PolyAI Privacy Notice
Last Updated: 01 August 2025
Welcome to PolyAI. PolyAI provides a virtual voice assistant platform built for enterprises (our “Service”). This Privacy Notice explains how PolyAI collects, uses, discloses, and otherwise processes information that identifies or relates to identifiable individuals (“personal data”) when you visit our website at poly.ai (our “Website”), or contact us about or sign up to our Service. It also explains how we use certain personal data that we collect in connection with the provision of our Service.
This Privacy Notice does not address our privacy practices relating to PolyAI job applicants, employees, contractors (including voice actors that we engage to train our virtual voice assistant) and other employment-related individuals. This Privacy Notice is also not a contract and does not create any legal rights or obligations not otherwise provided by law.
If you have any questions about this privacy notice or how we use your personal data, please contact us using the details in the “Contact us” section below.
Who we are
Who is responsible for your personal data?
PolyAI Limited (“PolyAI”, “we”, “us” or “our”) operates the Website and is the controller of personal data that you provide or that we collect when you visit the Website or contact us about our Service. This means that we determine and are responsible for how this personal data is processed.
When we or our affiliates provide our Service to our enterprise clients, the relevant client will be the controller of most of the personal data that we collect, including personal data that we collect through the Service relating to individuals that contact that client by phone or that the client contacts by phone. This means that the client determines and is responsible for how that personal data is processed. We will process that personal data primarily as a processor or service provider on behalf of the relevant client, meaning that we have contractually committed to processing that personal data only on the instructions of the relevant client.
We and our affiliate, PolyAI, Inc, also collect and use certain personal data in connection with the operation of the Service for our own purposes, as set out in the sections headed “Personal data we collect about clients’ authorized users of the Service” and “Personal data we collect from calls” below. We and PolyAI, Inc use this personal data as joint controllers, meaning we jointly determine and are responsible for how this personal data is used. We and PolyAI, Inc have allocated responsibility for complying with our obligations under applicable data protection law as follows:
- Transparency and rights: the company that provides the Service to the relevant enterprise client will provide you with information about how your personal data is used by us and PolyAI, Inc as joint controllers and serve as the primary contact point for exercising your rights in respect of such personal data (in each case, through the relevant enterprise client where appropriate). If you would like to contact us or PolyAI, Inc to exercise rights under data protection law, please use the details set out in the “Contact us” section below.
- Lawfulness: we have determined the lawful basis relied on for processing your personal data as joint controllers.
- Security and transfers: we and PolyAI, Inc have each implemented our own safeguards to ensure that the personal data we process as joint controllers is kept secure, and safeguards in respect of transfers of personal data that we undertake, including transfers to recipients in jurisdictions outside the UK or EEA.
Contact us
If you have any questions, comments or requests regarding this Privacy Notice or the personal data that we process about you, please contact us at [email protected] or [email protected].
1. Our collection and use of personal data
Personal Data we collect when you contact us about our Service or use the Website
We collect personal data that you submit directly to us when you contact us about our Service, request a product demo, correspond with us by e-mail or otherwise, interact with us on social media or sign up to our newsletter.
Like most online service providers, we also collect certain personal data automatically when you browse our Website in order to understand how the Website is used and how we can improve it, as well as to promote us and our Service through online advertising.
The categories of information we collect and how we use them will depend on how you interact with us, as set out in more detail below.
When we ask you to provide personal data, we will indicate to you if the provision of certain personal data is mandatory or optional. If you choose not to provide any personal data marked as mandatory, we may not be able to respond to your queries or provide other services to you.
We collect the following categories of personal data directly from you when you contact us about our Service:
Personal data we collect | How we use it | Legal basis we rely on |
Contact information, such as your name, email address, the name of your organization, your role at that organization, phone number. | We use this information to communicate with you about your enquiry and arrange a product demo. | The processing is necessary for our legitimate interests, namely to communicate with prospective clients. |
We use this information to send you promotional messages in accordance with your preferences. | The processing is necessary for our legitimate interests, namely promoting us and our Service. Where required under applicable law, we will only process your personal data in this way to the extent you give us your consent to do so. | |
Email preferences, namely whether you have agreed (where required under applicable law) or opted out of receiving promotional messages from us. | We use this information to ensure that we only send you updates about us and our Service in accordance with your preferences. | The processing is necessary to comply with a legal obligation to which we are subject. |
Comments and enquiries that you submit to us. | We use this to communicate with you and respond to your enquiries. | The processing is necessary for our legitimate interests, namely to communicate with prospective clients. |
We and our third-party partners also automatically collect the following information about how you access and use our Website. Most of this information is collected through cookies and similar technologies, as further described in the “Cookies and Similar Technologies” section below.
