Privacy Policy

This Privacy Policy explains how Square Peg Innovations Limited, trading as CallHandler AI ("we", "us", "our"), collects, uses and protects personal data.

We provide AI consultancy and AI-powered products and services to businesses, including AI phone agents and related automation, which operate on behalf of our clients.

We are committed to handling personal data responsibly and in accordance with applicable data protection laws, including:

• UK General Data Protection Regulation (UK GDPR)
• EU GDPR (where applicable)
• Australian Privacy Act 1988
• New Zealand Privacy Act 2020
• Applicable United States privacy laws

In most cases:

• Our clients are the Data Controllers.
• CallHandler AI acts as a Data Processor.

We process personal data strictly on the instructions of our clients and only to deliver the services they have requested. We do not determine how our clients use personal data outside of our platform.

Depending on client configuration, we may process:

• Names and contact details
• Call audio recordings
• Call transcripts and interaction metadata
• Appointment, scheduling or booking information
• Notes or outcomes generated during calls
• Limited identifiers to recognise returning callers

We only process the minimum data necessary to provide the service.

Personal data may be collected:

• Through inbound and outbound phone calls handled by our AI services
• Through secure integrations with third-party systems authorised by our clients
• Through use of our website or platform by clients

We use personal data solely to:

• Deliver the services configured and approved by our clients
• Operate, monitor and support our platform
• Ensure service quality, reliability and performance
• Comply with legal obligations

We do not use personal data for advertising, resale, or unrelated profiling.

By default, call recordings and transcripts are securely stored within our platform.

They are used only for:

• Quality assurance
• Performance monitoring
• Service improvement and troubleshooting

Access is restricted to authorised personnel and the relevant client. Recordings are never used to train external or third-party AI models. Retention periods may be configured by the client where applicable.

Our AI services operate within rules and permissions defined by each client.

Key principles:

• AI acts on behalf of the client, similar to a trained human team member
• Clients control what actions the AI may perform
• Human oversight, monitoring and configuration are always maintained

We do not use client or end-user data to train general-purpose AI models. Any internal testing is performed using our own test data or internal calls.

We do not sell or rent personal data.

Personal data may be shared only with:

• The relevant client
• Trusted sub-processors who provide infrastructure or operational services (such as hosting, telephony or analytics), all of whom are contractually required to protect personal data
• Regulators or authorities where required by law

A list of sub-processors is available upon request.

Where personal data is transferred across borders, we ensure appropriate safeguards are in place, including contractual protections and recognised transfer mechanisms, in accordance with applicable laws.

We apply appropriate technical and organisational measures to protect personal data, including access controls, secure infrastructure, monitoring and encryption where appropriate.

Personal data is retained only for as long as necessary to provide the services or meet legal and contractual obligations. Retention periods may vary based on client configuration and jurisdiction.

Depending on location, individuals may have rights to access, correct, delete or restrict the processing of their personal data, or to object to certain processing activities.

Where we act as a Data Processor, requests should be directed to the relevant client. We will assist our clients in responding to such requests as required by law.

Our website may use cookies or similar technologies for essential functionality and analytics. Further information is available in our Cookie Policy.

We may update this Privacy Policy from time to time. The current version will always be available on our website.

If you have questions about this Privacy Policy or our data practices, please contact: