Privacy Policy

Last updated: 10 April 2026

1. Who we are

MissedCallAI is operated by Rijas Panthayil Baby Suresh, trading as MissedCallAI, of G/1 - 7 Townhead Terrace, Paisley, PA1 2AU, United Kingdom ("we", "us", "our").

We are the data controller for personal data collected through this service. You can contact us at rijas@missedcallai.co.uk.

2. What data we collect

We collect and process the following personal data:

Account data

Your mobile phone number, business name, owner name, email address, and services description, collected when you sign up and complete onboarding.

Payment data

Your payment card details and billing information, processed directly by Stripe. We do not store card numbers — only your Stripe customer and subscription IDs.

Call data

Records of calls handled by our AI assistant on your behalf, including caller phone numbers, call summaries, call duration, and call recordings. Callers are informed at the start of each call that it may be recorded.

Usage data

Technical data such as pages visited and actions taken, collected via Vercel Analytics.

3. How we use your data

Providing the service — Contract

Processing your account details, provisioning your dedicated phone number, and operating the AI call handling service.

Processing payments — Contract

Managing your subscription, trial period, and billing via Stripe.

Sending notifications — Contract

Sending you SMS and email alerts when a missed call is handled by our AI.

Service improvement — Legitimate interest

Analysing call summaries and anonymised usage data to improve our AI assistant and service quality.

Legal compliance — Legal obligation

Retaining records as required by applicable law.

4. Sub-processors

We share your data with the following third-party processors to deliver our service. All processors are contractually bound to process data only on our instructions and in accordance with applicable data protection law.

Supabase — EU (London)

Database and authentication

Twilio — USA (SCCs in place)

Phone number provisioning and SMS notifications

Vapi — USA (SCCs in place)

AI voice assistant and call handling

Stripe — USA (SCCs in place)

Payment processing

Vercel — USA (SCCs in place)

Website hosting and analytics

Resend — USA (SCCs in place)

Transactional email delivery

5. Call recordings

Our AI assistant informs callers at the start of each call that the call may be recorded and a summary sent to the business owner. By continuing the call, the caller consents to this recording.

Call recordings are retained for a maximum of 90 days from the date of the call, after which they are permanently deleted. Call summaries and metadata (duration, caller number, timestamp) may be retained for up to 12 months for legitimate business and service improvement purposes.

Caller phone numbers are stored to enable callback functionality. Where a caller number cannot be identified, it is recorded as unknown and no personal data is stored.

6. Data retention

Account dataFor the duration of your subscription plus 6 months after cancellation

Call recordings90 days from date of call

Call summaries and metadata12 months from date of call

Payment records7 years (legal requirement)

Usage analyticsAggregated and anonymised — retained indefinitely

7. Your rights

Under UK GDPR, you have the following rights:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Request correction of inaccurate personal data.

Right to erasure

Request deletion of your personal data, subject to legal retention requirements.

Right to restriction

Request that we limit processing of your data in certain circumstances.

Right to portability

Request your data in a machine-readable format.

Right to object

Object to processing based on legitimate interests.

To exercise any of these rights, contact us at rijas@missedcallai.co.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use Vercel Analytics which does not use cookies or collect personally identifiable information. Authentication session cookies are strictly necessary for the service to function and do not require consent under UK PECR.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (TLS), row-level security on our database, and access controls limiting who can access personal data. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email. The date at the top of this page indicates when it was last updated. Continued use of the service after changes constitutes acceptance of the updated policy.