Personal data we collect | How we use it | Legal basis we rely on |
Information about your device and network, such as device type, manufacturer, model, operating system, IP address, browser type and unique identifiers associated with your device or your network. | We use this information to operate the Website and present it to you in the correct format for your device. | The processing is necessary for the performance of a contract with you. |
We use this information to identify and prevent suspicious or fraudulent use of our Website. | The processing is necessary for our legitimate interests, namely ensuring the security of our Website. | |
We use this information to analyze the performance of the Website to identify errors and ways in which we can improve the Website. | We will only use your personal data in this way if you have given us your consent to do so. | |
We and our advertising partners use this information as further described in the "Online Advertising" below to serve you targeted advertising on other websites and platforms that you visit, and to identify how effective those advertisements are. | We will only use your personal data in this way if you have given us your consent to do so. | |
Information about how you use the Website, such as the time you access the Website and how long you access it for, the approximate location that you access the Website from, the site from which you came and the site to which you are going when you leave the Website, the pages you visit, the links you click, your interactions on the Website and other actions you take on the Website. | We use this information to operate the Website and present it to you in the correct format for your device. | The processing is necessary for the performance of a contract with you. |
We use this information to identify and prevent suspicious or fraudulent use of our Website. | The processing is necessary for our legitimate interests, namely ensuring the security of our Website. | |
We use this information to analyze the performance of the Website to identify errors and ways in which we can improve the Website. | We will only use your personal data in this way if you have given us your consent to do so. | |
We and our advertising partners use this information as further described in the "Online Advertising" section below to serve you targeted advertising on other websites and platforms that you visit, and to identify how effective those advertisements are. | We will only use your personal data in this way if you have given us your consent to do so. |
Personal Data we collect from third parties
We or our service providers may collect publicly available information about businesses and the personnel who work for or were previously employed with them.
Personal data we collect | How we use it | Legal basis we rely on |
Professional details such as name, business email, job title, and professional qualifications. | We use this information to tailor our marketing outreach or send you promotional messages in accordance with your preferences. | The processing is necessary for our legitimate interests, namely promoting us and our services. |
Personal Data we collect about clients’ authorized users of the Service
As part of our Service, we and PolyAI, Inc may grant clients and their authorized users access to a platform to allow them to review and manage the performance of our Service (the “Platform”). We and PolyAI, Inc collect this personal data from the client, from you directly and through the use of automated technologies such as cookies and similar trackers. We and PolyAI, Inc use most of the information we collect as a processor or service provider on behalf of the relevant client; however, we and PolyAI, Inc will also collect and use personal data as a controller as follows:
Personal data we collect | How we use it | Legal basis we rely on |
Contact details for account administrators. If you are the account administrator for a client, we will collect your contact details such as your email address. | We use this information to administer our relationship with the relevant client, including sending service-related communications such as invoices and notice of service outages. | The processing is necessary for our legitimate interests, namely administering our relationship with the client. |
Support requests. If you are an authorized user or account administrator of a client and contact us with requests, feedback or support requests relating to the Service, we will collect the contents of that enquiry. | We primarily use this information to provide customer support in accordance with our agreement with the client; however, we will also use this information to identify ways in which we can improve the Service. | The processing is necessary for our legitimate interests, namely identifying errors in, and potential improvements to the Service. |
Information about your device and network, such as device type, manufacturer, model, operating system, IP address, browser type and unique identifiers associated with your device or your network. | We use this information to identify and prevent suspicious or fraudulent use of the Platform. | The processing is necessary for our legitimate interests, namely ensuring the security of our Service. |
We use this information to analyze the performance of the Platform, and to identify errors and ways in which we can improve the Service. | We will only use your personal data in this way if you have given us your consent to do so. | |
Information about how you use the Website, such as the time you access the Website and how long you access it for, the approximate location that you access the Website from, the site from which you came and the site to which you are going when you leave the Website, the pages you visit, the links you click, your interactions on the Website and other actions you take on the Website. | We use this information to identify and prevent suspicious or fraudulent use of the Platform. | The processing is necessary for our legitimate interests, namely ensuring the security of our Service. |
We use this information to analyze the performance of the Platform, and to identify errors and ways in which we can improve the Service. | We will only use your personal data in this way if you have given us your consent to do so. |
Personal Data we collect from calls
We and PolyAI, Inc mostly use any personal data collected from calls handled through our Service as a processor or service provider for the relevant client.
