Vocalenda logoVocalenda

Privacy Policy

Last updated: 14 July 2026

Introduction

Vocalenda ("we," "our," or "us") is a UK-based service that answers business phone lines with an AI assistant, books appointments into Google Calendar, and sends text confirmations. This policy explains what personal information we handle and why, under the UK GDPR and the Data Protection Act 2018 (and the EU GDPR where it applies).

It covers two different groups of people, so it is written in two parts: callers, people who phone a business that uses Vocalenda, and business customers, the people who run their business on Vocalenda. For callers, the business you phoned is the data controller and we process your information on its behalf. For business customers, we are the data controller for your account.

If you call a business that uses Vocalenda

When you call a business that uses Vocalenda, your call may be answered by an automated AI assistant rather than a person (each business chooses whether the assistant answers or the call goes to a member of staff). You do not have to go looking for this page to find that out: the assistant says so at the start of every call, before you tell it anything, and tells you the call is transcribed. No business can edit or remove that. The call is transcribed in real time so the assistant can understand and act on your request, for example to book or change an appointment. Audio is not kept as a recording; the written transcript is kept as part of the business's call history.

To provide the service we handle: the phone number you call from, your name if you give it, the appointment details you ask for, the call transcript, and any text messages sent to confirm or remind you about a booking. We use this only to run the call and manage the booking for the business you phoned. We do not use it for advertising and we do not sell it.

If you would prefer not to speak to an automated assistant, you can hang up and contact the business another way, ask the assistant to take a message for the business, or ask to be put through to a person where the business has that option set up. For questions about how your information is used, or to exercise your data rights, contact the business you called (it is the data controller); we will help them respond, and you can also contact us directly using the details below.

Our lawful bases for using your information

The UK GDPR requires us to have a lawful basis for every use of personal information. We do not rely on consent to answer your call, because you cannot book an appointment without giving the details the booking is made from. Instead:

  • If you call a business to book, change or cancel an appointment, we handle your number, your name and your booking details because it is necessary to take the steps you asked for and to carry out the booking (Article 6(1)(b), contract). The number you call from reaches us from the telephone network as part of connecting the call.
  • If you call with a question and do not book, we handle the call and its transcript so the business can answer you and keep a record of what was said (Article 6(1)(f), legitimate interests). Our interest is running a reliable phone line for the business you chose to ring, which we balance against your privacy by keeping no audio and using nothing for advertising.
  • If the business you called is a health service, such as a dental practice, a massage therapist or a wellness business, what you say about your reason for booking may be health information, which has extra protection. The business relies on Article 9(2)(h) (provision of health care) as its additional basis, and we handle that information only on its instructions.
  • Marketing is different.We never use a caller's number for marketing. A business may only send you marketing texts if you have agreed, or where the law allows it because you are an existing customer, and every such message must offer a way to opt out.

If you run a business on Vocalenda, we handle your account information to provide the service you signed up for (Article 6(1)(b), contract), to keep the service secure and working (Article 6(1)(f), legitimate interests), and to meet our tax and accounting duties (Article 6(1)(c), legal obligation). Where we do ask for consent, for example to connect your Google Calendar, you can withdraw it at any time without affecting anything we did before you withdrew it.

If you run your business on Vocalenda

To set up and run your receptionist we collect the information you give us during sign-up and in your dashboard:

Account and business profile

  • Your name and email address (account sign-in)
  • Business details: name, type, address, contact details, opening hours, holidays and timezone
  • Services and prices, so the assistant can offer and quote them
  • Staff details you add: names, and optionally emails, phone numbers and working hours
  • Phone numbers: your business line, and any forwarding or human-handoff numbers you configure
  • Receptionist configuration: greeting, AI behaviour settings, text message templates, booking policies and the payment methods you tell callers you accept (labels only, never card details)
  • Billing is handled by Stripe; we never see or store your card details

Generated by using the service

  • Call history: transcripts, call metadata (duration, timestamps, phone numbers) and any messages or notes the assistant takes
  • Appointments and customer records created by bookings
  • Google Calendar events the assistant creates for you

Technical information (website and dashboard)

  • IP address and device or browser information, through our hosting logs, error reporting, and analytics (analytics only runs if you accept the cookie notice)
  • Usage data, such as which pages are visited
How We Use Information
  • Answer calls, and book, update and cancel appointments
  • Keep your Google Calendar in sync with bookings
  • Send appointment confirmations and reminders by text
  • Show you your call history, customers and messages
  • Bill your subscription and prevent fraud or abuse
  • Provide support and fix problems
  • Comply with legal obligations

We do not train AI models on your data. The AI providers we use process each call in order to run that call, under data processing agreements. One exception is disclosed below: our speech provider may use call audio to improve the accuracy of its speech recognition models.

