DaizyAI
Privacy Policy
01
Who We Are
DaizyAI Ltd ("DaizyAI", "we", "us", "our") is a company registered in England and Wales. We provide AI-powered inbound communication infrastructure — including AI voice agents, lead qualification, call routing, and reporting — to UK service businesses.
For the purposes of UK data protection law, DaizyAI acts as:
- Data Controller in respect of data relating to our own clients (business owners and their staff) and our own operational and marketing activities.
- Data Processor in respect of personal data belonging to our clients' customers and callers, which we process on our clients' behalf under a Data Processing Agreement (DPA).
Contact: daizyaiinfo@gmail.com | daizyai.uk
02
Scope of This Policy
This policy applies to:
- Prospective and current clients (businesses that contract with DaizyAI).
- Callers — members of the public who call a telephone number managed by a DaizyAI voice agent on behalf of one of our clients.
- Visitors to daizyai.uk.
It covers all personal data processed in connection with our services, including data captured by AI voice agents, call recordings stored on third-party infrastructure, and data held in our own systems.
03
Definitions
| Term | Meaning |
|---|---|
| Client | A business or individual that has contracted with DaizyAI to use our voice-agent services. |
| Caller / End-Customer | A member of the public who calls a phone number operated by DaizyAI on a client's behalf. |
| Agent | An AI voice agent we configure and deploy for a client. |
| Call Recording | An audio recording of a call handled by an Agent, stored on Retell AI's infrastructure. |
| Lead Summary | A structured text output generated after a call, delivered to the client's nominated CRM or inbox. |
| Vertical Template | A reusable configuration framework — containing scripts, logic, and qualification flows — built for a specific business sector. |
| UK GDPR | The UK General Data Protection Regulation as retained in UK law. |
04
Data We Collect — Clients
When a business engages DaizyAI, we collect and process the following categories of personal data:
Identity & Contact
- Full name, job title, business name
- Email address, phone number
- Business address and Companies House number (where applicable)
Commercial & Contractual
- Subscription tier, onboarding date, billing history
- Signed DPA and service agreements
- Communications (emails, meeting notes) relating to the account
Technical Configuration
- Phone numbers purchased or ported for the agent
- CRM webhook endpoints and integration credentials
- Agent configuration settings (scripts, qualifying fields, escalation logic)
Usage & Performance
- Call volumes, minutes used, lead counts
- Optimisation notes and performance review records
05
Data We Collect — Callers (End-Customers)
When a member of the public calls a phone number operated by one of our Agents, the following data is captured:
Telephony Data
- Caller's phone number (CLI / Caller ID), where presented by the network
- Call date, time, and duration
- Call outcome (answered, transferred, voicemail, disconnected)
Conversation Data
- Full audio recording of the call
- Automated transcript of the call
- Structured Lead Summary: name, stated service need, location, urgency, budget indicator, and any other qualifying fields configured by the client
AI Disclosure
Inbound Agents (current): DaizyAI's inbound voice agents operate as virtual receptionists and do not proactively identify themselves as AI at the start of a call. If a caller directly asks whether they are speaking to a human or an AI, the Agent will truthfully confirm it is an AI. Calls may be recorded for quality and service purposes; this is disclosed in the client's own privacy notice, which the client is responsible for maintaining.
Outbound Agents (future): When DaizyAI introduces outbound voice agent services, those agents will explicitly identify themselves as a "Virtual Receptionist" or AI agent at the start of every call, in compliance with applicable regulations including the UK's rules on automated calling and the FTC guidelines where relevant. This section will be updated prior to outbound services going live.
06
Call Recordings
Where Recordings Are Stored
Call recordings and transcripts are stored on infrastructure operated by Retell AI, Inc., our voice AI sub-processor. Retell AI stores recordings on servers which may be located in the United States. Please see Section 13 (International Transfers) for how we address this.
Who Can Access Recordings
- DaizyAI — for quality assurance, agent optimisation, and client reporting.
