Privacy Policy

Effective Date: 07/10/2025

This Privacy Policy describes how Devs27 (“Devs27,” “we,” “us,” or “our”) collects, uses, and protects personal information in connection with our AI Voice Agent, call-handling, automation, and related managed services (“Services”). Devs27 complies with the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable United States privacy and telecommunications laws.

1. Information We Collect

We collect only the information required to deliver and maintain our Services, including:

• Contact Information: names, company names, telephone numbers, and email addresses.
• Service Data: booking details, job descriptions, communication preferences, and configuration inputs used to train or customise AI Voice Agents.
• Call Data: AI-generated call transcripts, summaries, and—if recording is enabled—audio recordings retained for quality assurance and compliance.
• Technical Data: IP address, browser type, device identifiers, and basic analytics data for performance and security monitoring.
• Payment Data: payment details processed securely by Stripe; Devs27 does not store full card information.

2. How We Use Information

We use collected information to:

• Provide, manage, and improve AI Voice Agent and call-handling functionality.
• Send confirmations, notifications, invoices, and service-related updates.
• Customise and optimise AI behaviour for client operations.
• Monitor quality, reliability, and system performance.
• Fulfil legal, accounting, and regulatory obligations.

We never sell personal data or use it for third-party advertising purposes.

3. Lawful Basis for Processing (UK & EEA)

• Contractual Necessity: processing required to deliver subscribed Services.
• Legitimate Interests: maintaining, improving, and securing our operations.
• Consent: for optional recordings, marketing communications, or testimonials.
• Legal Obligation: fulfilling financial and compliance requirements.

4. Sharing of Information

We engage trusted third-party processors solely for core operational tasks such as telephony connectivity, AI processing, secure hosting, analytics, and payment handling. All such providers are bound by written data-processing agreements requiring compliance with UK GDPR and equivalent standards. No third party may use your data for its own purposes.

5. Data Retention

• Client and Account Data: kept for the duration of an active subscription and up to twelve (12) months after termination.
• AI Transcripts: retained while the associated AI Voice Agent remains active and deleted within thirty (30) days of service termination.
• Optional Audio Recordings: deleted automatically after a short retention period for quality assurance.
• Financial Records: retained for seven (7) years to meet HMRC obligations.

6. Cookies & Analytics

Our website uses essential and analytics cookies to ensure core functionality and to measure performance. Analytics are limited to aggregate traffic and usage data; we do not employ advertising pixels or cross-site tracking. You may disable cookies in your browser, though certain features may not function correctly.

7. Security Measures

Devs27 employs industry-standard technical and organisational safeguards, including SSL-encrypted communications, restricted-access systems, and continuous monitoring to prevent unauthorised access, alteration, or disclosure. Payment transactions are processed securely via Stripe in accordance with PCI-DSS requirements.

8. Marketing & Testimonials

Devs27 may request permission to use anonymised excerpts or client testimonials for marketing or demonstration purposes. No identifiable client or caller data will be used without prior written consent.

9. Children’s Data

Our Services are directed exclusively toward businesses and adults aged 18 and over. Devs27 does not knowingly collect or process personal information from minors.

10. Your Rights (UK & EEA)

You have the right to:

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion where legally permissible.
• Object to or restrict specific processing activities.
• Request data portability in a structured format.

To exercise these rights, contact privacy@devs27.com. We will respond within one (1) month of verification of your request.

11. Your Rights (United States)

For U.S. clients, Devs27 complies with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA). U.S. users have the right to:

• Request disclosure of the categories of personal information collected.
• Request deletion of personal information, subject to legal or contractual requirements.
• Opt out of any sale or sharing of personal information (Devs27 does not sell data).
• Receive non-discriminatory treatment for exercising privacy rights.

Requests may be submitted to privacy@devs27.com. Devs27 will verify the requester’s identity before fulfilling any request.

Clients operating within the United States are independently responsible for ensuring compliance with all applicable call-recording, telemarketing, and privacy laws when using Devs27 Services.

12. International Transfers

Where personal data is processed or stored outside the United Kingdom, Devs27 ensures equivalent protection through UK-approved Standard Contractual Clauses or other lawful transfer mechanisms.

13. Changes to This Policy

Devs27 may revise this Privacy Policy to reflect legal or operational updates. The most current version will always appear on this page. Continued use of the Services after publication of changes constitutes acceptance of the updated policy.

14. Contact Information

For questions, privacy requests, or complaints, please contact:
Email: privacy@devs27.com
Support: support@devs27.com
Phone: 0808 502 2750
Address: 86–90 Paul Street, London, EC2A 4NE

If you believe your data rights have been violated, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.