Where permitted by the client and applicable law, we and PolyAI, Inc also use certain information collected from calls to monitor the performance of the Service and improve the Service as set out below. We collect this information through our client’s systems integrated with our Service.
Personal data we collect | How we use it | Legal basis we rely on |
Recordings and transcripts of calls. | We evaluate and annotate conversations handled through our Service to assess model effectiveness and to identify improvements to the Service. | Where permitted under applicable law, the processing is necessary for our legitimate interests, namely monitoring the performance of and improving the Service. Where required under applicable law, we rely on your consent. |
We extract snippets of voice recordings to train our virtual voice assistant. | ||
We analyze call performance to create aggregated performance and benchmarking statistics. | ||
Unique identification numbers assigned to calls by us. | We use this information to link recordings and transcripts for analysis, annotation and extraction of voice snippets for model training. | The processing is necessary for our legitimate interests, namely monitoring the performance of and improving the Service. |
2. Cookies and similar technologies
We collect information about how you access, view and use the Website and the Platform through a variety of automated data collection technologies, including cookies and similar technologies such as beacons, pixels, embedded scripts and logging technologies.
For further information about the cookies and similar technologies that we use, please refer to our cookie preference center. You can access it by clicking “show details” on the cookie consent banner, or by clicking on the floating cookie widget at any time.
Other than cookies and similar technologies that are necessary to present the Website or the Platform to you, or provide a feature or functionality of the Website or the Platform to you, we will only use cookies and similar technologies to the extent you have given us your consent to do so.
If you would like to change your cookie preferences, you can do so at any time by clicking on the floating cookie widget and selecting “Withdraw your consent” or “Change your consent”.
Most browsers will also allow you to change your browser settings to limit automatic data collection technologies on websites. Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our Service, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies, or you may need to update your preferences on multiple devices or browsers.
Certain devices provide individuals the option to turn off targeted advertising for the entire device (such as Apple devices through their App Tracking Transparency framework or Android devices through their opt out of ads personalization feature). Please refer to your device manufacturer’s user guides for additional information about implementing any available device-specific targeted advertising opt-outs.
Online advertising
We work with online advertising networks, social media companies and advertising partners to develop our online advertising strategy and play or display ads to you on other websites, apps, or services.
Online advertising
The ads you see online are tailored to your interests based on information collected about you, including information about your age, demographic, location, as well information about your internet usage over time, such as the websites you visit, the products and pages you view and the links you click on (including links in ads played or displayed to you).
Typically, this information is collected through cookies or similar tracking technologies. When you visit the Website, we will place cookies and similar tracking technologies on your device to:
identify you and your device, and share this information with the relevant advertising networks, so that they can serve you advertising based on the information those advertising networks (or the partners they work with) have about your internet usage history and the inferences they can draw from your online activity;
collect information about how you use the Website, so that when you visit another website that works with the same advertising network as us, we can play you adverts for the Service which are tailored to how you have used the Website (such as if you visited the Website or requested a demo of the Service).
Social media
We may also display targeted advertising to you through third party social media platforms, such as X (formerly known as Twitter), Facebook and Reddit. These companies have interest-based advertising programs that allow us to direct advertisements to users who have shown interest in our products while those users are on the social media platform, or to groups of other users who share similar traits, such as likely commercial interests and demographics.
Typically, the information required to direct this kind of advertising is collected through cookies in a similar way to information collected for online advertising.
Controlling the ads you see online and on social media
Please see our cookie preference center for details of the third parties that collect information about your use of the Website for advertising purposes.
Blocking our use of advertising cookies and similar trackers will mean that information about your use of the Website will not be shared with advertising networks to target advertising on other websites and will not be used by us to tailor advertising on social media.
We will only use cookies and similar technologies for online advertising purposes to the extent you have given us your consent to do so. You can always withdraw your consent by clicking on the floating cookie widget on the Website and selecting “Withdraw your consent” or “Change your consent”.
You can also update your preferences through one or more targeted advertising opt-out programs, such as:
- Device-specific opt-outs: Certain devices provide individuals the option to turn off targeted advertising for the entire device (such as Apple devices through their App Tracking Transparency framework or Android devices through their opt out of ads personalization feature). Please refer to your device manufacturer’s user guides for additional information about implementing any available device-specific targeted advertising opt-outs.
