Privacy Policy.
Last Updated: 9 November 2024
1. INTRODUCTION
MOTUS AI ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI phone answering services and website.
Data Controller:
[Your Legal Entity Name]
[Registered Address]
Company Number: [XXXXX]
Email: privacy@motusai.co.uk
This Privacy Policy complies with:
UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
Account Information:
Full name
Business name
Email address
Phone number
Business address
VAT number (if applicable)
Payment information (processed securely by third-party providers)
Business Configuration Data:
Service descriptions
Pricing information
Business hours
Appointment scheduling rules
FAQs and knowledge base content
Call handling preferences
Escalation procedures
Communication Data:
Emails, chat messages, or phone calls with our support team
Feedback and survey responses
Demo requests and inquiries
2.2 Information Collected Automatically
Call Data:
Caller phone numbers
Call duration and timing
Call recordings and transcripts
Caller names and contact details (as provided during calls)
Appointment information
Customer inquiries and requests
Technical Data:
IP addresses
Browser type and version
Device information
Operating system
Time zone settings
Website usage data (pages visited, time spent, clicks)
Cookies and similar technologies (see Cookie Policy)
Integration Data:
CRM contact records
Calendar appointment data
Third-party system authentication tokens
API usage logs
2.3 Information from Third Parties
We may receive information from:
Payment processors (transaction confirmations)
CRM platforms you integrate with us
Calendar systems you connect
Telecommunications providers
Marketing platforms
Analytics providers
3. LEGAL BASIS FOR PROCESSING
We process your personal data under the following legal bases:
3.1 Contract Performance (Art. 6(1)(b) UK GDPR)
Processing necessary to:
Provide the AI phone answering service
Process payments
Manage your account
Deliver customer support
3.2 Legitimate Interests (Art. 6(1)(f) UK GDPR)
Our legitimate interests include:
Improving service quality and AI performance
Preventing fraud and security threats
Marketing our services to businesses
Understanding how our service is used
Operating our business efficiently
3.3 Legal Obligations (Art. 6(1)(c) UK GDPR)
To comply with:
Tax and accounting requirements
Legal requests from authorities
Regulatory reporting obligations
Anti-money laundering laws
3.4 Consent (Art. 6(1)(a) UK GDPR)
Where required, we obtain consent for:
Marketing communications
Non-essential cookies
Special category data (if applicable)
You may withdraw consent at any time.
4. HOW WE USE YOUR INFORMATION
4.1 Service Provision
We use your data to:
Answer calls on your behalf
Book appointments into your calendar
Create CRM records for leads
Send SMS and email confirmations
Handle customer inquiries
Escalate calls according to your rules
Generate call transcripts and summaries
4.2 AI Training and Improvement
We use anonymized call data to:
Train and improve AI models
Enhance natural language understanding
Improve accent and dialect recognition
Develop new features
Fix bugs and errors
Important: We anonymize data before using it for AI training, removing identifiable information.
4.3 Business Operations
We use your data to:
Process payments and invoices
Manage subscriptions
Provide customer support
Send service updates and notifications
Conduct security and fraud prevention
Comply with legal obligations
4.4 Analytics and Research
We use aggregated, anonymized data to:
Understand usage patterns
Measure service performance
Conduct market research
Improve user experience
Generate industry insights
4.5 Marketing
With your consent, we may:
Send promotional emails
Share product updates
Offer special promotions
Request feedback and reviews
You can opt out of marketing at any time.
5. HOW WE SHARE YOUR INFORMATION
5.1 Service Providers
We share data with trusted third parties who help us operate:
Infrastructure Providers:
Cloud hosting: [AWS/Google Cloud/Azure]
Telephony: [Twilio/Similar]
Payment processing: [Stripe/Similar]
Business Tools:
Analytics: Google Analytics
Email services: [Provider]
CRM: [If applicable]
Help desk: [Provider]
AI and Machine Learning:
[AI model providers if using third-party LLMs]
Voice synthesis providers
Speech-to-text services
All service providers are contractually bound to protect your data and use it only as we instruct.
5.2 Legal Requirements
We may disclose your data:
To comply with legal obligations
In response to lawful requests by public authorities
To enforce our Terms of Service
To protect our rights, property, or safety
In connection with fraud prevention
During emergencies to prevent harm
5.3 Business Transfers
If MOTUS AI is acquired, merged, or restructured, your data may be transferred to the new entity. You will be notified of any such change.
5.4 With Your Consent
We may share your data with other parties when you explicitly consent.
5.5 Third-Party Integrations
When you integrate third-party services (CRM, calendar):
You authorize data sharing with those services
Their privacy policies govern their data use
We are not responsible for their data practices
6. DATA RETENTION
6.1 Retention Periods
We retain data for the following periods:
Account Data:
Active accounts: Duration of subscription + 30 days
Cancelled accounts: 30 days after cancellation
Financial records: 7 years (tax requirements)
Call Recordings:
Standard retention: 90 days
Extended retention: Up to 12 months (for training, with consent)
You may request earlier deletion
Call Transcripts:
Standard retention: 12 months
Anonymous transcripts for AI training: Indefinitely
Technical Logs:
Website logs: 90 days
System logs: 12 months
Security logs: 24 months
Marketing Data:
Until you unsubscribe + 12 months
Suppression lists: Indefinitely (to honor opt-outs)
6.2 Deletion Criteria
We delete or anonymize data when:
Retention period expires
You request deletion (subject to legal obligations)
Data is no longer necessary for its purpose
You withdraw consent (where consent is the legal basis)
7. YOUR RIGHTS UNDER UK GDPR
7.1 Right of Access
You can request:
Confirmation of data processing
Copy of your personal data
Information about how we use your data
Response time: Within 1 month
Fee: Free (reasonable requests)
7.2 Right to Rectification
You can request correction of:
Inaccurate personal data
Incomplete personal data
We will update third parties we've shared data with, where possible.
7.3 Right to Erasure ("Right to be Forgotten")
You can request deletion when:
Data is no longer necessary
You withdraw consent
You object to processing
Data was unlawfully processed
Exceptions: We may retain data where legally required (e.g., financial records, dispute resolution).
7.4 Right to Restrict Processing
You can request restriction when:
You contest data accuracy
Processing is unlawful
We no longer need the data but you need it for legal claims
You've objected to processing (pending verification)
7.5 Right to Data Portability
You can request:
Your data in a structured, machine-readable format (CSV, JSON)
Transfer to another service provider
Applies to data you provided based on consent or contract.
7.6 Right to Object
You can object to processing based on:
Legitimate interests
Direct marketing (absolute right)
Profiling
7.7 Automated Decision-Making
Our AI makes some automated decisions (e.g., call routing, appointment booking). You have the right to:
Request human intervention
Express your point of view
Contest the decision
7.8 How to Exercise Your Rights
Email: privacy@motusai.co.uk
Post: [Address]
Account Dashboard: [If available]
We will respond within 1 month. For complex requests, we may extend to 3 months with explanation.
7.9 Right to Complain
If you're unhappy with our data handling, contact:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk
8. DATA SECURITY
8.1 Security Measures
We protect your data using:
Technical Measures:
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Secure authentication (MFA available)
Regular security audits
Penetration testing
Access controls and permissions
Firewall protection
DDoS mitigation
Organizational Measures:
Staff training on data protection
Confidentiality agreements
Access on need-to-know basis
Incident response procedures
Regular policy reviews
Vendor security assessments
8.2 Data Breach Procedures
In case of a breach, we will:
Assess the risk and scope
Notify the ICO within 72 hours (if required)
Notify affected individuals without undue delay
Document the incident
Take steps to prevent recurrence
9. INTERNATIONAL DATA TRANSFERS
9.1 Data Location
Your data is primarily stored in:
UK data centers (primary)
EU data centers (backup)
9.2 Transfers Outside UK/EU
If we transfer data outside the UK/EU, we ensure adequate protection through:
Standard Contractual Clauses (SCCs) approved by the ICO
Adequacy decisions (countries deemed to have adequate protection)
Binding Corporate Rules (where applicable)
9.3 Third-Party Transfers
Some service providers may process data outside the UK/EU:
[List any non-UK/EU providers, e.g., US cloud services]
We ensure appropriate safeguards are in place
10. COOKIES AND TRACKING
We use cookies and similar technologies. See our separate Cookie Policy for details.
