Last updated: 14 July 2026
Vocalenda ("we," "our," or "us") is a UK-based service that answers business phone lines with an AI assistant, books appointments into Google Calendar, and sends text confirmations. This policy explains what personal information we handle and why, under the UK GDPR and the Data Protection Act 2018 (and the EU GDPR where it applies).
It covers two different groups of people, so it is written in two parts: callers, people who phone a business that uses Vocalenda, and business customers, the people who run their business on Vocalenda. For callers, the business you phoned is the data controller and we process your information on its behalf. For business customers, we are the data controller for your account.
When you call a business that uses Vocalenda, your call may be answered by an automated AI assistant rather than a person (each business chooses whether the assistant answers or the call goes to a member of staff). You do not have to go looking for this page to find that out: the assistant says so at the start of every call, before you tell it anything, and tells you the call is transcribed. No business can edit or remove that. The call is transcribed in real time so the assistant can understand and act on your request, for example to book or change an appointment. Audio is not kept as a recording; the written transcript is kept as part of the business's call history.
To provide the service we handle: the phone number you call from, your name if you give it, the appointment details you ask for, the call transcript, and any text messages sent to confirm or remind you about a booking. We use this only to run the call and manage the booking for the business you phoned. We do not use it for advertising and we do not sell it.
If you would prefer not to speak to an automated assistant, you can hang up and contact the business another way, ask the assistant to take a message for the business, or ask to be put through to a person where the business has that option set up. For questions about how your information is used, or to exercise your data rights, contact the business you called (it is the data controller); we will help them respond, and you can also contact us directly using the details below.
The UK GDPR requires us to have a lawful basis for every use of personal information. We do not rely on consent to answer your call, because you cannot book an appointment without giving the details the booking is made from. Instead:
If you run a business on Vocalenda, we handle your account information to provide the service you signed up for (Article 6(1)(b), contract), to keep the service secure and working (Article 6(1)(f), legitimate interests), and to meet our tax and accounting duties (Article 6(1)(c), legal obligation). Where we do ask for consent, for example to connect your Google Calendar, you can withdraw it at any time without affecting anything we did before you withdrew it.
To set up and run your receptionist we collect the information you give us during sign-up and in your dashboard:
We do not train AI models on your data. The AI providers we use process each call in order to run that call, under data processing agreements. One exception is disclosed below: our speech provider may use call audio to improve the accuracy of its speech recognition models.
Calls are transcribed in real time and audio is not stored as a recording; the transcript is kept as part of the business's call history. Like every modern software service we rely on specialist providers, each operating under a data processing agreement:
We want to be direct about this one, because it is the only place where anything is used for a purpose beyond running your call. Deepgram, the company that turns speech into text for us, operates a programme in which customer audio helps improve the accuracy of its speech models, and we take part. In practice that means the audio of calls may be used to make speech recognition better, including at understanding regional accents and names, which is the part of this service that most often gets things wrong.
What is not used: your appointment records, your call transcripts as held in the business's call history, your phone number as a piece of contact information, or anything in our database. Nothing is used to build a profile of you, to advertise to you, or to identify your voice, and Deepgram does not sell it. Taking part is what keeps this service affordable enough to offer at a small business price, and we would rather tell you plainly than bury it.
You can object to this and we will act on it. Tell the business you called, or contact us using the details below, and we will add your number to our exclusion list. From your next call onwards your audio is marked so that Deepgram does not keep it or use it for model improvement, at every business you ring, not just the one you told. You do not have to give a reason and it will not affect your booking.
Your records live in the EU. The live call is handled in the United States. Specifically:
Stays in the EU (Ireland):
Handled in the United States, during the call itself:
We looked at moving speech processing into the EU, which Deepgram offers. Today it would mean running a noticeably worse assistant, so we have kept the call quality and are being open with you about where it happens rather than quietly making the trade. We keep this under review.
Where information leaves the UK or EU, the transfer is protected by recognised safeguards such as the UK International Data Transfer Agreement or Addendum, standard contractual clauses, or an adequacy decision, as part of each provider's data processing agreement. This does not mean your data is unprotected once it leaves; it means each provider is contractually held to UK-equivalent standards.
Our application integrates with Google services and strictly complies with Google's Limited Use requirements. We request only the minimum necessary permissions:
https://www.googleapis.com/auth/calendar): Used exclusively to manage appointments on your behalf, including creating, updating, and canceling calendar eventshttps://www.googleapis.com/auth/userinfo.email): Used only for account identification and service-related communicationWe do not sell, trade, or rent personal information. We share it only:
We implement appropriate technical and organisational security measures to protect personal information against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit, access controls, and keeping the data we hold to the minimum the service needs.
Under the UK GDPR you have the right to:
If you are a caller, the business you phoned is the data controller, so it is usually quickest to contact them first; we will help them respond. You also have the right to complain to the Information Commissioner's Office (ico.org.uk) if you are unhappy with how your data has been handled.
"As long as necessary" is not a real answer, so here are the actual periods. They are enforced automatically, every day, rather than depending on someone remembering.
A caller can ask for their information to be deleted sooner than any of this. Contact the business you called, or us using the details below, and it will be removed.
We keep cookies to a minimum. We use:
We don't use advertising or cross-site tracking cookies. You can clear or block cookies in your browser at any time.
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: hello@vocalenda.com
General Inquiries: hello@vocalenda.com
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after such modifications constitutes acceptance of the updated Privacy Policy.