- Digital Advertising Alliance: The Digital Advertising Alliance allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://optout.aboutads.info/?c=2&lang=EN for browser-based advertising and https://www.youradchoices.com/appchoices for app-based advertising to opt out of targeted advertising carried out by third parties that participate in the Digital Advertising Alliance’s self-regulatory program.
- European Interactive Digital Advertising Alliance: The European Interactive Digital Advertising Alliance similarly allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://www.youronlinechoices.eu to opt out of browser-based targeted advertising carried out by third parties that participate in the European Interactive Digital Advertising Alliance’s program.
- Network Advertising Initiative: The Network Advertising Initiative similarly allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://www.optout.networkadvertising.org/?c=1 to opt out of browser-based targeted advertising carried out by third parties that participate in the Network Advertising Initiative’s self-regulatory program.
- Platform-Specific Opt-Out Programs: Certain third-party platforms provide individuals the option to turn off targeted advertising for the entire platform (such as certain social media platforms). Please refer to your platform provider’s user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.
If you opt out of interest-based advertising, you will still get ads when you browse the internet or social media, and those ads may still be relevant to your interests. However, these will be based on other information, such as target audiences (i.e. individuals sharing certain characteristics) or contextual advertising (i.e. adverts for services similar to the website or service you are browsing or using) rather than targeting based on inferences from your actual online activity over time. As a result, you may still see advertising targeted to your location, demographic or other information in your social media profile or the websites you visit even if you block, do not consent or withdraw your consent to our use of advertising cookies or similar trackers.
3. How long we keep your personal data
We will store the personal data we collect for no longer than necessary for the purposes set out and in accordance with our legal obligations and legitimate business interests.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
We generally retain your personal data for the periods specified below:
Personal data we collect | How long we keep it |
Information you provide when you contact us | We will keep this information for as long as we communicate with you as a prospective customer of our Services. |
Email and communication preferences | We will keep this information for as long as we retain your contact details. |
Information we collect automatically about your use of our Website | We and advertising partners will retain this information in identifiable form for as long as necessary for the relevant purpose, namely:
|
Information about your interactions with us on social media | We will keep this information for as long as you have an account on the relevant social media platform. |
Information about client administrators | We will keep this information for as long as we have an agreement with the relevant client and for 6 years thereafter. |
Information about support requests collected from client authorized users | We will keep this information for as long as necessary to identify common issues and areas for improvement. |
Information we collect automatically about authorized users' use of the Platform | We will retain this information in identifiable form until we have collected an amount of information about our Platform usage over time to generate meaningful statistics about our Platform's performance. |
Information collected from calls | We will keep this information until completion of the relevant annotation, evaluation or model training. |
4. Recipients of your personal data
As required in accordance with how we use your personal data, we may share your personal data with the following:
How we may share personal data | Lawful basis we rely on |
Companies within the same group as us. These are companies that are owned by us or under common ownership with us. | These companies either process personal data as processors on our instructions, or the processing is necessary for our legitimate interests, namely procurement and administration of intragroup services. |
Service providers, such as providers of web hosting or other technical services such as analytic services or communication services. | These service providers will use your personal data as processors on our instructions. |
Advisors, such as legal advisors or accountants. These third-party vendors and other service providers perform services for us or on our behalf. | The lawful basis we rely on for these transfers is that the processing is necessary for our legitimate interests, namely obtaining legal, accounting and other professional advice. |
Advertising partners. We work with third-party ad networks and advertising partners to deliver advertising about our Service on other websites and services. For more information, please see the "Online Advertising" section above. | We will only share your personal data with these recipients to the extent you give us your consent to do so. |
Purchasers and third parties in connection with a business transaction. Your personal data may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. These recipients will use your personal data to review and assess a potential transaction to purchase our business or assets. | The lawful basis we rely on for these transfers is that they are necessary for our and the purchaser's legitimate interests, namely to conduct due diligence on our business and assets in connection with a potential acquisition. |
Law enforcement, regulators and other parties for legal reasons. We may share your personal data with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with the law and the reasonable requests of law enforcement; (ii) detect and investigate illegal activities and breaches of agreements; and / or (iii) exercise or protect the rights, property or personal safety of PolyAI or others. These recipients will use your personal data in the performance of their regulatory or law enforcement role, or to advise us in connection with a potential claim or regulatory enforcement action. | The lawful basis we rely on for sharing personal data with these recipients is that the processing is either necessary to comply with a legal obligation to which we are subject or, where there is no applicable legal obligation to share this data, that the sharing is necessary for our legitimate interests, namely enforcing our rights or complying with requests from regulatory authorities. |
5. International transfers
The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations, including in the United States. We will ensure that these international transfers of your personal data are made pursuant to appropriate safeguards, such as:
- ensuring that the personal data is only transferred to countries or recipients recognized by the UK Secretary of State or the European Commission (as applicable) as offering an equivalent level of protection as compared to the level of protection in the country you are located (“Adequacy”); or
- the transfer is to a third party who uses appropriate safeguards in respect of the processing in question, included but not limited to the UK or EU standard contractual clauses, which are recognized as offering adequate protection for the rights and freedoms of data subject, as adopted by the UK Secretary of State or the European Commission (as applicable) (“Standard Contractual Clauses”).
