We are the data controller for personal data we collect about website visitors, prospects, and our direct customer contacts. When we operate the Ava AI Receptionist on behalf of a customer, we act as a data processor for personal data captured during calls — that processing is governed by the Data Processing Addendum included in our customer contracts. See our GDPR & data protection page for more on our roles.
1. Who we are
avacallai Ltd (“we”, “us”, “our”) is a company being registered in England and Wales. Our registered office and company number will be published on this page once registration completes. Until then, please contact us at hello@avacallai.com.
2. The personal data we collect
Information you provide
- Contact details (name, business email, phone number, business name) when you book a demo, request a quote, or sign up.
- Billing contact details for invoicing.
- Information shared during onboarding to configure your AI RECEPTIONIST (your business hours, services, scripts, brand voice).
Information collected automatically
- Standard server logs (IP address, user agent, referrer, timestamp).
- Cookie and analytics data — see “Cookies” below.
Information captured by Ava when answering customer calls
When we operate Ava on behalf of a customer:
- Voice recordings of the call.
- A written transcript of the call.
- Caller-supplied information (name, callback number, reason for the call, appointment preferences).
- Call metadata (duration, time, route, outcome).
For caller data captured during calls, the customer is the data controller and we are the processor. The customer is responsible for the lawful basis on which calls are processed, for caller-facing notices, and for handling subject requests. Our role is documented in the Data Processing Addendum included in the customer’s contract.
3. How we use the data we control
| Purpose | Lawful basis |
|---|---|
| Replying to demo requests, sales enquiries, and quotes | Legitimate interest (responding to a request you initiated) |
| Onboarding new customers and operating their Ava service | Contract |
| Sending service updates, scheduled maintenance, and invoices | Contract / legitimate interest |
| Sending occasional product updates to opted-in subscribers | Consent (you can unsubscribe at any time) |
| Detecting fraud, abuse, or security threats | Legitimate interest |
| Meeting legal, tax, and accounting obligations | Legal obligation |
| Improving our services through aggregated, anonymised analytics | Legitimate interest |
We do not sell personal data, and we do not use customer call recordings or transcripts to train external AI models.
4. Who we share data with
We use a limited set of vetted third-party providers to deliver the Ava service. By category, these include:
- A telephony and call-routing provider that handles inbound voice traffic.
- Speech and language processing infrastructure that transcribes calls and interprets caller intent.
- Cloud hosting and storage that stores recordings, transcripts, and account data.
- Payment processing for subscription billing.
- Email and CRM tooling for customer communication.
- Privacy-respecting website analytics.
A current list of named subprocessors is available to customers on request. Each subprocessor is engaged under written terms that meet UK GDPR requirements, including confidentiality, security, and processing-only-on-instructions clauses.
We may also share information where required by law (court orders, regulatory requests, lawful enforcement requests) or to protect our legal rights.
5. International transfers
Where personal data is transferred outside the United Kingdom we rely on one of:
- A UK adequacy decision covering the destination country.
- The UK International Data Transfer Addendum (IDTA) to the EU Standard Contractual Clauses.
- Other lawful transfer mechanisms recognised by UK data protection law.
We carry out a transfer impact assessment before relying on any non-adequacy mechanism.
6. How long we keep data
| Data | Default retention |
|---|---|
| Demo enquiries that do not become customers | 24 months from last contact |
| Customer account and billing records | Duration of the contract + 7 years for tax and accounting |
| Call recordings (where we are the processor) | Per the customer’s instructions; default 90 days |
| Call transcripts (where we are the processor) | Per the customer’s instructions; default 12 months |
| Server logs | 30 days |
You can ask us to delete personal data we hold about you at any time, subject to any overriding legal obligation that requires us to retain it.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Ask us to correct inaccurate or incomplete data.
- Ask us to erase data we no longer have a lawful basis to keep.
- Restrict or object to certain processing.
- Receive a portable copy of data you have provided.
- Withdraw consent where processing is based on consent.
- Complain to the UK Information Commissioner’s Office.
To exercise any of these rights, email hello@avacallai.com. We aim to respond within one calendar month and will tell you if we need longer or any further information to verify the request.
If you are a caller whose call was answered by Ava on behalf of one of our customers, please direct your request to that customer in the first instance — they are the data controller for the call. We will support the customer in fulfilling the request.
8. Cookies
We use a small set of cookies on avacallai.com:
- Strictly necessary cookies that keep the site functional.
- Anonymous analytics cookies that help us understand traffic patterns. Where required, we ask for your consent before setting non-essential cookies.
You can clear cookies in your browser settings at any time.
9. Children
Our services are aimed at businesses. We do not knowingly collect personal data from children under 13. If you believe we hold such data, please contact us and we will delete it.
10. Security
We apply industry-standard technical and organisational measures to protect personal data, including encryption in transit and at rest, role-based access control, network segmentation, audit logging, and regular reviews of our security posture. We require equivalent measures from our subprocessors. No system is perfectly secure, but we treat security as a first-order engineering priority.
11. Changes to this policy
We may update this policy from time to time. Material changes will be flagged here with a revised “last updated” date. For customers, we will give at least 30 days’ notice of changes that materially affect data processing under their contract.
12. How to contact us
- Email: hello@avacallai.com
- Post: registered office address to be published once company registration completes.
You can complain to the UK Information Commissioner’s Office at any time. The ICO website is ico.org.uk; their helpline is 0303 123 1113.