- The client — via their DaizyAI reporting dashboard or upon request. Clients access only their own recordings.
- Retell AI — as our sub-processor, subject to contractual data processing obligations.
- No other party has access to call recordings without explicit client consent or a legal obligation.
Retention of Recordings
Call recordings are retained for a default period of 12 months from the date of the call, unless the client requests a shorter period or deletion. Transcripts are retained for the same period. After the retention period expires, recordings and transcripts are permanently deleted from Retell AI's infrastructure.
Clients may request deletion of specific recordings at any time by contacting us at daizyaiinfo@gmail.com. We will process deletion requests within 14 days.
Recordings and Legal Obligations
We may retain recordings beyond the standard period where required by law, court order, or regulatory authority — for example, if a recording is relevant to a live legal dispute. Clients will be notified where this applies.
07
Template Reuse & AI Improvement
What "Template Reuse" Means
As part of DaizyAI's core service, we build and maintain a library of Vertical Templates — reusable configuration frameworks for each business sector we serve (e.g. roofing, dental, legal, home services). When we deploy an Agent for a new client, we may use an existing Vertical Template as the starting point, adapting it to the new client's specific business name, services, and preferences.
What Is and Is Not Shared
| Element | Included in Template Reuse? | Detail |
|---|---|---|
| Script structure & logic | ✓ Yes | Generalised conversation flows and decision trees — no client-identifying content |
| Qualifying questions | ✓ Yes (anonymised) | Question formats proven effective in the vertical, stripped of any client-specific content |
| Objection-handling phrases | ✓ Yes (generalised) | Language patterns — not attributed to or identifiable with any specific client |
| Client business name or branding | ✗ Never | Always replaced for each new client deployment |
| Caller personal data | ✗ Never | Lead data, phone numbers, names — never incorporated into any template |
| Call recordings | ✗ Never | Recordings are never used to train AI models or included in templates |
| Client CRM or integration data | ✗ Never | Integration configurations are specific to each client |
No Personal Data in Templates
We do not use personal data — either client data or caller data — as part of our Vertical Template library. Templates contain only generalised, anonymised configuration logic derived from operational experience. No individual caller's name, phone number, conversation content, or other personal data is ever incorporated into a template.
AI Model Training
DaizyAI does not train or fine-tune AI models. The underlying voice AI models are provided by third-party suppliers (currently Retell AI and its integrated providers). We have confirmed with Retell AI that call data processed through our account is not used to train or improve Retell AI's general models without explicit consent. If this position changes, we will update this policy and notify affected clients in advance.
08
Lawful Basis for Processing
| Processing Activity | Data Subject | Lawful Basis |
|---|---|---|
| Delivering the contracted service | Client | Contract — Art. 6(1)(b) |
| Billing and invoicing | Client | Contract — Art. 6(1)(b) |
| Service communications and account management | Client | Contract — Art. 6(1)(b) |
| Performance reporting and optimisation | Client | Legitimate interests — Art. 6(1)(f) |
| Marketing to prospects | Prospect | Legitimate interests — Art. 6(1)(f), with opt-out |
| Handling inbound caller conversations | Caller | Legitimate interests (client's) — Art. 6(1)(f) |
| Call recording for QA and optimisation | Caller | Legitimate interests (client's) — Art. 6(1)(f) |
| Legal compliance and dispute resolution | Both | Legal obligation — Art. 6(1)(c) |
09
How We Use Data
Client Data Is Used To
- Set up, configure, and maintain their AI voice agent
- Deliver lead summaries and call reports
- Invoice and manage the contractual relationship
- Improve agent performance through monthly optimisation reviews
- Send service and operational communications
- Where opted in, send commercial communications about new features or services
Caller Data Is Used To
- Answer the caller's inbound enquiry via the AI agent
- Capture and deliver a structured lead summary to the client
- Record the call for quality assurance and agent optimisation purposes
- Generate anonymised performance metrics for our internal reporting
What We Do Not Do
- We do not sell personal data to any third party.
