AI Frontdesk

Privacy Policy

Effective date: 1 July 2025 · Version 1.0

We collect and use data to run AI Frontdesk. For calls your customers make, you are the data controller — we process data on your behalf. We never sell personal data.

1. Preliminary note

As the data controller under Article 4(7) GDPR, we take appropriate measures to protect your privacy and the security of your personal data. This Privacy Policy describes how we collect, use, store, and share personal data when you visit our website, use our products and services, or interact with us.

In delivering AI Frontdesk, we also act as a data processor under Article 4(8) GDPR on behalf of our business customers. The data processing we carry out in that capacity is set out in the data processing agreement (DPA) available to customers.

2. Who is responsible for data processing

The data controller is the operator of AI Frontdesk. You can reach us at support@ai-voicereceptionist.com.

For personal data processed during calls handled by AI Frontdesk, the relevant business customer is the data controller and we act as their processor. Callers wishing to exercise their rights in relation to call data should contact the business directly.

3. What data we process

We may process the following categories of personal data:

For calls processed through AI Frontdesk on behalf of business customers, data may also include: caller phone number (where available), call audio (if recording is enabled), transcripts (if transcription is enabled), information shared during the call, and call metadata such as date, time, duration, and routing decisions.

3a. Google user data — access, use and sharing

AI Frontdesk optionally integrates with Google Calendar via the Google Calendar API, using OAuth 2.0. This section explains exactly what Google user data we access, how we use it, and with whom we share it, in accordance with the Google API Services User Data Policy.

What Google data we access

When a business customer connects their Google account to AI Frontdesk, we request access to the following Google API scopes:

We do not request access to Gmail, Google Drive, Google Contacts, or any other Google services beyond those listed above.

How we use Google user data

Google Calendar data accessed through the API is used solely to:

Google user data is not used for advertising, profiling, or any purpose unrelated to providing the AI Frontdesk service to the connected business customer.

Google user data is not used to train any AI or machine learning model.

Who we share Google user data with

Google Calendar data may be shared with our technology partner Flowlyne, who provides the underlying AI voice and dialogue engine for AI Frontdesk. Flowlyne processes this data solely to deliver the service (for example, to read or write calendar events during a live call). Flowlyne does not use Google user data for its own purposes, for advertising, or for training AI models.

Google user data is not sold, rented, or shared with any other third parties, except where required by law.

Limited Use compliance statement

The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically: Google user data obtained via Google APIs is used only to provide or improve the AI Frontdesk service. It is not used to serve advertising, is not transferred or sold to third parties for their own use, and is not used to determine creditworthiness or for lending purposes.

AI model and Google data

AI Frontdesk uses a third-party AI voice and language service provided by Flowlyne. Google user data (such as calendar events) may be passed to Flowlyne's AI engine during a live call interaction (for example, to read available time slots and confirm a booking). Flowlyne's terms of service prohibit the use of customer data to train general AI models. Google user data is processed by Flowlyne solely in the context of responding to the specific, real-time request — it is not retained for model training or any other purpose.

4. How we use your data

We use personal data for the following purposes:

Providing and managing the service

To fulfil our contractual obligations and ensure smooth operation of AI Frontdesk — including managing orders, providing technical support, and improving the service.

Processing orders and payments

To process your orders, handle payments securely, and issue invoices.

Customer support

To handle your queries efficiently, including the content of your support requests and your contact and communication history with us.

Account management and authentication

To secure your account, verify your identity, and enable personalised use of the service.

Service improvement

To improve our website and services using usage behaviour, IP addresses, and cookies. See also Section 13 (Cookies).

AI operation and improvement

To provide AI-powered features and improve their accuracy and efficiency — in areas including the service itself, fraud prevention, customer support, and marketing. Where possible, we use aggregated data. Where personal data is used, deletion routines are in place.

Call recording (for quality and evidential purposes)

Where enabled by the business customer, to record and store calls for quality assurance and evidential purposes.

Legal and regulatory compliance

Including tax, accounting, and record-keeping obligations; anti-money laundering regulations; compliance with telecommunications law; and, where applicable, responding to complaints under the Digital Services Act.

