Privacy Policy

1. Introduction & Scope

This Privacy Policy describes how TradesAI Operator Ltd ("Company", "we", "us", "our") collects, uses, processes, and protects personal information in connection with the TradesAI Operator service ("Service"). This Policy applies to all users of the Service, including business owners ("Customers") and their end-customers ("Customer End Users"). We are committed to protecting your privacy and complying with UK GDPR, UK Data Protection Act 2018, and all applicable UK and international privacy laws.

2. Data Controller vs. Data Processor

For Business Customers: You (the Customer) are the "data controller" and TradesAI Operator is a "data processor". This means you determine how and why customer data is collected and processed. We process customer data only on your written instructions and in accordance with this Privacy Policy and your Data Processing Agreement (DPA).

For Customer End Users: If you are a customer of one of our Customers' businesses, please refer to that business's privacy policy for information about how they collect and use your personal data. If you have questions, contact the business directly.

For Direct Service Users: When you interact directly with TradesAI Operator (e.g., during signup, support requests, or website visits), we are the data controller and are responsible for your personal data.

3. Information We Collect

3.1 Information You Provide Directly

When you sign up for the Service or interact with us, we may collect: business name, owner name, email address, phone number, business address, postcode, business type/trade, bank account information for billing, credit card or payment method details, company registration number, tax identification number, and any other information you voluntarily provide in communications with our support team.

3.2 Customer End-User Data

When you use TradesAI Operator to receive calls and manage bookings, we automatically collect and log customer information on your behalf, including: caller name, phone number, email address, postcode, service type requested, appointment details, call duration and timing, voice call transcripts (via AI processing), customer quotes provided, compliance certifications uploaded, and any other information callers provide during interactions. This data is stored in your Google Calendar and Google Sheets accounts (which you own and control).

3.3 Automatically Collected Information

When you use the Service, we automatically collect: IP address, browser type and version, device type and identifiers, operating system, referring and exit pages, pages and features accessed, time spent on pages, clickstream data, error logs, geographic location (inferred from IP), call metadata (duration, timestamp, caller ID, callee ID), API usage patterns, and performance analytics. This information is collected via server logs, cookies, and similar technologies.

3.4 Third-Party Data

We may receive personal data about you from third parties, including: payment processors (for billing verification), Twilio (telephony metadata), Google (calendar and sheet integration data), Anthropic (anonymised AI usage patterns), and ElevenLabs (voice synthesis logs). We use this information only in accordance with this Privacy Policy and applicable agreements.

4. How We Use Your Information

We use personal data for the following purposes:

• Service Provision: To provide, maintain, and improve the TradesAI Operator Service, including AI call reception, scheduling, logging, and SMS notifications.
• Billing & Payment: To process subscription fees, handle refunds, and manage your account billing.
• Legal Compliance: To comply with legal obligations, respond to law enforcement requests, and enforce our Terms & Conditions.
• Customer Support: To respond to your support requests, troubleshoot issues, and provide technical assistance.
• Analytics & Improvement: To analyse Service usage patterns, improve features, optimise performance, and develop new functionality.
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Marketing & Communications: To send you service updates, promotional emails, newsletters, and product announcements (with your consent).
• Legitimate Business Interests: To conduct business analysis, improve our services, protect our rights, and manage our operations.

5. Legal Basis for Processing (GDPR)

Under UK GDPR, we process personal data based on the following legal grounds:

• Contract: Processing is necessary to provide the Service and fulfil our contractual obligations to you.
• Legal Obligation: Processing is necessary to comply with UK law, tax requirements, or regulatory obligations.
• Legitimate Interests: We have a legitimate business interest in using your data to improve our Service, conduct analytics, and protect against fraud.
• Consent: Where required by law, we rely on your explicit consent to send marketing communications or collect sensitive data.
• Vital Interests: In emergency situations, we may process data to protect your health and safety or that of others.