- We do not use caller data for any purpose beyond those described above.
- We do not conduct automated decision-making with legal or similarly significant effects without human oversight.
- We do not build profiles of individual callers across multiple clients.
10
Sub-Processors
We use the following categories of sub-processor to deliver our services. All sub-processors are engaged under written contracts containing data protection obligations consistent with UK GDPR.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Retell AI, Inc. | Core voice AI infrastructure: call handling, speech-to-text, text-to-speech, recording storage, transcription | United States |
| Telephony / SIP provider | Phone number provisioning, call routing, PSTN connectivity | United States / EU |
| CRM / webhook destination | Lead delivery — configured per client instruction | Client-determined |
| Email service provider | Client communications, lead email delivery | EU / US |
| Accounting software | Invoicing and financial records | UK / EU |
A full and current list of sub-processors is available upon request by emailing daizyaiinfo@gmail.com.
11
Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Client account data | Duration of contract + 6 years | Limitation Act 1980; tax / accounting obligations |
| Call recordings | 12 months from call date (default) | Quality assurance; reducible on client request |
| Call transcripts & Lead Summaries | 12 months from call date (default) | Client reporting and optimisation |
| Caller phone numbers (CLI) | 12 months from call date | Fraud prevention; quality assurance |
| Email correspondence | 3 years from last interaction | Legitimate interests; dispute resolution |
| Marketing prospect data | Until opt-out or 2 years of inactivity | Legitimate interests |
| Website analytics | 26 months | ICO guidance on analytics cookies |
On termination of a client agreement, we will delete or return all caller data held on the client's behalf within 30 days, unless we are required by law to retain it for longer.
12
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Rights Available to Clients and Prospects
- Right of access — request a copy of your personal data we hold
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion, subject to legal retention requirements
- Right to restrict processing — request we limit processing in certain circumstances
- Right to data portability — request your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
- Rights in relation to automated decision-making — we do not make solely automated decisions with significant effects
Rights Available to Callers (End-Customers)
If you called a business whose calls are handled by DaizyAI and wish to exercise your data rights, please note:
- The business you called is the Data Controller for your call data. Direct requests to exercise your rights to that business in the first instance.
- If you cannot identify or reach that business, contact us at daizyaiinfo@gmail.com and we will assist in identifying the correct controller.
- We will process requests for recording deletion within 14 days upon verified instruction from the relevant client (controller).
How to Submit a Request
Email daizyaiinfo@gmail.com with the subject line "Data Rights Request". We will acknowledge within 3 working days and respond within one calendar month, as required by UK GDPR.
13
International Transfers
Some of our sub-processors, notably Retell AI, Inc. and our telephony providers, process data outside the UK, primarily in the United States.
We address this by:
- Entering into the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses with each sub-processor that transfers data outside the UK.
- Conducting a Transfer Risk Assessment (TRA) for transfers to Retell AI.
- Including data transfer provisions in our client-facing DPA.
A summary of the transfer mechanisms we rely upon is available on request.
14
Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encrypted transmission of all data in transit (TLS 1.2 or higher)
- Access controls limiting data access to those who need it for their role
- Two-factor authentication on all production systems and sub-processor accounts
- Regular review of sub-processor security certifications (Retell AI maintains SOC 2 Type II)
- Documented incident response procedure — we will notify the ICO within 72 hours of a breach where required
- Annual security review of our data processing activities
No transmission over the internet is 100% secure. We take all reasonable steps to protect data but cannot guarantee absolute security.
15
Contact & Complaints
For any questions about this policy or to exercise your rights:
Right to Complain to the ICO
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would, however, appreciate the opportunity to address your concern before you contact the ICO. Please reach out to us first.
Policy Updates
We may update this policy from time to time. Material changes will be notified to clients by email at least 14 days before they take effect. The current version is always available at daizyai.uk.