Privacy policy
Last updated: 24 May 2026
The short version — what dentists, solicitors and B&B owners ask us most:
- ✓Call recording is optional and off by default. If you switch it on, calls are recorded and transcribed and the assistant tells the caller at the start of the call (legally required in the UK).
- ✓Recordings (when enabled) are kept for 30 days by default. Less or longer is fine — agreed in your DPA.
- ✓UK/EU data residency available on request. By default, call audio, transcripts and metadata are stored on our voice provider's (Vapi) infrastructure; we can configure UK/EU-only storage and provider exclusion per-client at onboarding — confirmed in writing in your DPA.
- ✓AI providers don't train on your calls. Their enterprise/business-tier terms forbid using API data for model training.
- ✓For solicitors and healthcare clients stricter retention and third-party LLM exclusion are available where separately configured and confirmed in writing in your DPA. Ask on the discovery call so we can set this up correctly before you sign.
- ✓A Data Processing Agreement (DPA) is available on request for any client, and is required for healthcare, legal and financial-services clients.
- ✓This website uses no cookies. Cloudflare Web Analytics is cookieless.
Full legal version below.
This Privacy Policy explains how EdgeAudit (operated as a UK sole trader based in the North-West of Northern Ireland — contact hello@edgeaudit.app) collects, uses, and protects information about you when you use our AI voice receptionist service and this website.
1. What we collect
From clients (businesses)
- Account details: business name, contact name, email, phone, billing address.
- Configuration details: the FAQs, services, pricing, opening hours and personality you provide for your AI assistant.
- Call analytics: aggregated call counts, outcomes (booking made / lead captured / message taken), duration, time of day — used for your weekly ROI reports.
- Billing data: handled by Stripe — we never see card numbers.
From callers (people who phone your business)
- Voice recording + transcript of the call with the AI assistant (only when recording is enabled for the business), used to log the interaction and improve quality. Where recording is on, callers are notified at the start of the call (legally required in the UK).
- Information they share during the call: name, phone number, preferred appointment time, problem description, etc. — used solely to deliver the service they're requesting (book the appointment, capture the lead).
From website visitors
- Anonymous analytics via Cloudflare Web Analytics: page views, country, browser. No cookies, no fingerprinting.
- Form submissions on /start: only what you type into the form.
2. How we use it
- Deliver the service: run the AI assistant for your callers, send you reports.
- Improve quality: tune the assistant for your specific business based on real call patterns.
- Bill you: via Stripe.
- Measure your results: compare outcomes against your pre-launch baseline for your weekly report.
3. Who we share it with
EdgeAudit is a small Northern Irish operation. The only third parties we share data with are the infrastructure providers strictly necessary to deliver the service:
- Voice AI platform (Vapi or equivalent): processes the live call audio. UK/EU data residency available on request.
- Google (Gemini), via our voice platform: the conversational AI behind the assistant. Its API terms prohibit training on customer data.
- Deepgram: speech-to-text — transcribes the call audio. Its terms prohibit training on customer data.
- ElevenLabs: text-to-speech voice synthesis.
- Twilio / Bandwidth: underlying telephony carrier.
- Cloudflare: hosts this website and handles email routing.
- Stripe: processes billing.
- Formspree: delivers enquiries you submit through the website contact form to us.
We don't sell your data. We don't share it with advertisers. We don't have advertisers.
4. How long we keep it
- Call recordings + transcripts: 30 days by default. We can extend or shorten via your DPA on request.
- Aggregated analytics: retained for the lifetime of your service contract for ROI reporting purposes.
- Account + billing data: retained for 7 years after end of service (UK accounting requirement).
5. Your rights (UK / EU GDPR)
You have the right to access, rectify, erase, restrict and port your data, and to object to processing. Email hello@edgeaudit.app with "GDPR request" in the subject and we'll respond within 30 days.
6. Security
All data is encrypted in transit (TLS 1.3) and at rest. Access is restricted to the operator through private, credential-protected accounts on a least-privilege basis.
7. Data storage and international transfers
By default, call audio, transcripts and metadata are stored by our voice orchestration provider (Vapi.ai) on their infrastructure. Underlying AI providers (Google, Deepgram, ElevenLabs) may process data in the United States. All such providers are GDPR-compliant under the EU-US Data Privacy Framework, and our contracts include Standard Contractual Clauses for any non-DPF transfers.
For healthcare and legal clients who require it, we can configure your specific deployment to use UK/EU-only data residency and to exclude particular providers from your conversation data. This is set up per-client at onboarding and documented in your Data Processing Agreement (DPA). If data residency is a regulatory requirement for you, please raise this on the discovery call so we can confirm the configuration in writing before you sign.
8. Cookies
This website uses no cookies. Cloudflare Web Analytics is cookie-free. If we add any in future, we'll display a consent banner before they're set.
9. Changes
We may update this policy as the service evolves. Material changes will be emailed to active customers. The "Last updated" date at the top tracks revisions.
10. Contact
Questions, requests or complaints: hello@edgeaudit.app.
If you're unhappy with how we've handled a request, you can complain to the UK Information Commissioner's Office at ico.org.uk.