Privacy Policy

1. Who We Are

AI Smart Stack is a fully managed AI communication service for businesses in the UK and Ireland. We provide AI receptionist solutions including inbound call handling, outbound calling, lead capture and appointment booking.

The data controller for personal data processed through our services and website is Sean O'Loughlin, operating as AI Smart Stack. If you have any questions about this policy or how we handle your data, contact us at sean@aismartstack.io.

2. What Data We Collect

From website visitors and enquiries:

• Name, email address and phone number submitted via our contact or demo request forms
• Company name, website URL and industry
• IP address and browser data collected automatically via our website

From call recordings and transcripts:

• Voice recordings of calls handled by our AI receptionist on behalf of our clients
• Transcripts and summaries of those calls
• Contact details captured during calls including name, phone number and email address

From client accounts:

• Business contact details, billing information and service preferences

3. How We Use Your Data

We use personal data for the following purposes:

• To provide and manage our AI receptionist services
• To respond to enquiries and book demonstrations
• To improve the performance and accuracy of our AI systems
• To send service-related communications including call summaries and account updates
• To comply with our legal obligations

We do not use your personal data for unsolicited marketing without your consent, and we do not sell your data to third parties under any circumstances.

4. Call Recording and AI Processing

All calls handled by our AI receptionist are recorded and transcribed for the purposes of service delivery, quality assurance and AI training. Callers are informed at the start of each call that it is being handled by an AI system and may be recorded.

Call recordings, transcripts and summaries are retained for a maximum of 13 months from the date of the call, after which they are securely deleted.

5. Legal Basis for Processing

We process personal data on the following legal bases under UK GDPR:

• Legitimate interests — to provide our services, respond to enquiries and improve our AI systems
• Contract performance — to deliver services agreed with our clients
• Legal obligation — where required by law
• Consent — where you have explicitly opted in

6. Who We Share Data With

We work with a small number of trusted third-party providers to deliver our services. These include:

• Retell AI — AI voice processing and call handling
• Telnyx — telephony and call routing
• Make.com — workflow automation
• Google — data storage via Google Sheets
• Cal.com — appointment scheduling

Each of these providers processes data on our behalf as a data processor. We take reasonable steps to ensure they handle data securely and in accordance with applicable data protection law. We do not transfer personal data outside the UK or European Economic Area without appropriate safeguards in place.

7. Your Rights

Under UK GDPR you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — request deletion of your data where there is no legitimate reason to retain it
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a portable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at sean@aismartstack.io. We will respond within 30 days.

8. Children

Our services are directed at businesses and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

9. Data Security

We take the security of personal data seriously. Data is stored securely using industry-standard encryption and access controls. In the event of a data breach that poses a risk to individuals, we will notify the relevant supervisory authority within 72 hours as required by UK GDPR.

10. Data Retention

• Call recordings and transcripts — maximum 13 months
• Lead and enquiry data — 24 months from last contact
• Client account data — duration of contract plus 6 years
• Website analytics data — 13 months

11. Cookies

Our website may use essential cookies to ensure it functions correctly. We do not currently use tracking or advertising cookies. If this changes, we will update this policy and seek your consent where required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when it was last revised. Continued use of our website or services after an update constitutes acceptance of the revised policy.

13. Complaints

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.