices, receipts, and account status information.


(c) Business, Entity, and Compliance Information (Including SMS Registration)
We may collect business and legal-entity information needed for messaging registration, vetting, or compliance processes, including information you provide for brand/campaign submissions through intermediaries (including Messaging Providers), such as:

 

  • company legal name and DBA information;

  • entity type (e.g., LLC, corporation);

  • formation/registration information (where required);

  • business address and contact information;

  • authorized representative information;

  • ownership/control information or attestations (where required);

  • website URLs and brand descriptors;

  • use case descriptions, sample messages, opt-in language, opt-out language, and disclosures;

  • any other information reasonably requested by Messaging Providers, carriers, or registries for approval or remediation workflows.


(d) User Configuration Data (AI Setup / Conversation Logic)

 

  • prompts, decision trees, workflows, rebuttals, FAQs, scripts, rules, tags, filters, and other instructions you configure to influence AI or automation behavior.


(e) Content You Submit Through the Services

 

  • templates, scripts, message drafts, and other content you upload or create;

  • any media you upload (subject to product capabilities).


(f) Voice Data


If you use synthetic voice features, we collect voice recordings or samples (“Voice Data”) you upload for the purpose of creating and operating a synthetic voice model.


(g) Calendar Authorization Data


If you connect a calendar provider, we collect authorization tokens and related integration metadata required to access the calendar data you permit.


2.2 Messaging and Channel Data


Depending on which Services you use, we may process messaging content and metadata.


(a) Social Media Messaging (RipDrip-DM)


If you connect a supported social media platform:

 

  • we process inbound messages sent to your connected accounts;

  • we process message metadata (timestamps, sender identifiers, conversation identifiers);

  • we generate and send AI responses only to inbound messages initiated by third parties, based on your configuration;

  • if enabled, we may generate voice responses using your synthetic voice model.


(b) SMS and Messaging Channels (RipDrip-AI)


If you use SMS features:

 

  • we process outbound message content you author/provide for initial outbound messages;

  • we process inbound replies from recipients;

  • we may generate and send AI responses after a recipient replies, based on your User Configuration Data;

  • we process phone numbers, sender identifiers, routing metadata, delivery status, error codes, and carrier feedback;

  • we may process compliance and enforcement-related metadata (e.g., filtering/throttling indicators, rejection reasons, campaign/brand status signals) received via Messaging Providers and intermediaries.


2.3 Calendar Data


If you connect Google Calendar or another calendar provider and grant permissions, we may process calendar data that you authorize us to access, which may include:

 

  • event titles, dates, times, locations, and descriptions;

  • attendee information (as permitted by the integration);

  • scheduling metadata needed to create, update, or manage events;

  • calendar settings and availability information (as permitted).


We process calendar data only as needed to provide the calendar-related functionality you enable.


2.4 Automatically Collected Information


We may automatically collect information about your device and usage, including:

 

  • IP address, device identifiers, and approximate location (derived from IP);

  • browser type, operating system, and settings;

  • log data, crash reports, diagnostics, and error logs;

  • feature usage, performance metrics, and interaction data;

  • security-related signals (e.g., authentication events, suspicious activity patterns).


2.5 Information From Third Parties


We may receive information from third parties involved in providing the Services, including:

 

  • Messaging Providers, carriers, intermediaries, and vendors (delivery status, filtering/throttling signals, enforcement notices, registration status updates);

  • social media platforms (integration metadata and message delivery-related info as permitted);

  • calendar providers (integration metadata and authorized calendar data);

  • payment processors (payment status and limited transaction confirmation data);

  • analytics and security providers (fraud and security signals).

 

3. Artificial Intelligence and Automated Processing


The Services use artificial intelligence and automated systems to generate responses and manage workflows based on User Configuration Data.


You acknowledge that:

 

  • AI-generated outputs may be inaccurate, incomplete, misleading, offensive, or inappropriate;

  • AI outputs are probabilistic in nature and depend materially on your inputs and configuration;

  • AI-generated messages are generated and sent on your behalf and are treated as your statements.