Voice Data and Service Providers

Calls are transcribed in real time and audio is not stored as a recording; the transcript is kept as part of the business's call history. Like every modern software service we rely on specialist providers, each operating under a data processing agreement:

  • Deepgram: real-time speech processing for calls. Call audio may also be used by Deepgram to improve the accuracy of its speech models.
  • OpenAI: understanding requests and generating the assistant's responses
  • Twilio: telephone calls and text messages
  • Google: calendar availability and bookings
  • Clerk: business account sign-in
  • Stripe: subscription billing (we never see or store card details)
  • Supabase: our database (business, appointment and call records), hosted in the EU (eu-west-1)
  • Vercel / Render: application hosting
  • Sentry: error reporting (EU-hosted); receives technical error details only, never call audio, transcripts or personal profiles

Deepgram and speech model improvement

We want to be direct about this one, because it is the only place where anything is used for a purpose beyond running your call. Deepgram, the company that turns speech into text for us, operates a programme in which customer audio helps improve the accuracy of its speech models, and we take part. In practice that means the audio of calls may be used to make speech recognition better, including at understanding regional accents and names, which is the part of this service that most often gets things wrong.

What is not used: your appointment records, your call transcripts as held in the business's call history, your phone number as a piece of contact information, or anything in our database. Nothing is used to build a profile of you, to advertise to you, or to identify your voice, and Deepgram does not sell it. Taking part is what keeps this service affordable enough to offer at a small business price, and we would rather tell you plainly than bury it.

You can object to this and we will act on it. Tell the business you called, or contact us using the details below, and we will add your number to our exclusion list. From your next call onwards your audio is marked so that Deepgram does not keep it or use it for model improvement, at every business you ring, not just the one you told. You do not have to give a reason and it will not affect your booking.

International Transfers

Your records live in the EU. The live call is handled in the United States. Specifically:

Stays in the EU (Ireland):

  • Everything we store: your appointments, your call transcripts, the business's customer records and notes, and any messages, all held in our database
  • Our error reporting (Sentry), which never sees call content

Handled in the United States, during the call itself:

  • Deepgram, which turns your speech into text and the assistant's reply back into speech
  • OpenAI, which works out what you have asked for. Deepgram passes it the text of the conversation on our behalf; we do not send it your audio
  • Twilio, which carries the call and any texts

We looked at moving speech processing into the EU, which Deepgram offers. Today it would mean running a noticeably worse assistant, so we have kept the call quality and are being open with you about where it happens rather than quietly making the trade. We keep this under review.

Where information leaves the UK or EU, the transfer is protected by recognised safeguards such as the UK International Data Transfer Agreement or Addendum, standard contractual clauses, or an adequacy decision, as part of each provider's data processing agreement. This does not mean your data is unprotected once it leaves; it means each provider is contractually held to UK-equivalent standards.

Google Services Integration

OAuth Permissions and Limited Use

Our application integrates with Google services and strictly complies with Google's Limited Use requirements. We request only the minimum necessary permissions:

  • Calendar Access (https://www.googleapis.com/auth/calendar): Used exclusively to manage appointments on your behalf, including creating, updating, and canceling calendar events
  • Email Access (https://www.googleapis.com/auth/userinfo.email): Used only for account identification and service-related communication

Data Use Restrictions

  • Vocalenda's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements
  • Your Google user data is used exclusively for providing our appointment management services
  • We do not sell, transfer, or use your Google data for advertising or other commercial purposes
  • You can revoke access at any time through your Google account settings or on your Vocalenda dashboard
Information Sharing

We do not sell, trade, or rent personal information. We share it only:

  • With the service providers listed above, to run the service, under data processing agreements
  • With the business you called, if you are a caller: your booking, transcript and messages belong to their account
  • To comply with legal obligations or protect our rights
  • In connection with a business transfer or merger, in which case this policy continues to apply
Data Security

We implement appropriate technical and organisational security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit, access controls, and keeping the data we hold to the minimum the service needs.

Your Rights

Under the UK GDPR you have the right to:

  • Access and review your personal information
  • Request correction of inaccurate data
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Request a copy of your data in a portable format
  • Withdraw consent for Google Calendar integration at any time (through your Google account settings or on your Vocalenda dashboard)

If you are a caller, the business you phoned is the data controller, so it is usually quickest to contact them first; we will help them respond. You also have the right to complain to the Information Commissioner's Office (ico.org.uk) if you are unhappy with how your data has been handled.

Data Retention

"As long as necessary" is not a real answer, so here are the actual periods. They are enforced automatically, every day, rather than depending on someone remembering.

  • Call audio: never stored. It is turned into text as you speak and is gone.
  • Call transcripts: kept for 24 months, then deleted automatically. The booking itself stays in the business's history, so they still know you came in; the record of what was said does not outlive its usefulness.
  • Appointments, customer records and messages: kept while the business has an active account, because that is the business's own record of its customers.
  • If a business closes its account: we hold everything for 6 months in case they come back, warn them by email 30 days before, and then permanently delete their customer records, call history, appointments and messages.
  • Invoices and billing records: kept for 6 years, because UK tax law requires it. These are records of what a business paid us, not of who called them.

A caller can ask for their information to be deleted sooner than any of this. Contact the business you called, or us using the details below, and it will be removed.

Cookies

We keep cookies to a minimum. We use:

  • Essential cookies: set by Clerk to keep business owners securely signed in to the dashboard. The site doesn't work without these.
  • Analytics: Google Analytics, to understand which pages are used so we can improve them. It only runs if you accept it in the cookie notice.
  • A single small flag in your browser remembers your cookie choice, so we don't ask again.

We don't use advertising or cross-site tracking cookies. You can clear or block cookies in your browser at any time.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: hello@vocalenda.com

General Inquiries: hello@vocalenda.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy.