Privacy Policy

ByteDusk (“we”, “our”, or “us”) is a trading name of Marea Solutions LTD, a company registered in England and Wales. We are the data controller responsible for your personal data under the UK GDPR and the Data Protection Act 2018.

This policy informs you how we protect your privacy and look after your personal data when you visit our website and use our services. It outlines your privacy rights and how the law protects you.

We collect and process personal data depending on your interaction with our website and services. This includes:

• Identity and Contact Data: Names, email addresses, and phone numbers provided via contact or demo forms.
• Audio and Transcript Data: Voice recordings and written transcripts generated during interactions with our AI Voice Agents.
• Technical Data: IP address, browser type, time zone settings, and operating system.
• Usage Data: Information about how you use our website and service performance.
• Knowledge Base Data: Documents or data uploaded by clients to train their specific AI agents.
• Google User Data: Where you connect a Google account, we may access Google Calendar data solely to provide the calendar-related features you have requested within the application. See Section 5 for full details.

We collect data through:

• Direct Interactions: Forms filled on our site or correspondence by email/phone.
• Service Interaction: When callers interact with an AI Voice Agent deployed through our service.
• Automated Technologies: Cookies and tracking pixels (where consented to) and server logs.
• Google OAuth: When you grant permission for our application to connect to your Google account.

We process data under the following legal bases:

• Performance of a Contract: To provide AI voice services, handle calls, and manage bookings.
• Legitimate Interests: To ensure system security and for internal analytics.
• Legal Obligation: To comply with UK tax, accounting, and regulatory requirements.

Note: Where we process caller data on behalf of our business clients, ByteDusk acts as a Data Processor. Our clients remain the Data Controllers and are responsible for ensuring they have a legal basis to record and process their customers' calls.

When you authorise our application to access your Google account (for example, Google Calendar), we access only the specific data required to deliver the features you have requested. Specifically: Google Calendar data is accessed solely to read, create, or manage calendar events as directed by you within the application.

Google user data is never used for:

• Advertising, profiling, or marketing of any kind
• Training AI or machine learning models
• Selling, renting, or providing to data brokers or information resellers
• Determining creditworthiness or for lending purposes
• Any purpose other than delivering the specific feature you requested

Any use of Google user data is limited to providing or improving user-facing features of the application in a manner that is clearly visible to and expected by users. Google user data is not transferred to third parties except as strictly necessary to deliver the features you requested, and in each case under appropriate contractual protections.

We do not sell your data. To provide our service, we may share data with:

• AI and Infrastructure Providers: Specialist providers of Large Language Models (LLMs), Speech-to-Text, and Text-to-Speech technologies. These providers are engaged solely to deliver the features you use and are contractually prohibited from using your data for any other purpose.
• Service Providers: IT, hosting, and CRM providers who process data on our behalf under appropriate data processing agreements.
• Professional Advisers: Lawyers, auditors, and insurers based in the UK, under obligations of confidentiality.
• Legal or Regulatory Authorities: Where required by law, court order, or government regulation.

We do not share Google user data with any third party except where strictly necessary to provide the Google-connected features you have requested.

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include:

• Encryption in Transit: All data transmitted between your device and our services is encrypted using TLS (HTTPS).
• Encryption at Rest: Personal data stored on our servers and those of our hosting providers is encrypted at rest.
• Access Controls: Access to personal data is restricted to authorised personnel who require it to perform their role, governed by the principle of least privilege.
• Third-Party Security: We use infrastructure providers that maintain industry-standard security certifications including SOC 2 and ISO 27001.
• Ongoing Review: We regularly review our data handling practices and security posture to ensure continued compliance with applicable data protection laws.

Despite these measures, no method of transmission over the internet is completely secure. We cannot guarantee absolute security, but we will notify you and any applicable regulator of a breach where we are legally required to do so.

Our website does not currently store non-essential cookies on your device. We may introduce analytical or functional cookies in the future. If we do, we will provide a clear opt-in mechanism (cookie banner) in compliance with the UK PECR.

Some of our external third parties (such as our website hosting provider) may be based outside the UK. Whenever we transfer your personal data out of the UK, we ensure appropriate safeguards are implemented in accordance with UK data protection laws, such as the use of UK International Data Transfer Agreements (IDTAs) or adequacy decisions.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including any legal, regulatory, tax, or accounting requirements.

• Demo requests: Retained only for the duration needed to schedule and complete the demo, then securely deleted unless you become a customer.
• Google user data: Retained only as long as necessary to deliver the requested feature. You may revoke our access at any time via your Google Account permissions, after which we will promptly delete any associated data.

When the applicable retention period expires, we will securely delete or anonymise your personal data.

Under UK law, you have the right to:

• Request access, correction, or erasure of your personal data.
• Object to or restrict the processing of your data.
• Request the transfer of your data (Data Portability).
• Withdraw consent at any time.

You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk. We would appreciate the chance to deal with your concerns before you approach the ICO.

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. Where we make material changes — including any changes to how we handle Google user data — we will update the “Last updated” date at the top of this page and, where appropriate, notify you directly. We encourage you to review this policy periodically.

If you have any questions about this privacy policy, please contact us:

• Trading Name: ByteDusk
• Legal Company Name: Marea Solutions Ltd
• Registered Address: 128 City Road, London, EC1V 2NX
• Email: contact@bytedusk.dev