Privacy Policy

Imogen Grace is a premium British AI receptionist for UK businesses. The Imogen Grace service is operated and sold by Greyline Technologies Ltd, with the underlying technology owned by Brightstar Operations Ltd. In this policy “we”, “us” and “Imogen Grace” refer to the operator of the service.

This policy explains what personal data we process when you use Imogen Grace, when your customers call your Imogen Grace number, and what rights you and your callers have under UK GDPR and the Data Protection Act 2018.

Imogen Grace answers calls on a dedicated phone number on your behalf. At the start of each call, before Imogen speaks with the caller, the caller hears a short notice that the call is being handled by an AI assistant and may be recorded. This notice plays on every call. We do not begin the conversation until that notice and the greeting have finished.

Recording exists so that you have an accurate record of each enquiry and so the call can be transcribed and summarised for you. If a caller does not wish to continue, they can end the call at any time.

For you, our customer (the business owner and any team members you invite):

• Account details: name, email address, phone number, business name and address.
• Billing information processed through our payments provider.
• The configuration you give Imogen: greeting, services, pricing approach and call rules.
• Usage and security logs needed to run the service reliably.

For callers to your Imogen Grace number:

• Audio recordings of the call.
• Transcripts of the call.
• Caller details captured during the call, such as name, phone number, email address and the details of their enquiry or appointment.
• Call metadata: the time, duration and the number called.

We process this data to answer and transcribe calls, capture leads, book appointments, send owner-approved follow-up messages, show your call activity in your dashboard, take payment for the service, and keep the service secure and reliable. We rely on our legitimate interests in operating the service you have engaged us for, and on performance of our contract with you. We do not sell personal data, and we do not use call content to train third-party models.

We use the following trusted providers to deliver the service. Each processes data only as needed to perform its function, under contract:

• Supabase: application database and storage for your account and call data.
• Telnyx: telephony and call connectivity.
• Deepgram: real-time speech to text during calls.
• AssemblyAI: post-call transcription and entity capture.
• Google (Gemini): the language model that powers Imogen’s responses.
• Cartesia: text to speech for Imogen’s voice.
• Resend: transactional email such as alerts and notifications.
• Stripe: subscription billing and payment processing.
• Nango: secure brokering of calendar and mailbox connections you choose to connect.
• Sentry: application error monitoring.
• LiveKit: the real-time call media layer, self-hosted on our infrastructure.

Our core application data is held within the UK and EU. Some subprocessors listed above may process data outside the UK and EU. Where that happens, transfers are protected by appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses. We can provide details of a specific provider on request.

We keep account and billing data for as long as you have an account with us, and for a reasonable period afterwards to meet legal and accounting obligations. Call recordings, transcripts and caller details are retained so you can review your enquiries. You can ask us to delete specific recordings or caller records, and we will delete your data when your account is closed, subject to any legal retention we are required to keep.

Under UK GDPR you have the right to access, correct, delete and port your personal data, to object to or restrict certain processing, and to withdraw consent where we rely on it. Where you are the business customer, you are the controller of your callers’ data and we act as your processor. We will help you respond to any request from your callers.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority, at ico.org.uk.

For any privacy question or to exercise your rights, email [email protected]. We aim to respond within a few working days.