Legal

Privacy Policy

Last updated: July 17, 2026 · Effective immediately

Who we are

This Privacy Policy applies to 4th Wall Solutions, operating as 4THWALL ("4THWALL," "we," "our," or "us"). We build AI infrastructure for trades contractors and service operators, and we operate that infrastructure on our clients' behalf. You can reach us at:


4th Wall Solutions
Stamford, CT
(203) 670-9477
andrew@4thwall.solutions
Security and privacy contact: security@4thwall.solutions

Two kinds of people we collect data about

This policy distinguishes between two groups whose data we handle differently:


Information we collect

From prospects and clients: name, business name, email, phone, business type, the content of messages you send us, billing details (handled by our payment processor — we never store full card numbers), and per-client configuration you provide during onboarding (service area, hours, voice, etc.).


From end customers (on behalf of our clients): name, phone, email, address, and the content of SMS / web-chat conversations they have with the contractor's AI receptionist. This data is stored on a per-client basis and is only accessible to the contractor it belongs to.


From our website: server logs (IP, user-agent, request path, response code) generated by our hosting provider as part of normal web operations. We do not run third-party analytics, advertising trackers, or cross-site tracking pixels on 4thwall.solutions today.

Vesta public contractor directory

Vesta publishes a public directory of Connecticut contractors compiled from public records and publicly posted reviews. For listed businesses, we hold business name, city, trade, public registration status, and a short Vesta-written summary of public reviews — sourced from publicly available information, not collected from the businesses themselves. Any listed business may request removal, correction, or a copy of what we hold, at any time and at no cost, by emailing contact@4thwall.solutions; we honor requests within 5 business days. Full directory terms (sources, what the registration badge means, and how the summaries are written) are in our Terms of Service.

Lens contractor workspaces and provider connections

4THWALL Lens is a free, private workspace where a contractor can turn the operating history inside their business tools into source-labeled answers — under their own control. When you create a Lens workspace, here is exactly what we handle:


Your account. You sign in with an email link or with Google. We store your email address, a display name if your sign-in provides one, and workspace membership. We never see or store a password. Sign-in sessions last up to 14 days; only a cryptographic digest of each session token is stored, and you can view and revoke all active sessions from Settings at any time.


Your provider connection. Connecting a supported business tool (such as Jobber) is a separate, explicit consent step — creating a workspace connects nothing. Connections are read-only: we can never write to, change, or delete anything in your business tool. We record the purpose, scope, and time of your consent.


What we keep — and what we deliberately discard. From connected records, deterministic rules retain only the minimum operational facts needed for the stated trust purpose: canonical work categories, dates, record states, and source provenance. Customer names and contact details, money amounts, free-text notes, and staff identity are discarded during translation and are not stored by Lens. Your business tool remains the source of record; Lens is not a copy of your CRM.


Your review controls. Every translated record is private by default. You decide, record by record, what is included, what stays private, and what to question. Nothing becomes homeowner-visible without your review, and no public release path is currently enabled for any workspace. Your decisions create an append-only audit trail we cannot silently edit — that trail is what makes the record trustworthy.


Export, disconnect, and erasure. You can export your translated records, disconnect a provider, or erase connected evidence at any time from Settings. Erasure permanently removes the translated provider evidence. What remains afterward: your account, and the audit trail of consent and decision events — retained as an integrity record, with the erasure itself recorded as the final entry. To close your account, email contact@4thwall.solutions and we will end your sign-in access and any active sessions.


Questions about any of this — including a copy of what we hold for your workspace — go to contact@4thwall.solutions; we respond within 2 business days.

SMS messaging

By providing your phone number and checking the SMS consent box on our contact form, you expressly consent to receive recurring automated marketing and transactional text messages from 4th Wall Solutions at the phone number provided. These messages may include:



Frequency: Up to 6 messages per month. Rates: Msg & data rates may apply. Age: Our SMS program is intended for individuals 18 years of age or older.


To opt out: Reply STOP at any time to any 4th Wall Solutions message to unsubscribe. You will receive a one-time confirmation and no further SMS will be sent. Reply HELP for help or contact us at andrew@4thwall.solutions. Opting out of SMS will not affect your ability to receive our services through other channels. Consent is not a condition of purchase.


SMS opt-in information is never shared, sold, or rented to third parties beyond the carriers and platform vendors required to deliver the message itself.


No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. Information sharing to subcontractors in support services, such as customer service, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Subprocessors

We work with third-party service providers to operate the platform. Each is bound by confidentiality and data-protection obligations, and we share only the data needed for the service it provides. By category:



Most of these providers are based in the United States; some optional geocoding lookups are international. A current list of the specific subprocessors we use — and a Data Processing Addendum (DPA) — is available to clients on request: email andrew@4thwall.solutions.

How we use information

Automated decision-making and AI

Several parts of our platform use AI to draft messages and summaries. AI-generated SMS replies are intended to qualify leads, schedule appointments, and answer routine questions. The AI is configured to escalate complex, sensitive, or high-stakes questions to a human operator at the contractor's business. Pricing, contractual commitments, and final decisions are made by humans, not the AI. If you believe an automated response harmed you, contact us at andrew@4thwall.solutions and we will review.

Data retention

We retain information only as long as needed to provide services and meet legal obligations. Default retention periods on the 4THWALL platform:



Clients may request shorter retention as part of their service agreement.

Sharing your information

We do not sell, rent, or trade your personal information. We disclose information only as follows:


Data security and breach notification

We use industry-standard administrative, technical, and physical safeguards: encryption in transit (HTTPS), encryption at rest at the database layer, per-client authorization secrets so one client cannot access another's data, restricted internal access, secret rotation procedures, and audit logging. No system is perfectly secure.


If we become aware of a security incident that compromises your personal information, we will notify affected individuals and applicable regulators without undue delay, and in any case no later than 72 hours after discovery where required by law.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information; to limit or object to certain processing; to withdraw consent; and to not be subject to automated decisions that produce legal effects without a human review path.


To exercise any of these rights, email andrew@4thwall.solutions. We will verify your identity (using the email or phone we already have on file) and respond within 30 days. There is no cost for reasonable requests.


California residents (CCPA / CPRA): You have the right to know what personal information we collect, to delete it, to correct it, to opt out of any sale or sharing (we do neither), and to limit use of sensitive personal information. You may designate an authorized agent to make a request on your behalf.


EU/UK residents: If you are located in the EU or UK, you have rights under the GDPR / UK GDPR. We act as a processor on behalf of our clients with respect to end-customer data. To exercise your rights against the controller, contact the contractor whose website you submitted information through.

Children

Our services are not directed to children under 13 (or under 16 in jurisdictions where that is the threshold). We do not knowingly collect personal information from children. If we learn we have, we will delete it.

International transfers

Our infrastructure is operated primarily in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. We use providers who offer appropriate safeguards for cross-border transfers where required.

Changes to this policy

We may update this policy. Material changes will be communicated to active clients by email and noted with a new effective date on this page. Continued use after the effective date constitutes acceptance.

Contact

Privacy questions, data-rights requests, security reports: security@4thwall.solutions. General contact: andrew@4thwall.solutions · (203) 670-9477.