AnswerSmith

Privacy Policy

Last updated: 19 June 2026

This policy explains how AnswerSmith (“we”) collects, uses and shares personal data when you use our AI phone receptionist service. We act as a data controller for account data (information about you, the business owner) and as a data processor for caller data (information about people who phone your AnswerSmith number) on behalf of you, our customer.

1. Who we are

AnswerSmith is operated from the United Kingdom (registration in progress). You can contact us at hello@answersmith.co.uk.

2. What data we collect

From you (account owner)

  • Business name, your name, business city, mobile number, email, password (hashed) or Google account ID.
  • Working hours, services, service area, emergency rules — provided so the AI can answer accurately.
  • Billing data: card details are collected directly by our payment processor (we never see or store the card number), customer ID, subscription status.
  • Usage data: pages you visit on the dashboard, sign-in events.

From callers

  • Phone number (caller ID).
  • Name, postcode, description of the problem, urgency — only when the caller gives these to the AI.
  • Audio recording of the call and a written transcript.
  • Automated structured summary (caller name, postcode, problem, urgency, outcome) extracted from the call.

3. Why we use it (legal basis)

  • To provide the Service — performance of the contract with you (account owner) and legitimate interest in operating a useful service (callers).
  • To text customers and send daily summaries — performance of the contract.
  • To take payment — performance of the contract and our legal obligation to keep accounting records.
  • To improve the Service and prevent abuse — legitimate interest.
  • To send service announcements — performance of the contract. Marketing emails (if any) require your consent and can be opted out of at any time.

4. Recording and AI processing

Every call to your AnswerSmith number is announced as recorded and AI-assisted in the first sentence the AI speaks. Recordings and transcripts are stored so you can review what was said and so the AI can recognise returning callers. We keep them for as long as your account is active and for up to 30 days after cancellation, unless you delete them sooner from the dashboard or law requires longer retention.

5. Sub-processors

We use the following sub-processors to deliver the Service. Each is bound by their own data-processing terms.

  • Vercel — application hosting (US/EU).
  • Turso — database hosting (EU).
  • Twilio — phone numbers and SMS (UK/EU).
  • Vapi — voice-AI orchestration (US).
  • Anthropic — large language model that powers the AI's replies (US/EU).
  • Deepgram — speech-to-text transcription (US).
  • Cal.com — calendar bookings (EU).
  • Stripe or Paddle — payment processing.
  • Google — optional “Sign in with Google” identity.

When we add or change a sub-processor we will update this list. Continued use of the Service after that is acceptance.

6. International transfers

Some sub-processors are based in the United States. Where personal data leaves the UK or EEA, it is protected by Standard Contractual Clauses or the EU-US/UK-US Data Privacy Framework where applicable.

7. Retention

  • Account data: kept while your account is active, deleted within 30 days of closure unless required by law.
  • Call recordings and transcripts: kept while your account is active, deleted within 30 days of closure (or sooner on request).
  • Billing and tax records: 7 years (HMRC requirement).

8. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you,
  • have inaccurate data corrected,
  • request deletion of your data,
  • restrict or object to certain processing,
  • request a copy of your data in a portable format,
  • withdraw any consent you have given,
  • complain to the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@answersmith.co.uk. We respond within 30 days.

9. Security

Passwords are stored hashed. Sessions are protected by HTTP-only, secure cookies. Communication with our servers uses TLS. We restrict admin access to the people who operate the Service. No system is perfectly secure — if you believe your account has been compromised, email us straight away.

10. Cookies

We use only essential cookies needed to keep you signed in and to protect sign-in against forgery. More detail on the Cookie Policy page.

11. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top changes when we do. Material changes are notified in-app or by email.