Privacy Policy

How we collect, use, and protect your personal data. Your privacy matters to us.

Last updated: February 2026

ElmiViseAI ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website, products, and services, including our AI chatbot platform, booking systems, analytics dashboards, voice agent services, and web development services.

ElmiViseAI is a company registered in the United Kingdom. For the purposes of data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller.

By using our website or services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

1. Information We Collect

We collect several types of information depending on how you interact with our website and services:

Personal Information

When you contact us, sign up for our services, or request a quote, we may collect:

  • Full name
  • Email address
  • Phone number
  • Business name and address
  • Job title or role
  • Payment and billing information (processed securely via Stripe)

Booking Data

When you or your customers use our integrated booking system, we collect:

  • Appointment details (date, time, service type)
  • Customer contact information submitted via the booking form
  • Booking history, cancellations, and rescheduling records
  • Payment transaction data associated with bookings

Conversation Data

When users interact with our AI chatbot platform, we collect:

  • Chat messages and conversation transcripts
  • Metadata such as timestamps, session duration, and conversation outcomes
  • Escalation records when conversations are transferred to a human agent
  • Feedback or ratings provided about the chatbot experience

Usage Data

We automatically collect certain technical information when you visit our website or use our services, including:

  • IP address and approximate geographic location
  • Browser type and version
  • Operating system and device type
  • Pages visited, time spent on each page, and navigation paths
  • Referring website or source
  • Analytics dashboard usage patterns (for our clients)

2. How We Use Your Data

We use the information we collect for the following purposes:

  • To provide and maintain our services — including operating our AI chatbot platform, processing bookings, delivering analytics insights, and building websites for our clients.
  • To process payments — securely handling transactions through our payment processor, Stripe, for subscriptions, one-off projects, and booking-related payments.
  • To communicate with you — responding to enquiries, sending service updates, onboarding information, and support communications.
  • To improve our products — analysing conversation data, usage patterns, and feedback to enhance chatbot accuracy, booking system reliability, and overall user experience.
  • To provide analytics — generating reports, dashboards, and insights for our clients about chatbot performance, booking trends, and customer engagement.
  • To ensure security — detecting and preventing fraud, abuse, or unauthorised access to our platform.
  • To comply with legal obligations — meeting regulatory requirements, responding to lawful requests, and enforcing our terms of service.

We process your personal data on the following legal bases under UK GDPR: performance of a contract, legitimate interests, consent (where applicable), and compliance with legal obligations.

3. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your data only in the following circumstances:

Payment Processing

We use Stripe to process all payments securely. When you make a payment, your card details and billing information are handled directly by Stripe in accordance with their Privacy Policy. We do not store your full card details on our servers.

Hosting and Infrastructure Providers

Our services are hosted on third-party cloud infrastructure providers. These providers may process data on our behalf and are contractually obligated to protect your data and use it only as instructed by us.

AI and Language Model Providers

Our chatbot platform uses third-party large language model (LLM) providers to power AI conversations. Conversation data may be sent to these providers for the purpose of generating responses. We select providers that offer enterprise-grade data handling practices and do not use your data to train their models.

Legal Requirements

We may disclose your data if required to do so by law, in response to a valid request from a law enforcement authority, or to protect the rights, property, or safety of ElmiViseAI, our clients, or others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.

4. Cookies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage. Cookies are small text files stored on your device when you visit our website.

Types of Cookies We Use

  • Essential cookies — required for the website to function properly, including session management and security features. These cannot be disabled.
  • Analytics cookies — help us understand how visitors interact with our website by collecting information about pages visited, time spent, and navigation paths. This data is aggregated and anonymised.
  • Functional cookies — remember your preferences and settings (such as language or region) to provide a more personalised experience.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse or delete cookies. The methods for doing so vary by browser — consult your browser's help documentation for further information.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention practices are as follows:

  • Account and service data — retained for the duration of your active subscription or business relationship with us, and for up to 12 months after termination to allow for reactivation or to resolve any outstanding matters.
  • Conversation and booking data — retained for up to 24 months from the date of the interaction, unless a longer retention period is required for analytics or contractual purposes.
  • Payment records — retained for up to 7 years in accordance with UK tax and accounting regulations.
  • Usage and analytics data — retained in anonymised or aggregated form and may be kept indefinitely for product improvement purposes.
  • Contact enquiries — retained for up to 12 months from the date of the enquiry.

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.

6. Your Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct any inaccurate or incomplete personal data.
  • Right to erasure — you can request that we delete your personal data, subject to certain legal exceptions.
  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — you can request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object — you can object to our processing of your data where we rely on legitimate interests as our legal basis.
  • Right to withdraw consent — where we rely on your consent to process data, you can withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Rights related to automated decision-making — you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at elmiviseai@gmail.com. We will respond to your request within 30 days, as required by law.

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk.

7. Data Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • JWT-based authentication and role-based access controls
  • Regular security audits and vulnerability assessments
  • Rate limiting and DDoS protection
  • Secure cloud infrastructure with automatic backups
  • Access restricted to authorised personnel on a need-to-know basis

While we strive to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest practical standards.

8. International Data Transfers

Our primary operations are based in the United Kingdom. However, some of our third-party service providers (including hosting and AI model providers) may process data outside of the UK. Where data is transferred internationally, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries recognised by the UK government as providing an adequate level of data protection
  • Standard contractual clauses approved by the relevant authorities
  • Other lawful transfer mechanisms under the UK GDPR

9. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected data from a child under 16, please contact us at elmiviseai@gmail.com and we will take steps to delete the information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

ElmiViseAI
United Kingdom

Email: elmiviseai@gmail.com

We aim to respond to all privacy-related enquiries within 30 days.