Privacy Policy

Last Updated: 17 February 2026

1. Introduction

This Privacy Policy explains how Agents4You ("we", "our", or "us") collects, uses, and protects your personal information when you use our AI receptionist service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

2. Data Controller

The data controller responsible for your personal information is:

[To be Defined - Pending Legal Review]

Trading as Agents4You

Email: privacy@agents4you.co.uk

3. Personal Information We Collect

3.1 Account Information

  • Email address
  • First and last name
  • Password (stored as encrypted hash)

3.2 Business Information

  • Business name
  • Business phone number
  • Website URL (optional)
  • Business hours and services offered

3.3 Call Data

  • Call transcripts (text only - what was said during calls)
  • Call metadata (duration, timestamp, caller phone number)
  • NOT STORED: Call recordings (audio files remain with our voice provider, Vapi)

Important Note on Call Recordings:

We do NOT store call audio recordings on our servers. Only text transcripts are retained for service delivery and customer support purposes. If you require access to call recordings, you may request them directly from our voice provider (Vapi) subject to their retention policy.

3.4 Technical Information

  • IP address
  • Browser type and version
  • Session cookies (essential for authentication only)
  • Usage statistics (minutes used, calls handled)

3.5 Payment Information

  • Subscription plan and billing status
  • Payment card details are processed and stored by Stripe (we do NOT store card numbers)

4. Legal Basis for Processing

Under GDPR Article 6, we process your personal data on the following legal bases:

  • Contractual Necessity: To provide our AI receptionist service and fulfill our agreement with you
  • Legitimate Interest: To improve our service, prevent fraud, and provide customer support
  • Legal Obligation: To comply with tax and financial record-keeping requirements

5. How We Use Your Information

  • To provide and maintain the AI receptionist service
  • To process appointment bookings and customer inquiries
  • To send service notifications (appointment confirmations, usage alerts)
  • To process subscription payments via Stripe
  • To provide customer support and respond to your requests
  • To improve our AI models and service quality
  • To detect and prevent fraud or abuse
  • To comply with legal obligations (tax, accounting)

6. Third-Party Data Processors

We share your data with the following trusted third-party service providers who process data on our behalf:

Vapi (Voice AI Platform)

Purpose: Call handling and voice processing

Location: USA (Standard Contractual Clauses in place)

Data shared: Call audio, transcripts, phone numbers

Twilio (Telephony Provider)

Purpose: Phone number provisioning and SMS

Location: USA (Standard Contractual Clauses in place)

Data shared: Phone numbers, call metadata

Stripe (Payment Processor)

Purpose: Subscription billing and payment processing

Location: EU/UK (GDPR compliant)

Data shared: Email, name, payment card details

SendGrid (Email Provider)

Purpose: Transactional emails (welcome, notifications)

Location: USA (Standard Contractual Clauses in place)

Data shared: Email addresses

All third-party processors are contractually bound to protect your data and only process it according to our instructions.

7. Data Retention

We retain your personal data as follows:

  • Account data: Duration of your subscription + 30 days after cancellation
  • Call transcripts: 90 days (automatically deleted thereafter)
  • Call metadata: 12 months (for billing and usage tracking)
  • Financial records: 7 years (UK tax law requirement)
  • Call recordings (audio): NOT stored by us (retained by Vapi per their policy)

You can request earlier deletion of your data by using the account deletion feature or contacting privacy@agents4you.co.uk.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you. Use the "Download My Data" feature in your account settings or email privacy@agents4you.co.uk.

Right to Rectification (Article 16)

You can update your account information at any time via your account settings.

Right to Erasure (Article 17)

You can delete your account and all associated data using the "Delete Account" feature in your account settings. This will permanently remove all your data (subject to legal retention requirements for financial records).

Right to Data Portability (Article 20)

You can download your data in JSON format using the "Download My Data" feature.

Right to Object (Article 21)

You can opt out of marketing emails at any time. However, we may still send essential service notifications required for service delivery.

Right to Lodge a Complaint

If you believe we have mishandled your personal data, you can lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We implement industry-standard security measures to protect your personal data:

  • Passwords are encrypted using bcrypt hashing (never stored in plain text)
  • All data transmitted over HTTPS (SSL/TLS encryption)
  • Database access restricted by firewall and connection pooling
  • Rate limiting on authentication endpoints to prevent brute force attacks
  • Webhook replay attack protection for payment processing
  • Regular security audits and updates

10. Cookies

We use only essential cookies necessary for the service to function:

  • Authentication cookies: To keep you logged in (session cookies)
  • Security cookies: To prevent cross-site request forgery (CSRF) attacks

We do NOT use tracking cookies, advertising cookies, or analytics cookies. By continuing to use our service, you consent to our use of essential cookies.

11. International Data Transfers

Some of our service providers (Vapi, Twilio, SendGrid) are located in the USA. We ensure that international data transfers comply with GDPR through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Ensuring providers implement appropriate technical and organizational safeguards

12. Children's Privacy

Our service is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact privacy@agents4you.co.uk immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or via a notice on our website. Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@agents4you.co.uk

Data Controller: [To be Defined - Pending Legal Review], trading as Agents4You

This Privacy Policy is effective as of 17 February 2026 and governs your use of Agents4You services.