Last updated: 2 February 2025
Vyacheslav Lukin, sole trader (“we”, “us”, “our”) operates a hosted call-handling and call-routing service (AI receptionist) that receives incoming calls on our infrastructure and forwards call outcomes to our customers. We process personal data in order to provide this service. Our contact details:
Data we collect from customers (you, the business): When you sign up or use the Service, we collect contact and account data such as email address, name, and phone number (e.g. for delivering call summaries). We use this to perform our contract with you and for support and security. We are the data controller for this data.
Data we process on behalf of customers (callers): We process data only as a data processor on behalf of our customers (e.g. businesses that use our service to handle their calls). We do not determine the purposes or means of processing; our customers do.
In the course of providing our service we may process, on behalf of our customers:
We do not sell personal data. We do not assign or transfer ownership of phone numbers. The phone numbers and call routing used to provide the Service are held and operated by us (via our sub-processors such as Twilio); customers do not acquire ownership of any numbers.
Because we act as a processor, the legal basis for processing and the way data subject rights (access, rectification, erasure, portability, objection, etc.) are exercised are determined by our customers, who are the data controllers for that data.
If you are a caller (someone who called a business that uses our service), your rights are exercised against that business. We assist them in responding to requests when they ask us to.
If you are a customer of ours, we process your account and contact data to perform our contract with you and for related legitimate interests (e.g. support, security).
Our systems run on Google Cloud Platform in the United States. Data may therefore be processed in the United States. We use appropriate safeguards (including, where applicable, the EU–US Data Privacy Framework and Standard Contractual Clauses) so that such transfers are lawful.
We use the following sub-processors to provide our service. Each is bound by contract to protect personal data:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Application hosting | US |
| Twilio | Telephony, SMS | US / EU |
| ElevenLabs | Voice AI | US |
Our current sub-processor list is also published at GDPR Sub-Processor List.
We retain personal data only as long as necessary to provide the service and as agreed with our customers. Processed call data is automatically deleted within 7 days after each call; we do not retain call metadata or content beyond that. When a customer account ends, any remaining data is deleted within 7 days, in line with our agreement (unless law requires otherwise).
We implement appropriate technical and organisational measures to protect personal data. In the event of a personal data breach that affects our customers’ data, we will notify the affected customer(s) without undue delay and assist as required by applicable law.
We may update this Privacy Policy from time to time. We will post the updated version on our website and, where required by law or our agreements, we will notify you of material changes.
For privacy-related questions or to exercise your rights (where we act as controller for your data), contact us at legal@lukin.uk.