We do not review, approve, or monitor every individual message. We may implement general system-level guardrails and may make compliance-related adjustments to AI behavior where reasonably necessary to protect deliverability, platform standing, security, and integrity.

4. Voice Data and Biometric Information


4.1 Voice Data Use


If you enable synthetic voice features, Voice Data is processed solely to:

 

  • create and operate a synthetic voice model for you; and

  • generate synthetic voice outputs as part of the Services.


Voice Data is not sold and is not included in Anonymized & Aggregated Usage Data.


4.2 Biometric Disclosure and Consent


Certain jurisdictions regulate biometric identifiers such as voiceprints. By uploading Voice Data, you expressly consent to the collection, processing, storage, and use of Voice Data for the purposes of providing the Services.


We do not use Voice Data for identity verification, surveillance, or authentication.

5. How We Use Information


We use information for the following purposes:


5.1 Provide and Operate the Services

 

  • create and administer accounts;

  • provide access to product features you enable;

  • deliver messaging and automation functionality;

  • provide calendar integration features;

  • generate AI responses where enabled and configured.


5.2 Messaging Registration, Vetting, and Deliverability Operations


For SMS and messaging deliverability and compliance workflows, we may use information to:

 

  • submit brand/campaign registration or vetting information through Messaging Providers and intermediaries, using data you provide;

  • coordinate responses, appeals, and remediation steps with Messaging Providers, carriers, and intermediaries where permitted;

  • notify you of issues and guide required user-side changes (e.g., when the issue relates to user-authored outbound content or consent practices);

  • implement reasonable AI guardrail adjustments for AI-driven messaging where needed for deliverability/compliance.


5.3 Customer Support and Communications

 

  • respond to inquiries and provide support;

  • notify you about updates, incidents, changes, and administrative messages.


5.4 Security, Integrity, and Fraud Prevention

 

  • detect and prevent abuse, fraud, or security incidents;

  • troubleshoot, debug, and maintain reliability.


5.5 Improve and Develop the Services

 

  • understand usage patterns, improve performance, and develop new features;

  • generate internal analytics and insights (including Anonymized & Aggregated Usage Data).


5.6 Legal and Compliance

 

  • comply with applicable laws and lawful requests;

  • enforce our agreements and policies.

 

6. Messaging Providers, Carriers, and Registries (Operational Realities)


6.1 Messaging Provider Layer


For SMS and related messaging, we route messages through one or more third-party connectivity providers, carriers, aggregators, and intermediaries (“Messaging Providers”). Certain Messaging Providers may be undisclosed for security, contractual, or operational reasons.


You acknowledge that Messaging Providers may:

 

  • impose policies and vetting requirements;

  • interface with carriers and registries;

  • apply filtering, throttling, blocking, or enforcement actions;

  • require additional information to maintain deliverability.


6.2 Brand/Campaign Registration on Your Behalf


Where required, we may submit brand/campaign registration and vetting information on your behalf using information you provide. You are responsible for ensuring the information you provide is accurate and compliant.


We do not control approval outcomes, which are determined by third parties (Messaging Providers, registries, and carriers).


6.3 Notices and Remediation


If we receive compliance or deliverability-related notices from Messaging Providers, carriers, or intermediaries, we may:

 

  • notify you of the issue;

  • assist in remediation and coordinate responses/appeals where permitted;

  • adjust AI behavior or guardrails for AI-driven messaging where reasonably necessary.


If the issue relates to user-authored outbound messaging or consent practices, you are responsible for implementing required changes, and we may provide guidance.

7. Anonymized & Aggregated Usage Data


7.1 Definition


“Anonymized & Aggregated Usage Data” means analytics, metrics, statistics, trends, patterns, system performance data, model learnings, embeddings, weights, and other derived information generated from operation of the Services in aggregated and irreversibly anonymized form, such that it cannot reasonably be used to identify any individual, account, phone number, calendar event, recipient, or specific message.


