Legal · Sonnenz LLC
Privacy Policy
// Effective: January 1, 2024 · Last updated: May 2024
Overview
This Privacy Policy describes how WrightLabs.ai, operated by Sonnenz LLC ("WrightLabs," "we," "us," or "our"), collects, uses, and handles information in connection with our AI automation services, API integrations, and software tools — including our GoHighLevel (GHL) OAuth integrations and MCP (Model Context Protocol) connectors.
By using our services or authorizing our applications to access third-party platforms on your behalf, you agree to the practices described in this policy.
Information We Collect
- Account credentials and authorization tokens — OAuth access tokens, refresh tokens, and API keys required to connect your GoHighLevel sub-account or other third-party services to WrightLabs systems.
- Contact and lead data — Names, phone numbers, email addresses, and communication history for contacts within your GoHighLevel CRM, processed solely to power your automation workflows.
- Conversation and messaging data — SMS, email, and call log data accessed through GHL APIs to execute automated sequences and AI-powered follow-up.
- Pipeline and opportunity data — Deal stages, opportunity values, and CRM field data used to route leads and trigger workflow actions.
- Usage and performance data — Workflow trigger events, API call logs, and automation performance metrics to operate and improve our services.
- Contact information you provide — Name, email address, and business information submitted when you engage with WrightLabs directly.
GoHighLevel OAuth Integration
Our GHL OAuth applications request access to your GoHighLevel sub-account for the purpose of building and operating automation workflows. When you authorize a WrightLabs OAuth application:
- We receive an access token scoped to the permissions you explicitly grant.
- We use that access to read and write CRM data, trigger workflows, send messages, and manage pipeline records — only as needed to deliver the services you've engaged us for.
- We do not sell, broker, or transfer your GHL data to third parties for advertising or marketing purposes unrelated to your workflows.
- You may revoke OAuth access at any time through your GoHighLevel account settings. Revocation will stop all automated data access within 24 hours.
How We Use Information
- Operate and deliver AI automation workflows on your behalf
- Execute lead routing, appointment setting, follow-up sequences, and reactivation campaigns
- Monitor and troubleshoot automation performance
- Communicate with you about your systems, configurations, and service updates
- Comply with applicable legal obligations
Data Sharing and Disclosure
We do not sell your data. We may share information only in the following circumstances:
- Service providers — Third-party tools required to operate our services (e.g., cloud infrastructure, AI model APIs) under appropriate data processing agreements.
- GoHighLevel and connected platforms — Data is written back to your GHL account as part of normal automation operation.
- Legal requirements — When disclosure is required by law, court order, or government authority.
- Business transfers — In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
Data Retention
We retain API tokens and operational data only as long as necessary to deliver active services. When a client engagement ends or OAuth authorization is revoked, we purge associated tokens and cease data access.
Security
We implement industry-standard security measures including encrypted storage of credentials, HTTPS for all data transmission, and access controls limiting exposure of client data. We will notify you promptly in the event of a breach affecting your data.
Your Rights
- Request access to the data we hold about you or your account
- Request correction of inaccurate information
- Request deletion of your data (subject to legal retention requirements)
- Revoke OAuth authorizations at any time through the connected platform
Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on our website.
Contact