Privacy Policy

Last updated: 1 July 2026

This Privacy Policy explains how SimplySpeak (“SimplySpeak”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you visit our website or use our AI phone answering service (the “Service”). We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national data protection laws.

1. Who we are

SimplySpeak provides a multilingual AI voice assistant that answers inbound phone calls on behalf of businesses, provides information to callers, and can capture bookings and enquiries.

2. Controller and processor roles

Understanding who controls the data matters under the GDPR:

If you are a caller who contacted a business that uses SimplySpeak, the business you called is responsible for how your data is used. Please refer to that business’s own privacy notice, and contact them to exercise your rights.

3. Personal data we process

Business customer account data (SimplySpeak as controller):

Call data processed for customers (SimplySpeak as processor):

We do not intentionally collect special categories of personal data. Please do not configure the Service to solicit health, financial, or other sensitive information beyond what your lawful purpose requires.

We process personal data on the following legal bases under Article 6 GDPR:

PurposeLegal basis
Providing and operating the ServicePerformance of a contract (Art. 6(1)(b))
Answering calls and capturing bookings on a customer’s behalfProcessing on the controller’s instructions (customer’s own legal basis)
Billing, accounting, and fraud preventionLegal obligation / legitimate interests (Art. 6(1)(c),(f))
Improving reliability and security of the ServiceLegitimate interests (Art. 6(1)(f))
Marketing communications to business prospectsConsent or legitimate interests (Art. 6(1)(a),(f))

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Call recording and caller notice

Our business customers are responsible for informing callers that calls are answered by an AI assistant and may be recorded and transcribed, and for obtaining any consent required by local law before using the Service. SimplySpeak provides configurable call-opening messages to support this, but the customer remains responsible for lawful call handling in their jurisdiction.

6. Data residency and sub-processors

The Service is designed to be hosted within the European Union. Personal data is stored on infrastructure located in the EU. We use a limited number of vetted sub-processors (for example, cloud hosting, telephony, speech-to-text, and AI model providers) that are bound by written contracts with GDPR-compliant safeguards. A current list of sub-processors is available on request at hello@simplyspeak.ai.

7. International transfers

Where any processing or sub-processor involves a transfer of personal data outside the European Economic Area, we rely on an appropriate transfer mechanism such as an adequacy decision or the European Commission’s Standard Contractual Clauses, together with supplementary measures where required.

8. Data retention

We retain personal data only for as long as necessary for the purposes described above:

Business customers own their call data and may export or request deletion of it at any time.

9. Website, cookies, and analytics

Our website uses privacy-conscious analytics to understand aggregate usage. We use only the cookies and similar technologies necessary to operate the site and, where required, request consent for non-essential cookies. You can control cookies through your browser settings.

10. Your rights

Subject to the GDPR, you have the right to access, rectify, erase, restrict, and port your personal data, to object to certain processing, and to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority.

11. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and monitoring. No system is perfectly secure, but we work continuously to safeguard the data entrusted to us.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.

13. Contact

For any privacy question or to exercise your rights, contact us at hello@simplyspeak.ai, our data protection contact at dpo@simplyspeak.ai, or write to SimplySpeak AI, R. Dr. João Baptista Jacquet 85, 2775-315 Parede, Portugal.