6. Data Sharing & Third Parties

We share personal data with the following third parties only when necessary to provide the Service:

• Google: Calendar and Sheets integration (your data is stored in your own Google accounts)
• Twilio: Telephony and SMS delivery (call metadata and SMS logs)
• Anthropic: AI processing via Claude Haiku (anonymised conversation logs for model improvement, with option to opt-out)
• ElevenLabs: Voice synthesis technology (voice parameters and processing logs)
• Payment Processors: Stripe, Wise, or other payment providers for billing
• Law Enforcement: If legally required to comply with valid court orders or government requests
• Business Partners: Service providers who assist us in operating the Service (under confidentiality agreements)

We do NOT sell, rent, or trade your personal data to third parties for marketing purposes. We do NOT disclose your data to unrelated businesses without your explicit consent.

7. Data Retention

Active Subscription: We retain your data for the duration of your active subscription to provide the Service.

After Cancellation: Upon subscription termination or cancellation, you have 30 days to export and download all your data from Google Sheets and Google Calendar. After 30 days, we do not maintain copies of your data. Please note that Google may retain deleted data according to its own retention policies.

Backup Data: We may retain anonymised or aggregated data for analytics, legal compliance, or fraud prevention purposes indefinitely.

Legal Holds: If required by law, court order, or government request, we may retain data longer than normal periods.

8. Data Security

We implement industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction. These include: encryption in transit via TLS 1.2 or higher, secure API authentication, restricted access controls, regular security audits, and incident response procedures.

However, no system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your login credentials and notifying us immediately of any unauthorised access.

9. Your Privacy Rights (GDPR & UK DPA)

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can correct inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data (subject to legal retention obligations).
• Right to Restrict Processing: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a portable, machine-readable format.
• Right to Object: You can object to marketing communications and certain forms of processing.
• Right to Lodge a Complaint: You can file a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at admin@tradesaioperator.uk with your request. We will respond within 30 days or as required by law.

10. Cookies & Tracking Technologies

We use cookies and similar technologies (beacons, pixels, scripts) to: authenticate users, remember preferences, analyse Service usage, prevent fraud, and improve performance. Cookies may be session-based (deleted when you close your browser) or persistent (stored on your device).

Most browsers allow you to control or delete cookies through your settings. However, disabling cookies may limit certain Service functionality. We do not use cookies for targeted advertising or cross-site tracking.

11. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a minor has provided personal data, we will delete it immediately. Parents or guardians who believe a child has provided data to us should contact us at admin@tradesaioperator.uk.

12. International Data Transfers

The TradesAI Operator Service is provided from the United Kingdom and EU. If you access the Service from outside the UK or EU, your data may be transferred to and processed in the UK, which may have different data protection laws than your home jurisdiction. By using the Service, you consent to such transfers.

For international transfers, we implement Standard Contractual Clauses (SCCs) and other safeguards as required by UK GDPR and applicable law.

13. AI & Automated Decision-Making

The TradesAI Operator Service uses artificial intelligence (Claude Haiku by Anthropic) to process voice calls and customer interactions. The AI makes automated decisions about call handling, emergency detection, and lead scoring based on customer data and call patterns.

Your Rights: Under UK GDPR Article 22, you have the right to request human review of automated decisions that produce legal or similarly significant effects. If you wish to opt-out of AI processing for non-essential features (e.g., lead scoring), contact admin@tradesaioperator.uk.

AI Data Usage: Anthropic may use anonymised, aggregated conversation logs to improve the Claude Haiku model. We do not allow Anthropic to use your personally identifiable customer data for model training without explicit opt-in consent.

14. Data Breach Notification

In the event of a confirmed data breach affecting your personal data, we will notify you by email within 72 hours (as required by UK GDPR Article 34). The notification will include: the nature of the breach, the categories of data affected, the likely consequences, and the measures we are taking to address the breach and prevent recurrence.

15. Data Processing Agreement (DPA)

For Customers who process personal data of EU residents or are subject to UK GDPR requirements, we provide a formal Data Processing Agreement (DPA) compliant with Article 28 of UK GDPR. The DPA is available upon request and must be executed before processing any customer data subject to GDPR.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days in advance. Your continued use of the Service following the effective date of changes constitutes acceptance of the updated Privacy Policy.

17. Contact Information & ICO

For privacy questions, concerns, or to exercise your rights, contact:

TradesAI Operator Ltd
Email: admin@tradesaioperator.uk
Web: https://tradesaioperator.com

UK Information Commissioner's Office (ICO)
If you are unsatisfied with our privacy practices, you can file a complaint with the ICO: https://www.ico.org.uk