We wear two hats, and your rights depend on which one applies to you:
A. If you called a business that uses our receptionist
Here the business you called is the data controller; we are their data processor.
- You'll have been told the call is recorded. The receptionist's greeting includes a recording notice, and it will honestly tell you it's a digital receptionist if you ask.
- What's processed: the call audio, a transcript, and the details you give (typically your name, phone number, location and what you need), so the business can call you back and keep a record.
- Where it goes: securely to the business you called — their staff see it in their private dashboard. We do not sell it, use it for our own marketing, or share it with anyone else except the technology providers below.
- How long it's kept: recordings are automatically deleted after 90 days (the business may choose shorter); the written enquiry details are kept as part of the business's records while they have an account.
- Your rights (access, correction, deletion and more): please contact the business you called — data protection law makes them responsible for your data. If you contact us instead, we'll help and forward your request to them, and on their instruction we delete promptly. See also our Call Recording Policy.
B. If you are a client (a business using the Service)
Here we are the data controller for your account data.
- What we hold: your business and contact details, your business profile (the answers that configure your receptionist), sign-in and usage records, billing history and support messages.
- Why (lawful bases): to provide the Service (contract); billing, security and records (legal obligation / legitimate interests); service emails such as call reports, low-credit alerts and your monthly summary (part of the Service); occasional product updates (legitimate interests — opt out any time).
- Payments are handled by Stripe — we never see or store card numbers.
- How long: for the life of your account, then deleted within 30 days of your post-cancellation export window closing, except records we must keep (e.g. invoices for tax law).
C. If we've contacted you about the Service (prospects)
- Your business details came from public sources (e.g. your Google Business listing). We process them under legitimate interests to tell you about a service relevant to your business.
- We screen our calling lists against the TPS/CTPS and never cold-call registered numbers. Say "don't contact me" once and we stop — permanently.
- Calls with our team may be recorded and transcribed so we have an accurate record of what was discussed and can improve how we work (legitimate interests). Transcripts are stored encrypted; you can object at any time and we'll delete the recording.
- Prospect data is deleted after 12 months of no engagement, or immediately on request.
The technology providers we use
We use a small number of specialist providers to run the Service. They process data only to deliver it, under contract:
| Category | Role |
|---|---|
| Voice-AI & telephony platforms | answering calls, recording, and providing your dedicated number and SMS |
| Speech & language model providers | transcribing and understanding what callers say |
| Stripe | payments (we never see card details) |
| Email delivery provider | sending call reports and account emails |
| Hosting provider | running the platform and storing data |
A named list of our current sub-processors is available to clients on request.
We never sell call data, and we do not use your calls or your callers' details to train our own AI models. Our speech-technology providers process call audio and transcripts in order to deliver the service, under their own contractual and security safeguards. Some providers process data outside the UK/EEA; where they do, transfers are protected by recognised safeguards (such as Standard Contractual Clauses or the UK–US Data Bridge).
Security
Encryption in transit and at rest, strict per-account access (a business can only ever see its own callers' data), passwordless sign-in links that expire after a single use, and access logging.
Your rights (everyone)
Under UK GDPR you can ask for access, correction, deletion, restriction or portability of your data, or object to processing — email support@weesite.dev (callers: your quickest route is the business you called; we'll help either way). We respond within one month. If you're unhappy, you can complain to the Information Commissioner's Office (ico.org.uk).
Changes
We'll post changes here and, for material changes affecting clients, give email notice. This policy sits alongside our Terms of Service and Call Recording Policy.