Privacy Policy

Last updated: 10/16/2025

1. Introduction

SuperSede AI Ltd (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice AI agent services, website, or related services (collectively, the “Service”).

We are a UK-based company and comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This policy applies to all users of our Service, regardless of location.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company details
  • Communication Data: Messages, inquiries, and responses exchanged with us
  • Payment Information: Billing details, payment method information
  • Voice Interaction Data: Audio recordings, transcripts, conversation metadata
  • Technical Data: API keys, integration settings, usage analytics

2.2 Information Automatically Collected

  • Usage Data: Service usage patterns, feature utilization, interaction frequency
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, actions performed within our Service
  • Performance Data: Response times, error rates, system performance metrics

2.3 Information from Third Parties

  • Integration Partners: Data from telephony providers, CRM systems, or other integrations
  • Analytics Providers: Usage analytics and performance metrics
  • Payment Processors: Payment confirmation and transaction data

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our voice AI services
  • Account Management: To create and manage user accounts and preferences
  • Communication: To respond to inquiries, provide support, and send service updates
  • Analytics: To analyze usage patterns and improve service performance
  • Security: To detect and prevent fraud, abuse, and security threats
  • Legal Compliance: To comply with legal obligations and enforce our terms
  • Business Operations: To process payments and manage business relationships

4. Legal Basis for Processing

Under GDPR, we process personal data based on the following lawful bases:

  • Contract: To perform our contractual obligations and provide requested services
  • Legitimate Interests: To improve our services, ensure security, and conduct business operations
  • Legal Obligation: To comply with applicable laws and regulations
  • Consent: Where you have explicitly consented to specific processing activities

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to help us operate our business, including:

  • Cloud hosting providers (data stored in UK/EU)
  • Payment processors
  • Analytics and monitoring services
  • Communication and support tools

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

5.3 Legal Requirements

We may disclose information when required by law, legal process, or government request, or to protect our rights, safety, or the rights and safety of others.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy or as required by law. Our retention periods vary depending on the type of data and purpose:

  • Account Data: Retained while account is active, plus 3 years after closure
  • Voice Interaction Data: Retained for 90 days for quality assurance, then anonymized
  • Communication Data: Retained for 3 years for support and legal purposes
  • Payment Data: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Retained in aggregated, anonymized form indefinitely

7. Your Rights

Under GDPR and UK data protection law, you have the following rights regarding your personal data:

  • Access: Request information about what personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data (subject to legal requirements)
  • Restriction: Request limitation of processing in certain circumstances
  • Data Portability: Request a copy of your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in Section 12. We will respond within 30 days and may require verification of your identity.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication requirements
  • Employee training on data protection practices
  • Incident response procedures and breach notification protocols

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information.

9. International Data Transfers

Your data may be transferred to and processed in countries other than the UK. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Transfers within the EU/EEA are permitted under GDPR
  • Transfers to countries with adequacy decisions (e.g., Canada, Japan)
  • Use of Standard Contractual Clauses for other transfers
  • Implementation of supplementary measures where required

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will take steps to delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us immediately.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. For detailed information about our use of cookies, please see our Cookie Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or prominent notice on our website at least 30 days before they become effective. Your continued use of our Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer

SuperSede AI Ltd

[Registered Address]

[City, Postcode]

United Kingdom

Email: privacy@supersede-ai.com

Phone: [Contact Phone]

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately. Contact details for the ICO can be found at ico.org.uk.

14. Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details provided above.