Skip to main content
Legal

Privacy Policy

Last updated:

Data Controller: Calyxio.ai Ltd, 167–169 Great Portland Street, London, W1W 5PF, UK. For data protection enquiries: hello@calyxio.ai

1. Introduction

Calyxio.ai Ltd (“Calyxio”, “we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and safeguard your personal information when you visit our website at calyxio.ai, use our services, or interact with us.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. If you do not agree with its terms, please discontinue use of our site.

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Identity Data: First name, last name, job title, company name.
  • Contact Data: Email address, telephone number, postal address.
  • Technical Data: IP address, browser type and version, time zone, browser plug-in types and versions, operating system, and other technology on the devices you use to access our website.
  • Usage Data: Information about how you use our website and services, including pages visited, time spent, and features used.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties, and your communication preferences.
  • Service Data: If you are a customer, we may process call transcripts, compliance scoring data, and other data you provide through our platform as a data processor on your behalf.

We do not collect any Special Category Data (such as health data, biometric data, or criminal convictions data) unless specifically required as part of your contracted service and with your explicit consent.

3. How We Collect Your Data

  • Direct interactions: You provide data when completing our contact form, signing up for a trial, or corresponding with us.
  • Automated technologies: We collect technical and usage data automatically as you interact with our website via cookies and similar tracking technologies.
  • Third parties: We may receive data from analytics providers (such as Google Analytics), advertising networks, and search information providers.

4. Purposes and Legal Basis for Processing

PurposeLegal Basis
To respond to your enquiries and contact form submissionsLegitimate interests (pre-contractual steps)
To provide our SaaS platform and services to youPerformance of a contract
To process payments and manage billingPerformance of a contract; Legal obligation
To send you marketing communications (where opted in)Consent
To improve our website and servicesLegitimate interests
To comply with legal and regulatory obligationsLegal obligation
To detect and prevent fraud or abuseLegitimate interests; Legal obligation
To send service notifications and updatesPerformance of a contract; Legitimate interests

5. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements.

  • Customer account data: Retained for the duration of the contract plus 6 years (for legal and tax purposes).
  • Call transcripts and compliance data: Retained per your chosen plan settings. Customers control retention periods for their service data.
  • Marketing contact data: Retained until you withdraw consent or unsubscribe.
  • Website analytics data: Typically retained for 26 months before anonymisation.
  • Contact form submissions: Retained for 2 years unless converted to a customer relationship.

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with trusted third-party service providers who assist us in operating our business, subject to strict data processing agreements:

  • Cloud infrastructure providers (UK/EEA data centres) for hosting and storage
  • Payment processors for billing and subscription management
  • Analytics providers for website usage analysis (data anonymised where possible)
  • Email service providers for transactional and marketing communications
  • Customer support tools for managing support tickets

We may also disclose personal data where required by law, court order, or government authority, or to protect the rights, property, or safety of Calyxio, our customers, or others.

7. International Data Transfers

Your data is stored in the United Kingdom by default. Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including UK Government-approved Standard Contractual Clauses or an adequacy decision.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: To request a copy of the personal data we hold about you.
  • Right to rectification: To request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): To request deletion of your personal data in certain circumstances.
  • Right to restrict processing: To request that we limit how we use your data.
  • Right to data portability: To receive your data in a structured, commonly used, machine-readable format.
  • Right to object: To object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making: Not to be subject to decisions based solely on automated processing that produce significant effects.

To exercise any of these rights, please contact us at hello@calyxio.ai. We will respond within one month of receiving your request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

We use cookies and similar tracking technologies on our website. Please see our full Cookie Policy for details of the cookies we use, their purposes and how to manage your preferences.

10. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. These include AES-256 encryption at rest and in transit, access controls, regular security audits and ISO 27001-aligned practices.

However, no transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security of data transmitted to our website.

11. Children's Data

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us immediately at hello@calyxio.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our website or by email. The “Last updated” date at the top of this page indicates when it was last revised.

13. Contact Us

For any questions about this Privacy Policy or to exercise your data protection rights:

Calyxio.ai Ltd

167–169 Great Portland Street, London, W1W 5PF, UK

Email: hello@calyxio.ai

Terms & ConditionsCookie Policy