Privacy Policy | CustomSolutions.ai

1. Introduction

Realtime Comms Ltd ("Company", "we", "us", or "our") operates the CustomSolutions.ai platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller: Realtime Comms Ltd
Contact: support@realtimecomms.co.uk

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password, company name
Payment Information: Billing address, payment card details (processed securely by Stripe)
Agent Configuration: System prompts, voice settings, webhook URLs
Support Communications: Messages you send to our support team

2.2 Information Collected Automatically

Call Data: Call logs, duration, phone numbers, timestamps
Transcripts: Speech-to-text transcriptions of calls processed through the Service
Usage Data: Features used, API calls made, credit consumption
Technical Data: IP address, browser type, device information

2.3 Information from Third Parties

Telephony Providers: Call metadata from Twilio
Authentication: If you sign in via Google, we receive your name and email

3. How We Use Your Information

We use your information for the following purposes:

Purpose	Legal Basis
Provide and maintain the Service	Contract performance
Process payments and billing	Contract performance
Send service-related communications	Contract performance / Legitimate interest
Improve and develop the Service	Legitimate interest
Prevent fraud and abuse	Legitimate interest
Comply with legal obligations	Legal obligation
Send marketing communications	Consent (where required)

4. Data Sharing and Disclosure

We may share your information with:

4.1 Service Providers

Microsoft Azure: Cloud hosting and infrastructure (EU/UK data centres)
Deepgram: Speech-to-text and text-to-speech processing
Twilio: Telephony services
Stripe: Payment processing
Azure Communication Services: Email delivery

4.2 Other Disclosures

We may also disclose your information:

To comply with legal obligations or valid legal processes
To protect our rights, privacy, safety, or property
In connection with a merger, acquisition, or sale of assets
With your consent or at your direction

We do not sell your personal data.

5. International Data Transfers

Some of our service providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the UK ICO
Adequacy decisions where applicable
Other legally approved transfer mechanisms

6. Data Retention

We retain your information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes and enforce agreements

Typical retention periods:

Account data: Duration of account plus 2 years
Call logs and transcripts: 90 days (unless you configure otherwise)
Billing records: 7 years (legal requirement)
Support communications: 3 years

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access: Request a copy of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data (subject to legal obligations)
Right to Restrict Processing: Request limitation of processing
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent

To exercise these rights, contact us at support@realtimecomms.co.uk. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption in transit (TLS) and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Healthcare Data

Special Category Data

If you use our Service to process health-related data, additional protections apply.

9.1 Health data is considered special category data under UK GDPR and requires additional safeguards.

9.2 If you process health data through our Service, you act as the data controller for that data. You are responsible for ensuring lawful processing, including obtaining appropriate consent from data subjects.

9.3 We act as a data processor for health data you process through our Service. A Data Processing Agreement is available upon request.

9.4 For HIPAA compliance (US healthcare), a Business Associate Agreement (BAA) is available. Contact us to execute a BAA before processing any protected health information.

10. Cookies and Tracking

We use cookies and similar technologies to:

Maintain your session and authentication
Remember your preferences
Analyse usage patterns
Improve the Service

You can control cookies through your browser settings. Disabling certain cookies may affect Service functionality.

11. Children's Privacy

Our Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Realtime Comms Ltd
Email: support@realtimecomms.co.uk