We may transfer your personal data to, or store your personal data in, the following countries:
Country | Appropriate Safeguard |
United States | Standard Contractual Clauses Adequacy (for recipients certified to the EU-U.S. Data Privacy Framework and UK Extension) |
European Economic Area | Adequacy (for data subjects in the UK) |
UK | Adequacy (for data subjects in the EEA) |
We will take appropriate steps to ensure that your personal data is treated securely and in accordance with applicable law and this privacy notice regardless of where it is processed.
If you wish to enquire further about the safeguards we use, please contact us using the details set out in the “Contact Us” section above.
6. Your privacy choices
The following privacy choices are made available to all individuals with whom we interact.
Email Communication Preferences
You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in any of our email communications. Please note you cannot opt-out of service-related email communications (such as, account verification, transaction confirmation, or service update emails).
Automatic Data Collection Preferences
You can change your preferences relating to our collection of data through cookies and similar technologies by clicking on the floating cookie widget and selecting “Withdraw your consent” or “Change your consent”.
You may also be able to use third-party tools and features to restrict our use of such technologies, as set out further in the section headed “Cookies and similar technologies”.
Targeted Advertising Preferences
You can change your preferences relating to our collection of data for online advertising purposes by clicking on the floating cookie widget and selecting “Withdraw your consent” or “Change your consent”.
You may also be able to further exercise control over the advertisements that you see by leveraging one or more targeted advertising opt-out programs as set out in the “Online advertising” section above.
7. Your privacy rights
Privacy Rights
You have the following rights in respect of the personal data that we hold:
Right of access. You have the right to obtain:
(i) confirmation of whether, and where, we are processing your personal data;
(ii) information about the categories of personal data we are processing, the purposes for which we process your personal data and information as to how we determine applicable retention periods;
(iii) information about the categories of recipients with whom we may share your personal data; and
(iv) a copy of the personal data we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
- Right to withdraw consent. Where we rely on your consent for processing your personal data, you have the right to withdraw your consent. Withdrawal of your consent will not affect the lawfulness of the processing of your personal data before you withdrew your consent.
You have a right to object to any processing based on our legitimate interests. There may, depending on the particular circumstances, be compelling reasons for continuing to process your personal data despite your objection, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
If you wish to exercise one of these rights, please contact us using the contact details at the top of this privacy notice.
We will not charge you a fee for complying with your request to exercise one of these rights, other than where the request is manifestly unfounded or excessive (such as if you submit a number of repeated requests), in which case we may charge you a reasonable fee to cover our administrative costs.
Privacy Wrongs
You also have the right to lodge a complaint to your national data protection authority. If you are in the UK, your local data protection authority is the Information Commissioner’s Office, which can be contacted using the details at https://ico.org.uk/global/contact-us/. If you are in the European Economic Area, you can find your local Data Protection Authority at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
8. Children’s personal data
Our services are not directed to, and we do not intend to, or knowingly, collect or solicit personal data from children under the age of 13. If an individual is under the age of 13, they should not use our services or otherwise provide us with any personal data either directly or by other means. If a child under the age of 13 has provided personal data to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal data from our systems. If we learn that any personal data we collect has been provided by a child under the age of 13, we will promptly delete that personal data.
9. Third-Party websites and services
Our services may include links to third-party websites, plug-ins, applications and other services. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to any personal data practices of third parties. To learn about the personal data practices of third parties, please visit their respective privacy notices.
10. Updates to this Privacy Notice
We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our other platforms, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.