Fraud prevention and payment security

To detect suspicious activity and protect the financial security of all parties. This may include checking device data against known fraud indicators and, where relevant, manual review by our staff or a service provider.

Sending service communications

To keep you informed about your contract, service updates, and any changes affecting you.

Business intelligence and analytics

To improve our business processes and make strategic decisions, using aggregated and anonymised data wherever possible.

Contractual enforcement

To fulfil and enforce our contractual obligations, including recovering outstanding amounts where necessary.

Sanctions screening

To meet our legal obligations and ensure we operate in accordance with international regulations.

5. Marketing

We use personal data to send you relevant information about our products and services, guided by our legitimate interest in maintaining customer relationships. We may use machine learning to generate individual product recommendations based on how you use our services.

We may also use services such as Meta Custom Audiences, LinkedIn Matched Audiences, and Google Customer Match to show you relevant advertising on partner platforms. In these cases, contact data (such as email address or phone number) is transmitted in hashed form using the SHA-256 algorithm — never in plain text.

You can opt out of marketing communications at any time through your account settings or by contacting us at support@ai-voicereceptionist.com.

6. Legal bases for processing

PurposeLegal basis
Providing the service, order processing, account managementContract performance (Art. 6(1)(b) GDPR)
Legal and regulatory obligationsLegal obligation (Art. 6(1)(c) GDPR)
Fraud prevention, service improvement, analytics, marketing (existing customers)Legitimate interests (Art. 6(1)(f) GDPR)
Marketing (new contacts), certain tracking technologiesConsent (Art. 6(1)(a) GDPR)

For caller data processed on behalf of business customers, the legal basis is determined by the business customer as data controller.

7. Who we share data with

We share data only where necessary to deliver the service or meet legal obligations. We do not sell personal data.

Technology and functionality providers

Providers of cloud infrastructure, AI voice and language processing, telephony services, fraud detection (including reCAPTCHA, Friendly CAPTCHA, and similar tools), and social media platforms.

Marketing and analytics tools

Partners supporting digital marketing, web analytics (such as Google Analytics), and CRM (such as HubSpot and Salesforce). Advertising partners including Meta, LinkedIn, TikTok, Reddit, and Google.

Payment processing and debt recovery

Payment processors (such as PayPal), domain registrars, and debt collection agencies where necessary.

Legal and regulatory authorities

We may disclose data to government agencies, courts, or regulatory authorities where required by law or to protect our legal rights.

Group companies

Data may be shared with affiliated companies within our group to optimise services, administrative processes, and product development.

Our current list of sub-processors is available on request. We will notify you of any material changes.

8. International data transfers

Where personal data is transferred outside the UK or European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

9. Security

We have put in place appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. In the event of a data breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

10. How long we keep data

We retain personal data only for as long as necessary for the purposes set out in this policy, or as required by law.

Data typeRetention period
Contract dataDuration of contract plus up to 10 years (statutory retention)
Invoice and billing dataUp to 10 years
Call recordings and transcripts90 days by default; longer if the call results in a contract (up to 10 years)
Chat and support communication90 days; longer where linked to a contract
Log files and temporary dataA few days to 90 days depending on operational need
Fraud prevention dataUp to 6 months (longer where purpose requires)
Marketing dataUntil you withdraw consent or object
Analytics and tracking dataFor the duration of cookie lifetime or until withdrawal
AI-related dataUntil purpose is fulfilled; deletion routines applied to any personal data

11. Automated decision-making

We do not carry out automated decision-making within the meaning of Article 22 GDPR — including profiling — that produces legal effects or similarly significantly affects you, except where this is permitted by law.

12. Your rights

Under UK GDPR and EU GDPR, you have the following rights:

To exercise your rights, use the contact details in Section 15. We will respond within one month.

UK residents

You can complain to the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

EU residents

You can complain to your local data protection authority. A full list is at edpb.europa.eu.

13. Cookies and similar technologies

We use cookies and similar technologies to improve and personalise your experience and to show you relevant advertising.

14. Changes to this policy

We may update this Privacy Policy from time to time. The current version is always published on this page. Where changes are material, we will give you advance notice.

15. Contact

For any questions about this policy or to exercise your rights, email us at support@ai-voicereceptionist.com.