Privacy Policy

1. Introduction

TradeAlly ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI receptionist and lead management service.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Business name, owner name, email address, phone number, trade type, postcode
• Payment Information: Billing address, payment card details (processed securely via Stripe)
• Business Profile: Service areas, business hours, pricing information, service types
• Communications: Support tickets, feedback, survey responses

2.2 Information Collected Automatically

• Call Data: Phone numbers of callers, call recordings, transcripts, call duration, timestamps, AI conversation logs
• Message Data: SMS messages between you and your customers (WhatsApp planned for future)
• Sandbox/Trial Data: Test calls and messages during free trial period
• Usage Data: Features used, login times, dashboard interactions, API calls
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Session cookies for authentication, preference cookies for settings

2.3 Customer Information

When your customers interact with our AI receptionist, we collect:

• Name and phone number
• Service requirements and location
• Urgency and availability preferences
• Voice recordings and transcripts of calls

3. How We Use Your Information

3.1 To Provide Our Services

• Operating the AI receptionist to answer your business calls
• Managing and routing leads to your dashboard
• Sending SMS/WhatsApp messages on your behalf
• Creating appointments and managing your calendar
• AI-powered appointment scheduling during calls
• Generating and sending quotes to customers
• Creating invoices from accepted quotes
• Managing sandbox/trial accounts with shared test numbers

3.2 To Improve Our Services

• Analyzing usage patterns to enhance features
• Training our AI to better understand trade-specific terminology
• Debugging and troubleshooting issues
• Developing new features based on user needs

3.3 For Communications

• Sending service updates and important notices
• Responding to support requests
• Marketing communications (only with your consent)
• Billing and payment notifications

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to deliver our services under our Terms of Service
• Legitimate Interests: Improving our services, preventing fraud, ensuring security
• Consent: For marketing communications and optional features
• Legal Obligations: Compliance with tax, accounting, and other legal requirements

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party service providers:

• Telnyx/Twilio: Phone and messaging services (Telnyx primary, Twilio fallback)
• ElevenLabs: Conversational AI voice agents (Pro tier)
• OpenAI: Natural language processing and AI features
• Stripe: Payment processing
• Amazon Web Services: Cloud hosting and storage
• Cloudinary: Image and document storage

5.2 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

5.3 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred to the successor entity.

5.4 With Your Consent

We will share your information with other parties only with your explicit consent.

6. Data Retention

• Account Data: Retained for the duration of your subscription plus 90 days
• Call Recordings: Retained for 90 days (configurable in settings)
• Sandbox Data: Deleted 30 days after trial expiry
• Lead Data: Retained for 2 years after last interaction
• Financial Records: Retained for 7 years as required by UK law
• Marketing Data: Until you withdraw consent

7. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limited processing of your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, email us at privacy@tradeally.co.uk

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication
• Regular backups and disaster recovery procedures
• Staff training on data protection
• Incident response procedures

9. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions where applicable
• Your explicit consent for specific transfers

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through our dashboard. Your continued use of our services after changes indicates acceptance of the updated policy.

12. Contact Information