SystemicLogic Get Started

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Systemic Logic ("we", "us", "our") collects, uses, and protects your personal data when you use our website and services. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Systemic Logic is a trading name of [Your Company Name Ltd], a company registered in Scotland (Company No. SC######). Our registered office is: [Your Registered Address]. We are the controller of your personal data for the purposes of UK GDPR.

2. Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: name, business name, job title.
  • Contact Data: business address, email address, telephone numbers (shop phone, owner mobile, manager phone).
  • Financial Data: bank account details for GoCardless mandates, payment card information (processed securely by GoCardless and Stripe—we do not store full payment details).
  • Technical Data: IP address, browser type, login data, and cookies (see our Cookie Policy).
  • Usage Data: information about how you use our website and services.
  • Call Data: recordings of calls handled by our AI, caller phone numbers, order details, call duration, and metadata.

3. How We Collect Your Data

We collect data through:

  • Direct interactions: when you fill out our onboarding form, contact us, or use our services.
  • Automated technologies: cookies and similar tracking technologies.
  • Third parties: GoCardless (payment mandate data), Stripe (payment processing status), Vonage (call logs and metadata).

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

  • Performance of a contract: To provide our AI phone assistant service, process payments via GoCardless, and facilitate customer payments via Stripe.
  • Legitimate interests: To improve our services, monitor call quality, and ensure network security. We balance these interests against your rights.
  • Legal obligation: To comply with tax, accounting, and regulatory requirements.
  • Consent: For marketing communications and optional cookies. You can withdraw consent at any time.

5. Voice Data (Biometric)

Voice recordings may be considered biometric data under UK GDPR when used for identification purposes. Our AI processes voice data solely to:

  • Take and fulfill orders.
  • Recognise regular customers by name and order history.
  • Improve voice recognition accuracy for local accents.

We obtain explicit consent from end customers via pre-call announcements: "This call may be recorded for order processing and quality purposes."

6. Data Sharing and Third Parties

We share your data only with trusted third parties necessary for service delivery:

  • GoCardless: To collect your monthly fees and call charges. They act as a separate controller.
  • Stripe: To process customer payments. They are an independent controller for payment data.
  • Vonage: To handle call routing, NCCO generation, and event webhooks. Call recordings and metadata are processed by Vonage.
  • Our infrastructure providers: Dedicated VPS hosts for your AI agent.

All third parties are vetted for UK GDPR compliance, and we have Data Processing Agreements in place where they act as processors.

7. International Transfers

Your data is primarily processed within the UK and EEA. Some third parties (e.g., Vonage) may process data in the US under Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

8. Data Retention

We retain your data only as long as necessary:

  • Call recordings and logs: 30 days for quality monitoring and dispute resolution, then securely deleted unless required for legal purposes.
  • Account data: Duration of your contract plus 6 years to comply with HMRC requirements.
  • Website usage data: 26 months via analytics tools.

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right to access: Request a copy of your personal data.
  • Right to rectification: Correct inaccurate data.
  • Right to erasure: Request deletion of your data (subject to legal retention obligations).
  • Right to restrict processing: Limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or direct marketing.

To exercise your rights, contact us at [email protected]. We will respond within one month.

10. Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

  • End-to-end encryption for call data during transmission and at rest.
  • Secure APIs with authentication for all integrations.
  • Regular security audits and access controls.
  • Data minimisation and anonymisation where possible.

11. Cookies

Our website uses essential cookies for functionality and optional analytics cookies. You can manage preferences via our cookie banner. For full details, see our Cookie Policy.

12. Complaints

If you believe we have breached UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be notified via email or a prominent website notice.

14. Contact Us

For privacy-related inquiries: [email protected] or write to: Data Protection Officer, [Your Registered Address].