7.2 Ownership and Use

 

  • Anonymized & Aggregated Usage Data does not constitute Personal Data.

  • It falls outside the scope of GDPR, CCPA/CPRA, and similar privacy laws.

  • HMS Innovations exclusively owns such data.


We may use, commercialize, license, sell, transfer, disclose, or otherwise exploit Anonymized & Aggregated Usage Data for any lawful purpose, including analytics, benchmarking, research, product development, and commercial resale.


We do not attempt to re-identify such data or combine it with other datasets for identification.

8. How We Share Information


We may share information in the following ways:


8.1 Service Providers


We share information with vendors and service providers that help us operate the Services (e.g., hosting, monitoring, customer support tools, payment processors, security providers), subject to contractual confidentiality and appropriate safeguards.


8.2 Messaging Providers, Carriers, and Intermediaries


For SMS delivery and messaging operations, we share information necessary to route, deliver, register, and manage messaging services through Messaging Providers, carriers, and intermediaries.


8.3 Social Platforms and Integrations


We share and receive information with connected platforms as required to provide the integrations you enable and as permitted by your authorizations.


8.4 Calendar Providers


We share and receive information with calendar providers as required to provide calendar features you enable and as permitted by your authorizations.


8.5 Legal, Safety, and Rights


We may disclose information to comply with law, enforce our agreements, protect rights and safety, investigate fraud, or respond to lawful requests.


8.6 Business Transfers


We may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.


We do not sell Personal Data.

9. Lawful Bases and Consent


9.1 Inbound Communications


For inbound social-media messages and inbound SMS replies, processing is generally based on your instructions as controller and on the recipient’s initiation of communication through your channel.


9.2 Outbound SMS


You are responsible for establishing a lawful basis for outbound SMS messaging, including required consent and opt-out mechanisms, and for compliance with applicable laws and carrier rules.


9.3 Continued Use as Consent


Your continued use of the Services constitutes consent to this Privacy Policy and the processing described herein.

10. Data Retention


We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business needs.

 

  • Message data may be retained according to your settings, product configuration, and operational needs (including troubleshooting and compliance support).

  • Voice Data is retained while your account is active or until deletion is requested, subject to legal and operational requirements.

  • Calendar data is retained based on the permissions and features you enable and may be removed upon disconnection.

  • Anonymized & Aggregated Usage Data may be retained indefinitely.

 

11. Data Security


We maintain reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, and destruction.


No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Your Rights


12.1 GDPR (EEA/UK)


Depending on your location, you may have rights to access, correct, delete, restrict processing, object to processing, and request portability of your Personal Data.


Because you generally act as controller for messaging data, end-user requests should typically be handled by you. We will assist as required by applicable law and our role.


12.2 CCPA / CPRA (California)


California residents may have rights to know, access, delete, and correct Personal Data, and to limit the use of sensitive Personal Information (as defined by law).


We do not sell Personal Data and generally act as a service provider for our customers.


To submit a request, contact us at the email in Section 17.

13. Regulated Industries


If you use the Services in regulated industries (e.g., healthcare, finance, insurance, legal, political communications, telecommunications), you are solely responsible for compliance with applicable laws and regulations. The Services are not designed to ensure regulatory compliance, and we disclaim liability arising from regulated-industry use.

14. International Transfers


Your information may be processed and stored in countries other than your own. Where required, we implement appropriate safeguards for international transfers.

15. Children


The Services are not intended for individuals under 18. We do not knowingly collect Personal Data from children.

16. Changes to This Privacy Policy


We may update this Privacy Policy from time to time.


 Continued use of the Services after changes constitutes acceptance of the updated Privacy Policy and consent to the processing described therein.

17. Contact Us
HMS Innovations LLC (DBA RipDrip)
 Email: support@ripdrip.ai

bottom of page