Privacy Policy

1. Introduction

Callopa Ltd (“we”, “our”, or “us”) is committed to protecting the privacy and security of all data we process on your behalf.

This Privacy Policy explains how we collect, use, store, and protect information when you use our website (callopa.com), our AI voice agent service, and our order management features. By using our services, you agree to the collection and use of your information as described in this policy.

2. Data Controller and Processor Roles

Under the UK General Data Protection Regulation (UK GDPR), Callopa operates in two distinct roles depending on the situation.

As a Data Controller, we are responsible for the personal data of our direct customers, restaurant owners and managers who purchase our service, and all visitors to callopa.com.

As a Data Processor, we act on behalf of our restaurant customers when Sarah answers calls and processes orders from their end-customers. In this relationship, you, the restaurant owner, remain the Data Controller for your customers’ personal data. We process that data only on your instructions and in accordance with this policy.

3. Information We Collect

The information we collect depends on how you interact with us. If you are a restaurant owner or website visitor, we may collect:

• Contact details — your name, work email address, phone number, restaurant name, and location when you request a demo or create an account.
• Billing information — payment details processed securely through our third-party payment providers. We do not store full card numbers.
• Usage data — IP address, browser type, pages visited, and timestamps when you use our website.

If you are a caller to one of our restaurant customers, we may collect:

• Voice recordings — audio from inbound phone calls placed to the restaurant.
• Order details — a transcription of your order, your delivery or collection address, your phone number, and any dietary or allergen requirements you provide.

4. Call Recordings and Transcriptions

When Sarah answers a call on behalf of your restaurant, the audio is recorded and immediately transcribed into text. This allows Sarah to accurately understand and process the order.

Why we record calls: Call recordings are used strictly for three purposes: fulfilling the customer’s order accurately, resolving any disputes about order contents, and improving the accuracy of Sarah’s voice recognition.

How long we keep recordings: Raw call audio recordings are automatically deleted 30 days after the call, unless they are needed in connection with a legal dispute. Transcribed order details are retained for the duration of your active subscription and are deleted or anonymised within 60 days of cancellation.

5. How We Use Your Information

We only use your information where we have a lawful basis to do so under UK GDPR, either because it is necessary to deliver our service, because you have given your consent, or because we have a legitimate interest that does not override your rights.

Specifically, we use your information to:

• Provide the Callopa service, answering calls, taking orders, and sending WhatsApp order notifications to the restaurant owner.
• Process payments and protect against fraudulent activity.
• Send you service updates, order summaries, and essential account communications.
• Improve Sarah’s ability to understand natural speech, UK accents, and regional dialects. Any voice data used for AI improvement is fully anonymised before use; it cannot be linked back to an individual caller or order.

6. Data Sharing and Third Parties

We do not sell, rent, or share your customer data with third parties for marketing purposes. We share data only with a limited number of verified sub-processors that are essential to delivering our service. All sub-processors are vetted for compliance with UK GDPR.

Our current sub-processors are:

• Telecom providers to route and handle inbound phone calls.
• WhatsApp Business API to send order notifications to restaurant owners.
• Secure cloud storage providers to host order transcriptions securely on UK-based servers.
• Payment processors (Stripe / GoCardless) to handle billing for Callopa subscriptions.

We do not share end-customer data, the personal information of your restaurant’s callers, with any party other than those listed above, and only to the extent necessary to deliver the service.

7. Data Retention and Security

Where we store your data: All Callopa data is stored on secure, UK-based servers. We do not transfer your data outside the United Kingdom without appropriate safeguards in place.

How we protect your data: We maintain technical and organisational security measures, including end-to-end encryption in transit (HTTPS/TLS) and encryption at rest. Access to personal data is restricted to authorised personnel only.

How long we keep your data: We keep your account data for as long as your Callopa subscription is active. When you cancel, your data is securely deleted or anonymised within 60 days.

Call recordings are deleted after 30 days as described in Section 4.

8. Your GDPR Rights

Under UK GDPR, you and your restaurant’s customers have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct any inaccurate or incomplete information.
• Right to erasure: You can ask us to delete your personal data (the right to be forgotten), subject to any legal obligations we have to retain it.
• Right to object: You can object to certain types of processing, including any processing based on legitimate interest.
• Right to withdraw consent: Where we rely on your consent to process data, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

How to exercise your rights: Email our Data Protection contact at hello@callopa.com. We will respond within 30 days, as required by UK law.