Agents4You — Data Protection Information
Last Updated: March 2026
Agents4You is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we handle personal data across our AI receptionist platform, and how our two-sided platform model works from a data protection perspective.
This is important to understand.
Agents4You operates a platform used by business clients (e.g. a plumber, a salon) to handle calls from their customers (the callers). This creates two distinct data relationships with different rules applying to each.
| Role | Who | Responsibility |
|---|---|---|
| Data Controller (for business client data) | Agents4You | We control how we store and use your account data, billing data, and usage data as our customer |
| Data Processor (for caller data) | Agents4You | We process caller data on behalf of our business clients, following their configuration and instructions |
| Data Controller (for caller data) | Our business client (e.g. the plumber) | They decide what caller data to collect and are responsible for their callers' data protection rights |
We do NOT store call audio recordings. Voice is processed in real time and not retained.
| Processing Activity | Lawful Basis | Article |
|---|---|---|
| Providing the AI receptionist service to clients | Contract performance | Art. 6(1)(b) |
| Processing caller data during and after calls | Legitimate interest (service delivery on behalf of client) | Art. 6(1)(f) |
| Sending transactional emails | Contract performance | Art. 6(1)(b) |
| AI-assisted customer support | Legitimate interest | Art. 6(1)(f) |
| AI-powered voice receptionist (call handling, transcription, response generation) | Contract performance | Art. 6(1)(b) |
| Fraud prevention and security | Legitimate interest | Art. 6(1)(f) |
| Financial record retention | Legal obligation | Art. 6(1)(c) |
| Data | Retained For | Risk Level if Exceeded |
|---|---|---|
| Call transcripts | 30 days maximum — auto-deleted | HIGH — contains conversation content |
| Caller phone numbers | 30 days — anonymised or deleted | MEDIUM — personal identifier |
| Booking contact details | 30 days after appointment | MEDIUM — personal contact data |
| Call metadata (timestamps, duration, cost) | 12 months | LOW — non-sensitive operational data |
| Account data | Subscription + 30 days | LOW — customer relationship data |
| Financial records | 7 years (legal requirement) | NONE — legally mandated |
The following third-party services process personal data on our behalf. All are bound by data processing agreements or standard contractual clauses.
| Provider | Role | Location | Data Protection Basis |
|---|---|---|---|
| Twilio | Call routing and telephony | Ireland (EU) | Automatic DPA with Terms of Service — UK GDPR addendum included |
| Stripe | Payment processing | EU / UK | Automatic DPA — GDPR compliant |
| SendGrid | Email delivery | USA | Standard Contractual Clauses |
| Anthropic | AI language model — powers voice call conversations and customer support | USA | Direct agreement — DPA with UK IDTA — SCCs Module 2+3 |
| Google Cloud | Speech-to-text and text-to-speech — converts caller audio to text and AI responses to speech | EU (EEA processing via Twilio IE1 region) | Google Cloud DPA |
| ElevenLabs | Text-to-speech — premium voice synthesis (available for select voice configurations) | EEA processing not yet confirmed | DPA available — EEA processing pending confirmation |
| Amazon Web Services (Polly) | Text-to-speech — voice synthesis for select voice configurations | EU (via Twilio ConversationRelay) | Covered under Twilio DPA (sub-processor) |
| Hostinger | Server hosting | EU — Paris, France | Data Processing Agreement |
| IONOS | Domain and inbound email | EU — Germany | EU-based, GDPR compliant by jurisdiction |
| Vercel | Website hosting | USA | Standard Contractual Clauses |
| Google / Microsoft | Calendar sync (optional) | USA | Customer-authorised OAuth — provider's own compliance |
Where data is transferred outside the UK, we rely on one or more of the following safeguards:
If you are a business client of Agents4You, you can exercise the following rights by contacting support@agents4you.co.uk:
If you are a caller who interacted with one of our client's AI receptionists, please contact that business directly. They are the data controller for your call data.
To escalate a complaint to the UK regulator: ico.org.uk
Article 50 — AI Disclosure to Callers
Under the EU AI Act (Article 50), which applies to AI systems deployed in the EU, callers must be informed when they are interacting with an AI system. Although the UK has not enacted equivalent legislation, we proactively support this transparency requirement for all calls. Our platform implements this through a configurable AI disclosure greeting. Business owners can enable an AI disclosure statement that is read to callers at the start of each call. We strongly recommend all business clients enable this disclosure. By default, clients are prompted to configure this setting during onboarding.
If you are a caller who interacted with one of our AI receptionists and were not informed it was an AI, please contact the business directly or reach us at privacy@agents4you.co.uk. The business client bears legal responsibility for their own disclosure obligations.
Data protection queries: privacy@agents4you.co.uk
Legal entity: Agents4You Ltd, trading as Agents4You
This page will be reviewed by external legal counsel prior to full commercial launch.