Privacy Policy

1. Introduction

This Privacy Policy explains how Callmate processes personal data when you:

• Visit our website at https://www.callmate.io
• Interact with our social media pages
• Use the Callmate platform

Personal data means any information that can identify you directly or indirectly, such as your name, email address, or information about how you use our services.

2. Who We Are

Callmate Ltd is the data controller for personal data processed through our website and for your account data. When you use our platform to contact your customers, you are the data controller for your end-users' data, and Callmate acts as the data processor.

Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
Contact: dennis@callmate.io

3. Data We Collect and Process

3.1 Website Visitors

Technical Data (collected automatically):

• IP address
• Browser type and version
• Operating system
• Pages accessed and time of access
• Language settings

Contact Form & Enquiries:

• Name, email, and any information you provide in your message

Newsletter Subscriptions:

• Email address (with your consent)

3.2 Platform Users

Your Account Data (we control):

• Account registration details
• Billing information
• Login credentials and authentication data
• Usage data and platform interactions

Customer Data (you control, we process on your behalf):

• Contact details of call recipients
• Call metadata (duration, time, phone numbers)
• Conversation data (transcripts, summaries, recordings where enabled)
• Configurations, workflows, and prompts you create

4. How We Use Your Data

4.1 Website Data

We use website data to:

• Operate a secure and functional website
• Respond to enquiries and communications
• Send newsletters (with your consent)
• Improve our services
• Comply with legal obligations

Legal Basis:

• Legitimate interests (website security, responding to enquiries, improving services)
• Consent (newsletter subscriptions)
• Contract performance (when processing is necessary to provide requested services)

4.2 Platform Data

We process platform data to:

• Provide and operate the platform
• Enable AI-powered call handling
• Generate transcripts, summaries, and analytics
• Provide customer support
• Maintain security and prevent abuse

Legal Basis:

• Contract performance (providing the Services)
• Legitimate interests (security, fraud prevention, service improvements)
• Your instructions (when processing Customer Data on your behalf)

5. Controller vs Processor Roles

When you use the platform to contact your customers:

• You are the data controller for your end-users' data
• Callmate is the data processor acting on your instructions
• You are responsible for obtaining consents, providing notices, and maintaining lawful basis under applicable privacy laws

For your account and website data:

• Callmate is the data controller

6. Data You Must Not Provide

Do not submit to the platform:

• Protected health information (HIPAA-regulated PHI)
• Special category or sensitive personal data under UK/EU law

If you submit prohibited data, you remain solely responsible for compliance, and we may delete or restrict it to mitigate risk.

7. Cookies

We use cookies that are necessary for our website to function properly and securely, including for login functionality and media content delivery. These cookies are used based on our legitimate interest in providing a functional website.

8. Third-Party Services

8.1 Website Hosting

Our website is hosted by Webflow, Inc. (San Francisco, USA), which processes technical data such as IP addresses and log data on our behalf. See Webflow's privacy policy for details.

8.2 Newsletter

We send newsletters using LinkedIn, which processes usage and communication data in connection with this service.

8.3 Subprocessors (Platform)

We use trusted third-party subprocessors to deliver the platform Services. View our current list of subprocessors.

We provide 30 days' notice of subprocessor changes. You may object on reasonable data protection grounds.

9. Security

We implement industry-standard security measures including:

• Encryption in transit and at rest
• Access controls and authentication
• Regular security monitoring
• Role-based access for personnel

10. International Data Transfers

We may process data in the UK and other locations outside the European Economic Area (EEA).

Safeguards we use:

• Adequacy decisions (e.g., transfers to UK, Canada, Israel)
• EU-US Data Privacy Framework (for US transfers where applicable)
• Standard Contractual Clauses
• Additional security measures (encryption, transparency obligations)

11. Data Retention

Website data: Deleted once no longer needed, typically within 14 days for technical logs. Contact form data deleted once your enquiry is resolved, unless legal retention obligations apply.

Customer Data (platform): Retained while your account is active and for a reasonable period after termination to allow data retrieval. We delete data upon your request, except where retention is required by law.

Account Data: Retained for as long as necessary for business, legal, and compliance purposes.

12. Your Rights

You have the right to:

• Access your personal data
• Correct inaccuracies
• Request deletion of your data
• Restrict how your data is used
• Object to certain types of processing
• Data portability (receive your data in a portable format)
• Withdraw consent (where we rely on consent)

For Customer Data on the platform:
You (as the controller) are responsible for responding to data subject requests from your end-users. We'll provide reasonable assistance through self-service tools or upon request.

To exercise your rights: Contact us at dennis@callmate.io

13. Data Breach Notification

If we become aware of a security incident affecting your data, we'll notify you without undue delay and provide information to help you meet your legal notification obligations.

14. US Privacy Laws

For customers subject to US state privacy laws (CCPA, CPRA, Virginia CDPA, Colorado CPA, etc.):

• Callmate acts as a "service provider" or "processor"
• We do not sell or share your personal data
• We process data only to provide the Services
• We comply with applicable restrictions and requirements

15. Social Media

We maintain profiles on social media platforms (including LinkedIn) to present our services and communicate with users. Social media providers process personal data for their own purposes and may store data outside the EU/UK. See their privacy policies for details:

• LinkedIn Privacy Policy

If you contact us through social media, we process your information based on our legitimate interest in communication.

16. Commercial Customers

If you have a signed Master Services Agreement (MSA) with Callmate, the Data Processing Addendum (DPA) in your contract provides additional detail and takes precedence over this policy.

17. Providing Personal Data

In some cases, you need to provide personal data so we can enter into or perform a contract with you or comply with legal obligations. If you don't provide required data, we may not be able to provide certain services.

Where data is mandatory, this will be clearly indicated.

18. Automated Decision-Making

We do not use fully automated decision-making processes that produce legal or similarly significant effects on individuals.

19. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. We'll notify you of material changes by email or through the platform.

20. Questions and Contact

If you have questions about this Privacy Policy or our data protection practices:

Email: dennis@callmate.io
Address: Callmate Ltd, 128 City Road, London, EC1V 2NX, United Kingdom