Plain English summary: We collect your name, email and business details when you sign up, and call-related data when Phoebe answers calls for you. We use this data only to run the service. We never sell your data. You can access, correct or delete it at any time by emailing corkhill17@gmail.com.
1. Who We Are
Phone Phoebe ("we", "us", "our") is an AI telephone receptionist service operated in the United Kingdom. We are the data controller for the personal data described in this Privacy Policy.
Contact details:
Email: corkhill17@gmail.com
Country of operation: United Kingdom
If you have questions about how we handle your personal data, please contact us using the details above and we will respond promptly.
2. What Personal Data We Collect
2.1 Data you provide directly
- Account information: Your full name, email address, business name and password when you create an account.
- Business configuration data: Information you provide to train Phoebe — including your services, pricing, hours of operation, booking rules and frequently asked questions.
- Payment and billing information: Subscription and billing data processed through our payment provider, Stripe. We do not store card numbers directly — Stripe is PCI-DSS Level 1 compliant.
- Support communications: Any messages you send us by email, via the dashboard, or through other channels when seeking help or raising a concern.
- Marketing preferences: Whether you have opted in or out of marketing communications from us.
2.2 Data collected from calls handled by Phoebe
When Phoebe answers a phone call on your behalf, the following data about your end-customers is collected:
- Caller's name and phone number (as provided by the caller during the call)
- The reason for their call, the nature of their enquiry and any booking or job details they provide
- A written transcript of the conversation
- Date, time and duration of the call
- Any other information the caller volunteers during the conversation
This end-customer data is collected on your behalf. In this context, you (our business customer) are the data controller for your end-customers' personal data and we act as your data processor. See Section 11 for your responsibilities.
2.3 Technical and usage data we collect automatically
- IP address, browser type, browser version and device type when you visit our website or use our dashboard
- Pages visited, features used and time spent within our service
- Referring URLs and search terms that brought you to our site
- Crash reports and error logs to help us identify and fix issues
- Cookies and similar tracking technologies (see Section 9)
3. How We Use Your Data
We process your personal data for the following purposes and on the following legal bases under UK GDPR:
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Providing, operating and improving the Phone Phoebe service | Performance of contract (Article 6(1)(b)) |
| Creating and managing your account | Performance of contract (Article 6(1)(b)) |
| Processing subscription payments and preventing fraud | Performance of contract; Legitimate interests (Article 6(1)(f)) |
| Sending transactional emails (booking confirmations, call alerts, receipts) | Performance of contract (Article 6(1)(b)) |
| Sending marketing communications and product updates | Consent (Article 6(1)(a)) — where you have opted in |
| Analysing usage to improve our service and develop new features | Legitimate interests (Article 6(1)(f)) |
| Responding to support requests and resolving disputes | Performance of contract; Legitimate interests (Article 6(1)(f)) |
| Complying with legal obligations (tax, accounting, regulatory) | Legal obligation (Article 6(1)(c)) |
| Protecting the rights and safety of our users and service | Legitimate interests (Article 6(1)(f)) |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your fundamental rights and freedoms. You may request information about this test at any time.
4. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes described in this policy, or as required by law:
- Account data (name, email, business details): For the duration of your active subscription, plus 3 years after account closure to handle any disputes or queries.
- Call transcripts and conversation data: 12 months from the date of each call. You may request earlier deletion at any time.
- Payment and invoice records: 7 years from the date of the relevant transaction, as required by UK tax and accounting law.
- Marketing consent records: For as long as you remain opted in, or 3 years from last interaction — whichever is sooner.
- Support correspondence: 3 years from the date of resolution.
- Technical and usage logs: Up to 90 days, then anonymised or deleted.
When data is no longer required, we delete or anonymise it securely.
5. Who We Share Your Data With
We do not sell, rent or trade your personal data to any third parties. We share data only with the following trusted service providers, each bound by appropriate data processing agreements:
- Supabase: Database hosting and user authentication. Data is encrypted at rest and in transit.
- Vapi.ai: AI voice processing platform that powers Phoebe's real-time call handling and transcription.
- Stripe: Payment processing and subscription management. Stripe is certified PCI-DSS Level 1.
- Cal.com: Calendar integration for appointment booking (where you have enabled this feature).
- SMS gateway providers: For sending booking notification and confirmation text messages to you and your customers.
- Cloud infrastructure providers: Hosting and content delivery services.
We may also disclose your personal data where we are legally required to do so — for example, in response to a court order, legal process, or request from a law enforcement authority.
In the event of a merger, acquisition or sale of assets, your data may be transferred to a successor entity, subject to equivalent data protection obligations.
6. International Data Transfers
Some of our service providers may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place to protect your data, including:
- UK adequacy regulations covering transfers to countries with equivalent protection
- The UK International Data Transfer Agreement (IDTA)
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
- Binding Corporate Rules where applicable
You may request details of the safeguards in place for specific transfers by contacting us at corkhill17@gmail.com.
7. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:
Right of access (Subject Access Request)
You have the right to receive a copy of the personal data we hold about you, together with information about how and why we process it. We will respond within one calendar month of receiving your request.
Right to rectification
You have the right to have inaccurate or incomplete personal data corrected. You can update most of your account information directly in the dashboard. For other corrections, contact us.
Right to erasure ("right to be forgotten")
You have the right to request deletion of your personal data in certain circumstances — for example, where the data is no longer necessary for the purpose it was collected, or where you withdraw consent. Note that some data may need to be retained to comply with our legal obligations (e.g. financial records).
Right to restrict processing
You have the right to request that we restrict how we process your data in certain circumstances — for example, while we investigate a dispute about its accuracy.
Right to data portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON) and to transmit it to another service provider.
Right to object
You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis. You also have an absolute right to object to processing for direct marketing purposes at any time — we will stop immediately.
Rights relating to automated decision-making
You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal or similarly significant effects on you. Phoebe's call handling does not make decisions of this kind.
Right to withdraw consent
Where we process your data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at corkhill17@gmail.com with your name and email address. We will respond within 30 days. We may need to verify your identity before processing your request — this is to protect your data from unauthorised access.
8. How We Keep Your Data Secure
We take data security seriously and implement appropriate technical and organisational measures, including:
- Encryption in transit: All data transferred between your browser or device and our service is encrypted using TLS (HTTPS).
- Encryption at rest: Stored data is encrypted using industry-standard algorithms.
- Access controls: Access to personal data is restricted to authorised personnel who have a genuine need to see it.
- Infrastructure security: We use reputable cloud providers with robust physical and network security controls.
- Regular reviews: We periodically review our security practices and update them to address new threats.
- Incident response: We have procedures in place to detect, investigate and notify relevant parties of data breaches as required by law.
While we take all reasonable steps to protect your data, no internet transmission or digital storage system is completely secure. If you become aware of any security concern relating to your account or our service, please notify us immediately at corkhill17@gmail.com.
9. Cookies and Tracking Technologies
Our website and dashboard use cookies and similar technologies to enable functionality, remember your preferences and help us understand how the service is used.
| Cookie type | Purpose | Duration | Can you opt out? |
|---|---|---|---|
| Strictly necessary | Authentication, session management and core site functionality. These cannot be disabled without breaking the service. | Session / up to 1 year | No (required for service) |
| Analytics | Help us understand how visitors interact with our site so we can improve it. Data is anonymised or aggregated where possible. | Up to 2 years | Yes — via browser settings or cookie banner |
| Functional | Remember your preferences and settings (e.g. language, display options). | Up to 1 year | Yes — without affecting core features |
| Marketing | Measure the effectiveness of our advertising and retargeting campaigns. | Up to 2 years | Yes — via cookie banner or browser settings |
You can manage your cookie preferences at any time through your browser settings. To opt out of analytics tracking, you can also install browser extensions such as uBlock Origin or use your browser's "Do Not Track" setting. Note that disabling certain cookies may affect the functionality of the service.
10. Children's Privacy
Our service is intended for business operators and is not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 18, we will delete it promptly. If you believe a child has provided us with their data, please contact us immediately at corkhill17@gmail.com.
11. Your Responsibilities as a Data Controller
When you use Phone Phoebe to handle telephone calls from your own customers and end-users, you act as the data controller for your customers' personal data, and we act as your data processor. This means you are responsible for:
- Lawful basis: Ensuring you have a lawful basis to collect and process your customers' personal data during telephone calls (e.g. legitimate interests or contractual necessity).
- Transparency: Informing your customers that their calls may be answered and processed by an AI assistant. Consider updating your website privacy policy and any relevant communications accordingly.
- Your privacy policy: Maintaining an up-to-date privacy notice that covers how you use your customers' data, including call transcripts and booking information received via Phone Phoebe.
- Data retention: Ensuring that you delete or anonymise your customers' call data in line with your own retention schedules.
- Handling customer requests: Responding to your customers' data subject rights requests (access, deletion, etc.) in relation to their personal data.
We will act on your reasonable written instructions regarding the processing of your customers' data, as set out in our Data Processing Agreement which is incorporated into our Terms of Use.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make significant changes, we will notify you by email or by displaying a prominent notice within the service before the changes take effect.
The date at the top of this page indicates when this policy was last reviewed. We encourage you to check this page periodically. Your continued use of the service after changes are published constitutes your acceptance of the updated policy.
13. How to Make a Complaint
If you have a concern about how we have handled your personal data, we ask that you contact us in the first instance so we have the opportunity to address it:
Email: corkhill17@gmail.com
We will acknowledge your complaint within 5 working days and aim to resolve it within 30 days.
If you remain dissatisfied with our response, you have the right to make a complaint to the UK Information Commissioner's Office (ICO), the supervisory authority for data protection in the UK:
- Website: ico.org.uk
- Helpline: 0303 123 1113 (Monday–Friday, 9am–5pm)
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF