Privacy Policy
Last updated: 2 June 2026
This Privacy Policy explains how Bellow collects, uses, shares and protects personal data when you visit our website, contact us, become a customer, or interact with an AI receptionist service we provide for one of our customers.
Bellow is a trading name of Bellow AI Ltd, a company registered in England and Wales (Company Number 17261931). In this policy, "Bellow", "we", "us" and "our" refer to Bellow AI Ltd trading as Bellow.
For privacy enquiries, contact us at george@bellow.uk.
1. Who this policy applies to
This policy applies to:
- visitors to our website;
- people who enquire about or buy our services;
- customer staff and business contacts whose details are added to our systems;
- callers, leads and customers who speak to an AI receptionist we provide;
- suppliers, partners and other business contacts.
Where we process website, sales, billing, support and business administration data for our own purposes, we act as a data controller.
Where we handle calls, messages, recordings, transcripts, summaries, calendar bookings or CRM updates on behalf of a business customer, that customer will usually be the data controller and Bellow will act as its data processor. In that situation, we process personal data under the customer's instructions and the customer is responsible for telling callers how their data is used. If you contacted one of our customers and want to exercise your privacy rights, you should contact that business first. You can also contact us at george@bellow.uk and we will help route your request where appropriate.
2. Personal data we collect
We may collect the following types of personal data.
Contact and account data:
- name;
- business name;
- job title;
- email address;
- phone number;
- postal or service address;
- login/account details;
- customer preferences and support messages.
Call and receptionist service data:
- caller phone number and recipient number;
- call date, time, duration, routing status and call outcome;
- audio recordings, where recording is enabled;
- call transcripts, summaries and notes;
- enquiry details such as service requested, job type, urgency, location, preferred appointment time and contact preferences;
- details needed to transfer urgent calls, book appointments or send follow-ups;
- SMS, email, WhatsApp or other message content where used as part of the service;
- photos or attachments if a caller or customer sends them for an enquiry.
Customer configuration and integration data:
- business opening hours, service areas, pricing guidance, FAQs and call scripts;
- escalation rules, emergency rules and handoff instructions;
- calendar availability and booking details;
- CRM, email, telephony, SMS, website form, advertising and analytics integration data;
- user roles, permissions and audit logs.
Website and marketing data:
- enquiry form submissions;
- IP address, browser type, device information and approximate location;
- pages viewed, clicks and referral source;
- cookie preferences and analytics identifiers;
- marketing preferences and unsubscribe records.
Billing and commercial data:
- plan, usage, invoices and payment status;
- billing address;
- limited payment details handled by our payment provider;
- contract, onboarding and support records.
We do not intentionally collect special category data such as health information, biometric data, religious beliefs or trade union membership. However, callers may choose to disclose sensitive information during a call. Customers should tell us in advance if their use case is likely to involve sensitive data, regulated advice, medical information, vulnerable individuals or emergency services so that appropriate controls can be agreed.
3. How we collect personal data
We collect personal data:
- directly from you when you contact us, complete a form, book a demo, sign up, use our services or email us;
- from calls and messages handled by our AI receptionist service;
- from our business customers when they configure their receptionist or connect tools such as calendars, CRMs or email accounts;
- automatically through our website, product systems, telephony systems and security logs;
- from service providers and publicly available business sources where relevant to sales, support or fraud prevention.
4. How we use personal data
We use personal data to:
- respond to enquiries and provide demos;
- set up, customise and deliver AI receptionist services;
- answer calls, qualify enquiries, take messages, book appointments, route urgent calls and send summaries;
- create transcripts, summaries and call records for customers;
- connect the service with calendars, CRMs, websites, email, SMS, telephony and other tools requested by customers;
- provide customer support and troubleshoot issues;
- monitor quality, reliability, abuse, fraud and security;
- maintain records, invoices and contracts;
- improve our products, scripts, prompts and user experience;
- send service updates and administrative messages;
- send marketing where the law allows, with an opt-out in marketing messages;
- comply with legal, regulatory, tax and accounting obligations;
- establish, exercise or defend legal claims.
We do not sell personal data.
We do not use customer call recordings, transcripts or call summaries to train general AI models unless this has been clearly agreed with the customer or the data has first been anonymised so that individuals cannot reasonably be identified.
5. Lawful bases
Under UK GDPR, we rely on one or more of the following lawful bases:
- Contract: to provide services, manage accounts, process payments and support customers.
- Legitimate interests: to operate and improve our business, respond to enquiries, secure our systems, prevent fraud, produce service analytics, maintain business records and market relevant services in a proportionate way.
- Consent: where required, such as optional cookies, certain marketing, or specific call recording/communication choices.
- Legal obligation: to comply with tax, accounting, regulatory, court or law enforcement obligations.
- Vital interests: in rare cases where information is needed to protect someone's life or safety, for example if a call reveals an immediate emergency.
Where we act as a processor for a customer, the customer decides the lawful basis for the processing they ask us to carry out.
6. AI, automation and call recording
Our service may use artificial intelligence to answer calls, understand caller requests, ask follow-up questions, summarise conversations and trigger workflows such as messages, calendar bookings or handoffs.
The service is designed to support customer service and lead capture. It does not make decisions that produce legal or similarly significant effects about individuals.
Where call recording is enabled, callers should be told that the call may be recorded and may be handled by an AI receptionist. Our customers are responsible for ensuring their own call greeting, website, terms and privacy information comply with the laws that apply to them. We can help include an appropriate call notice, for example: "This call may be recorded and handled by an AI receptionist so we can respond to your enquiry and improve our service."
7. Sharing personal data
We may share personal data with:
- the business customer on whose behalf the call or enquiry was handled;
- telephony, VoIP and call routing providers;
- AI, speech-to-text, transcription, summarisation and automation providers;
- cloud hosting, database, infrastructure and security providers;
- calendar, CRM, email, SMS, WhatsApp, website form and workflow integration providers;
- payment, invoicing and accounting providers;
- analytics and cookie providers, where enabled;
- professional advisers such as accountants, lawyers and insurers;
- regulators, courts, law enforcement or public authorities where required by law;
- a buyer, investor or successor if our business is sold, merged or reorganised.
We require service providers to protect personal data and to use it only for agreed purposes.
8. International transfers
Some of our service providers may process personal data outside the United Kingdom. Where this involves a restricted international transfer, we use appropriate safeguards such as UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.
9. How long we keep personal data
We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law.
Our default retention periods are:
- call recordings: up to 90 days, unless a customer agrees a shorter or longer retention period;
- call transcripts, summaries, messages and lead records: up to 12 months, unless a customer agrees a shorter or longer retention period;
- calendar booking and integration logs: up to 12 months;
- customer account, contract and support records: for the customer relationship and up to 6 years after it ends;
- billing, tax and accounting records: usually 6 years;
- sales enquiries and demo records: up to 24 months after the last meaningful contact;
- marketing preferences and suppression lists: until you opt out, plus a record of the opt-out so we do not contact you again;
- website analytics and security logs: usually up to 26 months, unless needed longer for security or legal reasons.
We may keep anonymised or aggregated data for longer where it no longer identifies individuals.
10. Security
We use appropriate technical and organisational measures to protect personal data, including access controls, authentication, encryption where appropriate, supplier due diligence, audit logs, backups and staff confidentiality controls.
No system is perfectly secure. If we identify a personal data breach that creates a risk to individuals, we will take appropriate steps under applicable data protection law.
11. Cookies and analytics
Our website may use cookies and similar technologies to make the site work, remember preferences, understand usage and improve marketing. Where required, we ask for consent before setting non-essential cookies. You can control cookies through your browser settings and any cookie controls provided on our website.
12. Marketing
We may send marketing emails or texts where you have consented or where the law allows us to rely on the UK "soft opt-in" for similar products or services. We include an unsubscribe or opt-out method in marketing messages.
We may contact corporate business contacts using business contact details where lawful, but we will respect objections and maintain suppression records.
13. Your rights
Depending on the circumstances, you may have the right to:
- access your personal data;
- correct inaccurate personal data;
- request deletion of personal data;
- restrict processing;
- object to processing based on legitimate interests;
- object to direct marketing;
- request data portability;
- withdraw consent where processing is based on consent;
- complain to the Information Commissioner's Office.
To make a request, contact george@bellow.uk. We may need to verify your identity before responding.
If your data was processed through a Bellow service provided to one of our customers, we may need to refer your request to that customer because they are usually the controller of that data.
You can contact the UK Information Commissioner's Office at https://ico.org.uk or by calling 0303 123 1113.
14. Children's data
Our services are not aimed at children. We do not knowingly collect personal data from children for our own sales or account purposes. If a child contacts a business using our receptionist service, we process that data only as needed to handle the enquiry on behalf of the customer.
15. Changes to this policy
We may update this policy from time to time. The latest version will be posted on our website with the "Last updated" date above. If we make material changes, we will take reasonable steps to notify affected customers or users.
16. Contact
For questions, privacy requests or concerns, contact:
Bellow AI Ltd (trading as Bellow)
Registered in England and Wales · Company Number 17261931
Email: george@bellow.uk