Privacy Policy

Last updated: 18 May 2026.

1. Introduction

VeryBooked Ltd, trading as "VeryBookedAI" ("we," "us," or "our"), provides an AI automation platform that helps service businesses capture leads, handle inbound calls, run reactivation campaigns, and engage customers through chat. This Privacy Policy explains how we collect, use, share, and protect information we obtain when you visit our website or use our platform and related services (collectively, the "Services").

VeryBooked Ltd is a company registered in England and Wales under company number 15393026, with its registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. We are the data controller for personal data we process about visitors to our website and administrators of customer accounts, and a data processor acting on our customers' instructions for the end-customer data they put into the Services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and, where it applies to our processing of the data of individuals in the EU/EEA, the EU General Data Protection Regulation.

By accessing or using the Services you confirm that you have read this policy and agree to its terms. If you are using the Services on behalf of an organisation, you represent that you have authority to bind that organisation to this policy.

2. Information We Collect

We collect information in the following categories:

  • Account and contact information. Name, business name, email address, phone number, and payment details you provide when registering or purchasing a subscription.
  • Usage data. Pages visited, features used, session duration, referring URLs, browser type, and device identifiers collected automatically when you interact with our web properties.
  • Call recordings and transcripts. When you enable our voice AI features, calls between your customers and our AI agents may be recorded and transcribed. You are responsible for obtaining the required consent from your customers before enabling call recording.
  • Chat transcripts. Conversation logs between your customers and our chat AI are retained to allow the agent to maintain context and to improve agent performance within your account.
  • Knowledge base content. Documents, FAQs, and business information you upload to train your AI agents.
  • Customer contact data. Contact records (name, email, phone) you import or that are generated through lead-capture flows.

3. How We Use Information

We use the information we collect to:

  • Provision, operate, and improve the Services and your AI agents.
  • Process billing and send subscription-related communications.
  • Respond to support requests and troubleshoot issues.
  • Send service announcements, security alerts, and administrative messages.
  • Detect, investigate, and prevent fraudulent or harmful activity.
  • Comply with legal obligations, including responding to lawful requests from public authorities.
  • Analyse aggregate, de-identified usage patterns to guide product development. We do not link de-identified data back to individuals.

4. AI Training and Processing

Your customer data, call recordings, chat transcripts, and knowledge base content are used exclusively to train and operate AI agents within your own account. We do not use your data to train shared or cross-tenant base models, and we do not share your proprietary content with other VeryBookedAI customers.

Inference requests are routed through the Vercel AI Gateway to large language model providers (currently OpenAI and Anthropic). These providers process your prompts under their own data processing agreements with us and do not use your data to train their general-purpose models under the terms of those agreements.

5. Data Sharing and Sub-processors

We do not sell your personal information or your customers' personal information. We share data only with the sub-processors necessary to deliver the Services:

  • Retell AI and Vapi: voice AI infrastructure providers that handle real-time call routing and voice synthesis.
  • OpenAI and Anthropic (accessed via Vercel AI Gateway): large language model inference.
  • Stripe: payment processing and subscription management.
  • Cloudflare R2: object storage for call recordings and uploaded knowledge base files.
  • PostHog: product analytics (session events and funnel metrics; no call or chat content).
  • Cloudflare: CDN, DDoS protection, and DNS.

We may also disclose information if required by law, court order, or regulatory authority, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of VeryBookedAI, our users, or the public.

In the event of a merger, acquisition, or sale of substantially all our assets, your information may be transferred to the successor entity subject to equivalent privacy protections.

6. Data Retention

  • Call recordings are retained for 90 days from the date of the call and then permanently deleted from our systems unless you request earlier deletion.
  • Chat transcripts are retained indefinitely to preserve conversation context unless you submit a deletion request, after which they are purged within 30 days.
  • Billing records (invoices, payment history) are retained for seven (7) years in compliance with applicable tax and accounting regulations.
  • Account data is retained for the duration of your subscription and for up to 60 days after account closure, after which it is deleted except where retention is required by law.

7. Your Rights

Under the UK GDPR and the Data Protection Act 2018 (and, for individuals in the EU/EEA, the EU GDPR) you have the following rights with respect to your personal data. Residents of certain other jurisdictions — for example California, under the CCPA/CPRA — may have comparable rights; we honour those requests on the same basis.

  • Access. Request a copy of the personal information we hold about you.
  • Rectification. Ask us to correct inaccurate or incomplete information.
  • Erasure. Request deletion of your personal information, subject to our legal retention obligations.
  • Portability. Receive your personal information in a structured, machine-readable format.
  • Restriction. Ask us to limit the processing of your personal information in certain circumstances.
  • Objection. Object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please email [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your request, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO). If you are in the EU/EEA, you may instead complain to your local supervisory authority.

8. Where Your Data Is Hosted, and International Transfers

Our platform runs in the European Union. Our application servers, our production database, and the job workers that process your calls, chats, and knowledge base content are hosted on Hetzner Cloud, Nuremberg, Germany (EU). Data you and your customers put into the Services is stored and processed there by default. It is not hosted in the United States.

Some of the sub-processors listed in section 5 are established outside the UK and the EEA and will process limited data in those countries in the course of providing their service — for example real-time voice infrastructure and large language model inference. Where personal data is transferred outside the UK, we rely on the International Data Transfer Agreement (IDTA) or the UK Addendum to the European Commission's Standard Contractual Clauses, together with a transfer risk assessment, as the legal mechanism for that transfer. For transfers out of the EEA we rely on the Standard Contractual Clauses.

We do not transfer your data outside the UK/EEA for any purpose other than delivering the Services to you.

9. Security

We implement administrative, technical, and organisational safeguards designed to protect the information we process:

  • Encryption in transit using TLS 1.2 or higher for all data exchanged with our APIs.
  • Encryption at rest for stored call recordings and uploaded files, using AES-256.
  • Role-based access controls limiting internal access to personal data to personnel who require it to perform their job functions.
  • Defined retention windows with automatic deletion — see section 6 — so data is not kept longer than we need it.
  • Audit logging for administrative actions on production databases.
  • Regular dependency and vulnerability scanning of the platform.

We want to be precise about what we do not claim: VeryBookedAI does not currently hold a SOC 2, ISO 27001, or equivalent third-party security certification. The measures above describe our actual practices. If you need a formal assurance report as a condition of purchase, please tell us before you buy.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Children's Privacy

The Services are intended for businesses and professionals aged 16 and older. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a minor, please contact us immediately at [email protected] and we will delete the information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email (to the address associated with your account) and by updating the "Last updated" date at the top of this page at least 30 days before the changes take effect. Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or how we handle your data:

VeryBooked Ltd (trading as VeryBookedAI)
Registered in England and Wales, company number 15393026
Email: [email protected]
Registered office: 71-75 Shelton Street
Covent Garden

London WC2H 9JQ

United Kingdom