Voice Agent

Contact Us

Privacy Policy

Last Updated: February 10, 2026

Quick Summary: We respect your privacy. This policy explains what information we collect, why we collect it, how we use it, and your rights regarding your data. We are committed to protecting your personal information and complying with GDPR and other data protection laws.

1. Introduction

Welcome to our Voice Agent platform for restaurants (“we”, “us”, “our”, or the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our AI voice agent services.

Data Controller: AstuteLabs Address: Via Oropa 129B, Torino 10153 (TO) Email: voice-agent@astutelabs.it

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you:

  • Register for an account or request a demo
  • Fill out contact forms or inquiry forms
  • Subscribe to our newsletter or marketing communications
  • Participate in surveys or provide feedback
  • Contact our customer support

This information may include:

  • Name and contact information (email address, phone number)
  • Restaurant name and business information
  • Job title and role
  • Payment and billing information
  • Communication preferences
  • Any other information you choose to provide

2.2 Voice Data and Call Recordings

Our AI Voice Agent service processes voice data to provide restaurant call handling services:

  • Voice recordings: Phone calls handled by our AI voice agent may be recorded for quality assurance, training, and improvement of our AI models
  • Call transcripts: Voice conversations are transcribed to text for order processing and analysis
  • Order information: Customer orders, preferences, and special requests captured during calls
  • Caller information: Phone numbers and any customer information provided during calls

Important for Restaurants: If you use our Voice Agent service, you are responsible for informing your customers that calls may be recorded and processed by our AI system. You should include appropriate notices in your phone greeting or menu.

2.3 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and usage:

  • Device information: IP address, browser type, operating system, device identifiers
  • Usage data: Pages viewed, time spent on pages, links clicked, referring website
  • Location data: Approximate geographic location based on IP address
  • Cookies and tracking technologies: See our Cookie Policy for details

2.4 Information from Third Parties

We may receive information about you from:

  • Analytics providers (e.g., Google Analytics)
  • Advertising networks (e.g., Google Ads, Facebook)
  • Payment processors
  • Public databases and social media platforms

3. How We Use Your Information

PurposeLegal Basis (GDPR)Data Used
Provide and operate our Voice Agent serviceContract performanceAccount info, voice data, call recordings, order information
Process payments and billingContract performancePayment information, billing details
Improve our AI models and servicesLegitimate interestVoice recordings, transcripts, usage data
Send service-related communicationsContract performance / Legitimate interestContact information
Marketing and promotional communicationsConsentContact information, preferences
Analyze website usage and improve user experienceLegitimate interestUsage data, cookies
Detect and prevent fraud or security threatsLegitimate interest / Legal obligationDevice info, IP address, usage patterns
Comply with legal obligationsLegal obligationAny relevant data

Export to Sheets

4. AI and Machine Learning

Our Voice Agent uses artificial intelligence and machine learning technologies:

  • Voice recognition and processing: We use AI to understand customer requests, take orders, and answer queries
  • Model training: Voice recordings and transcripts may be used to train and improve our AI models, making them more accurate and effective
  • Anonymization: Where possible, we anonymize data used for AI training by removing personally identifiable information
  • Quality assurance: Human reviewers may occasionally listen to call recordings to ensure quality and improve the system

5. How We Share Your Information

5.1 We DO NOT Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 We Share Information With:

Service Providers: Third-party companies that help us operate our business:

  • Cloud hosting providers (e.g., AWS, Google Cloud)
  • Payment processors (e.g., Stripe, PayPal)
  • Email service providers
  • Analytics services (e.g., Google Analytics)
  • Customer support tools

Restaurant Clients: If you are a customer calling a restaurant that uses our Voice Agent:

  • Your order information and call data is shared with the restaurant you’re calling
  • The restaurant controls how they use this information for their business purposes

Legal Requirements: We may disclose your information if required by law or to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Investigate potential violations of our terms
  • Prevent fraud or security threats

Business Transfers: In connection with any merger, sale, or acquisition of our business, your information may be transferred to the acquiring entity.

6. International Data Transfers

We are based in Italy. If you are accessing our services from outside Italy, please be aware that your information may be transferred to, stored, and processed in Italy or other countries where our service providers operate.

For transfers from the European Economic Area (EEA) to countries without adequate data protection:

  • We use Standard Contractual Clauses (SCCs) approved by the European Commission
  • We ensure appropriate safeguards are in place to protect your data
  • We conduct transfer impact assessments where required

7. Data Retention

Data TypeRetention PeriodReason
Account informationDuration of account + 2 yearsContract performance, legal obligations
Voice recordings90 days (or as agreed with client)Quality assurance, dispute resolution
Call transcripts and order data1 year (or as agreed with client)Service delivery, analytics
Marketing communications dataUntil consent withdrawn + 30 daysLegitimate interest, consent
Website analytics data26 monthsService improvement, analytics
Payment information7 years from last transactionLegal and tax obligations

Export to Sheets

After the retention period expires, we securely delete or anonymize your personal data. Some information may be retained in anonymized form for statistical purposes.

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

8.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data.

8.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

8.4 Right to Restriction of Processing

You can request that we limit how we use your data in certain situations.

8.5 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format to transfer to another service.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where we process your data based on consent, you can withdraw consent at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority:

8.9 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: voice-agent@astutelabs.it
  • Subject Line: “Data Subject Rights Request”
  • Include: Your name, email, specific request, and any relevant details

We will respond to your request within 30 days (as required by GDPR).

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Access controls: Strict access controls and authentication mechanisms
  • Regular security assessments: Periodic security audits and vulnerability testing
  • Employee training: Regular data protection and security training for staff
  • Incident response: Procedures in place to detect and respond to data breaches
  • Third-party security: We ensure our service providers maintain adequate security standards

Data Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

10. Children’s Privacy

Our services are not intended for children under 16 years of age (or the age of digital consent in your country). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we don’t sell data)
  • Right to Non-Discrimination: We won’t discriminate against you for exercising your rights
  • Right to Correct: Request correction of inaccurate personal information

To exercise these rights, contact us at voice-agent@astutelabs.it with “California Privacy Rights” in the subject line.

12. Other Jurisdictions

We comply with applicable data protection laws in all jurisdictions where we operate, including but not limited to:

  • UK GDPR (United Kingdom)
  • PIPEDA (Canada)
  • Privacy Act (Australia)
  • LGPD (Brazil)

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about our use of cookies, please see our Cookie Policy.

You can control cookies through:

  • Our cookie consent banner when you first visit our website
  • Your browser settings
  • Third-party opt-out tools

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or services
  • Changes in applicable laws
  • Technological developments

When we make significant changes:

  • We will update the “Last Updated” date at the top of this policy
  • We will notify you via email (if you have an account)
  • We may display a prominent notice on our website
  • For material changes, we may seek your consent where required by law

We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Controller: AstuteLabs Email: voice-agent@astutelabs.it Address: Via Oropa 129B, Torino 10153 (TO) Phone: +39 324 809 5404

17. Definitions

For clarity, the following terms used in this Privacy Policy are defined as:

  • “Personal Data” / “Personal Information”: Any information relating to an identified or identifiable individual
  • “Processing”: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion
  • “Data Controller”: The entity that determines the purposes and means of processing personal data
  • “Data Processor”: An entity that processes personal data on behalf of the data controller
  • “Consent”: Freely given, specific, informed, and unambiguous indication of agreement to processing
  • “Data Subject”: An individual whose personal data is being processed

This Privacy Policy is effective as of February 10, 2026. © AstuteLabs. All rights reserved.