1. Introduction
AI Receptionist (“we”, “our”, “us”) operates the website aireceptionist.online and provides AI-powered receptionist services to UK businesses. This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.
2. Data Controller
AI Receptionist is the data controller for personal data collected through our platform. For any data protection enquiries, please contact us at privacy@aireceptionist.online.
3. Data We Collect
3.1 Business Account Holders
When you register for an AI Receptionist account, we collect:
- Account information: Name, email address, password (hashed), and phone number
- Business information: Business name, type, website URL, address, and any content you provide to train your AI receptionist
- Billing information: Payment details are processed securely by Stripe and we do not store full card numbers on our servers
3.2 Website Visitors (Chat Users)
When visitors interact with an AI Receptionist chat widget on a business's website, we may collect:
- Chat messages: The content of conversations with the AI receptionist
- Contact details: Name, email address, and/or phone number if voluntarily provided during the conversation
- Technical data: Browser type, anonymised IP address, and session cookies for authentication
4. How We Use Your Data
We use personal data for the following purposes:
- To provide the AI chat service: Processing conversations, generating responses, and delivering the receptionist functionality
- To improve responses: Analysing conversation patterns to improve AI accuracy and quality of service
- To send notifications: Service updates, lead alerts, and account-related communications
- To manage accounts: Authentication, billing, and customer support
- To comply with legal obligations: Including UK GDPR and other applicable laws
5. Legal Basis for Processing
We process personal data under the following legal bases as defined by UK GDPR:
- Contract performance (Article 6(1)(b)): Processing necessary to provide our services under our Terms of Service
- Legitimate interests (Article 6(1)(f)): Improving our services and ensuring platform security
- Consent (Article 6(1)(a)): Where chat visitors voluntarily provide personal information or consent to cookies
- Legal obligation (Article 6(1)(c)): Compliance with applicable laws and regulations
6. Data Storage & Security
All data is stored on servers located in the UK and EU. We implement appropriate technical and organisational measures to protect your data:
- All data is encrypted at rest using AES-256 encryption
- All data in transit is protected by TLS 1.2+
- Access controls and authentication protect all internal systems
- Regular security audits and vulnerability assessments
7. Third-Party Data Processors
We use the following third-party services to deliver our platform. Each processor has been vetted for UK GDPR compliance:
| Processor | Purpose | Data Location |
|---|
| Supabase | Database & authentication | EU |
| OpenAI | AI conversation processing | EU / US (with DPA) |
| Stripe | Payment processing | EU / US (with DPA) |
| Resend | Transactional email delivery | US (with DPA) |
Where data is transferred outside the UK/EU, appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs).
8. Data Retention
- Chat data: Conversations and messages are retained for 12 months from the date of the conversation, then automatically deleted
- Account data: Retained for the duration of your account and deleted within 30 days of account closure
- Billing records: Retained for 7 years as required by UK tax law
- Lead data: Retained for 12 months or until deleted by the business account holder
9. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (“right to be forgotten”)
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to the processing of your data for certain purposes
- Right to restrict processing: Request that we limit how your data is used
To exercise any of these rights, please contact us at privacy@aireceptionist.online. We will respond to your request within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.
10. Cookie Policy
We use a minimal set of cookies and local storage:
- Session cookies: Essential cookies for authentication and maintaining your logged-in session. These are strictly necessary and do not require consent.
- Local storage — Visitor ID: A randomly generated identifier stored in the browser's localStorage to maintain chat continuity for returning visitors. No personal information is stored.
- Local storage — GDPR consent: Records whether a visitor has acknowledged the privacy notice on the chat widget.
We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.
11. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of any material changes via email. The “Last updated” date at the top of this page indicates when the policy was last revised.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection team: