Privacy Policy

Last Updated: December 9, 2025

Ithena Labs Inc. ("we," "us," or "our") provides Sophia, an SMS-based back-office assistant for trades and service professionals (the "Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

We collect information necessary to provide the Service, including:

Information You Provide

  • Identity Data: Your name and business name.
  • Contact Data: Your mobile phone number.
  • Customer Data: Names, phone numbers, email addresses, and mailing addresses of your customers that you provide to us for invoicing purposes.
  • Transaction Data: Details about jobs, invoices, line items, and payments you process through the Service.
  • Communication Data: The content of text messages sent to and from the Service.

Information Collected Automatically

  • SMS Consent Records: When you opt in to receive SMS messages, we record the date, time, phone number, IP address, and the exact consent language you agreed to.
  • Usage Data: We collect anonymized analytics data about website visits using Cloudflare Analytics. This does not include personal identifiers or cookies.

Information from Third Parties

  • Payment Data: Financial information required for payment processing is collected directly by our payment processor, Stripe. We receive confirmation of account status and transaction completion but do not store full bank account or credit card numbers.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process instructions you send via SMS and generate appropriate responses.
  • Create and send invoices to your customers on your behalf.
  • Facilitate payments via Stripe Connect.
  • Maintain context and memory to provide personalized assistance.
  • Improve our AI models and service functionality.
  • Communicate with you about service updates, if necessary.
  • Comply with legal obligations and A2P 10DLC carrier requirements.

3. AI and Automated Processing

The Service uses artificial intelligence to process your text messages and generate responses. When you send a message to Sophia:

  • Your message is processed by our AI system to understand your intent.
  • The AI may access your stored customer, invoice, and business information to fulfill your request.
  • Responses and drafts are generated automatically but always require your explicit approval before any action is taken (such as sending an invoice).
  • We use AI language models via OpenRouter to power our natural language processing. Your data is processed to fulfill your requests and is not used to train AI models.

4. Data Sharing and Disclosure

We strictly limit how we share your data. We do not sell your personal information or your customers' phone numbers to third parties.

We share information only with the following categories of service providers necessary to operate the Service:

  • Telephony Providers (Sinch): To transmit SMS messages between you, Sophia, and your customers.
  • Payment Processors (Stripe): To facilitate account onboarding, invoice payment links, financing options (Klarna/Affirm), and payouts to your bank account.
  • AI Providers (OpenRouter): To process natural language commands and generate message drafts via various AI models.
  • Infrastructure Providers (Convex, Cloudflare): To host and deliver the Service.

We may also disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. SMS/Text Messaging

  • Message frequency varies based on your usage of the Service.
  • You can opt out at any time by replying STOP to any message.
  • Reply HELP for assistance.
  • Message and data rates may apply.
  • Carriers are not liable for delayed or undelivered messages.

6. Data Retention

We retain your personal information, message history, and transaction data while your account is active to provide continuous service and historical context.

  • Active Accounts: Data is retained indefinitely while you use the Service.
  • Inactive Accounts: If you have no interaction with the Service for 6 months, your account may be considered inactive and subject to termination.
  • After Termination: We retain your data for 30 days after account termination to allow for data export requests. After 30 days, your data is permanently deleted.

7. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. This includes encryption in transit (TLS) and at rest, access controls, and regular security reviews.

While we have taken reasonable steps to secure your information, please be aware that no security measures are perfect or impenetrable. We cannot guarantee absolute security.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data (subject to legal retention requirements).
  • Export: Request an export of your data in a portable format.

To exercise any of these rights, contact us at [email protected]. We aim to respond within 24 hours.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect and how it is used.
  • The right to delete your personal information.
  • The right to opt out of the "sale" of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by sending an SMS to your registered phone number and updating the "Last Updated" date at the top of this page.

Your continued use of the Service after such modifications constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Ithena Labs Inc.

131 Continental Drive, Suite 305

Newark, DE 19713

Email: [email protected]