Essential Cookies: Required for service operation
Analytics Cookies: To understand usage (with consent)
Marketing Cookies: For advertising (with consent)
You can manage cookie preferences through our cookie banner or browser settings.
11. CHILDREN'S PRIVACY
Our Service is not directed at children under 16. We do not knowingly collect data from children. If we discover we've collected a child's data, we will delete it immediately.
12. CALL RECORDING NOTICES
12.1 Your Obligations
When using our service, you must:
Inform callers that calls are recorded
Display notices on your website
Include recording information in your terms
Comply with PECR call recording requirements
12.2 Our Recording Practices
We record calls to:
Provide the core service
Improve AI performance
Ensure quality
Resolve disputes
Train staff
Callers to our support lines are notified that calls may be recorded.
13. CALLER PRIVACY
13.1 Caller Rights
Callers to your business have rights regarding their data. You are the data controller for caller data. We process it on your behalf as data processor.
13.2 Caller Requests
If a caller contacts us to exercise their rights, we will direct them to you as the data controller.
13.3 Data Processing Agreement
Our relationship with you is governed by a Data Processing Agreement (DPA) that ensures:
We process caller data only on your instructions
We implement appropriate security measures
We assist with data subject requests
We notify you of any breaches
14. MARKETING COMMUNICATIONS
14.1 Business-to-Business Marketing
We may send marketing emails to business contacts based on legitimate interests.
14.2 Opt-Out
You can opt out by:
Clicking "Unsubscribe" in emails
Emailing marketing@motusai.co.uk
Updating preferences in your account
Contacting us directly
We will process opt-outs within 2 business days.
14.3 Transactional Emails
We will still send:
Service updates
Security alerts
Billing notifications
Account-related information
These cannot be opted out of while you use the Service.
15. THIRD-PARTY LINKS
Our website may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy to reflect:
Changes in law or regulation
New features or services
Changes in business practices
Feedback from regulators
Notification: We will notify you of material changes by:
Email to your registered address
Notice on our website
In-app notification
Effective Date: Changes take effect 30 days after notification (unless legally required sooner).
17. DATA PROTECTION OFFICER
For data protection queries, contact:
Data Protection Officer
MOTUS AI
Email: dpo@motusai.co.uk
Post: [Address]
18. CONTACT US
For privacy-related questions:
Privacy Team
MOTUS AI
[Your Legal Entity Name]
[Registered Address]
Email: privacy@motusai.co.uk
Phone: [Phone Number]
Website: www.motusai.co.uk/privacy
19. GLOSSARY
Personal Data: Information relating to an identified or identifiable person
Processing: Any operation performed on personal data
Data Controller: Entity that determines purposes and means of processing
Data Processor: Entity that processes data on behalf of a controller
Data Subject: Individual whose personal data is processed
Consent: Freely given, specific, informed indication of wishes
20. SPECIFIC PRIVACY INFORMATION
20.1 Profiling
We use automated profiling to:
Customize AI responses
Predict call handling needs
Optimize service performance
This does not result in legal or similarly significant effects.
20.2 Special Category Data
We do not intentionally collect special category data (race, health, religion, etc.). If such data is inadvertently collected during calls, it will be deleted upon identification.
20.3 Criminal Convictions Data
We do not process data related to criminal convictions.
Last Updated: 9 November 2024
Version: 1.0
This Privacy Policy should be reviewed by a qualified data protection specialist or solicitor before use. Laws and regulations change frequently, and specific business circumstances may require additional disclosures.
