Privacy Policy
Last updated: 28 April 2026
Contents
ForwardCycle AI ("we", "us", "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use our AI voice agent platform and related services.
This policy applies to all users of our platform, including business clients who subscribe to our service and individuals whose calls are handled by our AI agents ("callers").
1. Data Controller
The data controller for the purposes of UK GDPR is:
ForwardCycle AI
Company Registration No. 14091381
Registered in England and Wales
Email: info@forwardcycle.co.uk
2. What Data We Collect
2.1 Account Data (Business Clients)
When you register for ForwardCycle AI, we collect: your name, business name, email address, phone number, industry sector, and billing information (processed by Stripe — we do not store card numbers).
2.2 Call Data
When calls are handled by our AI agents, we collect: caller phone number, call duration, call recordings (where consent is obtained), AI-generated transcripts, call summaries, lead qualification data, sentiment analysis, and appointment details.
2.3 Agent Configuration Data
Data you provide to configure your AI agent, including: business FAQs, greeting scripts, qualification questions, escalation rules, and business hours.
2.4 Usage & Analytics Data
We automatically collect: IP addresses, browser type, device information, pages visited, feature usage, and performance metrics. This is collected via cookies and server logs.
3. Legal Basis for Processing
| Data Category | Legal Basis | GDPR Article |
|---|---|---|
| Account & billing data | Performance of contract | Art. 6(1)(b) |
| Call recordings & transcripts | Legitimate interest (service delivery); Consent (from callers) | Art. 6(1)(f); Art. 6(1)(a) |
| Lead qualification data | Performance of contract | Art. 6(1)(b) |
| Usage analytics | Legitimate interest (product improvement) | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
4. How We Use Your Data
We use personal data to: provide and operate the AI voice agent service; process and route calls on your behalf; generate call transcripts, summaries, and lead scores; book appointments and send reminders; process payments and manage your subscription; send service notifications (e.g. call summaries, usage alerts); improve our AI models and service quality (using anonymised, aggregated data only); comply with legal obligations; and, where you have consented, send marketing communications about new features and offers.
5. Data Sharing & Third Parties
We share personal data with the following categories of third-party processors, all of whom are bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting & authentication | EU (London, eu-west-2) |
| Telephony provider | Call routing, recording, SIP trunking | UK/EU |
| Stripe | Payment processing | EU/US (EU SCCs in place) |
| Google Analytics | Website analytics | EU/US (EU SCCs in place) |
| Netlify | Website hosting | US (EU SCCs in place) |
We do not sell personal data to any third party. We may disclose data where required by law or to protect our legal rights.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account plus 12 months after closure |
| Call recordings | 12 months from date of call |
| Call transcripts & summaries | 12 months from date of call |
| Lead data | Duration of account plus 6 months |
| Billing & financial records | 6 years (HMRC requirements) |
| Usage analytics | 24 months (anonymised after 12 months) |
| Marketing consent records | Duration of consent plus 12 months |
You may request early deletion of your data at any time (see Section 7).
7. Your Rights Under UK GDPR
Under the UK General Data Protection Regulation, you have the following rights:
- Right of access (Art. 15) — request a copy of your personal data.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten").
- Right to restrict processing (Art. 18) — limit how we use your data.
- Right to data portability (Art. 20) — receive your data in a machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time.
To exercise any of these rights, email info@forwardcycle.co.uk. We will respond within one calendar month.
8. International Transfers
Your data is primarily stored in the UK and EU (Supabase London region). Where data is transferred to countries outside the UK, we rely on: EU/UK adequacy decisions; Standard Contractual Clauses (SCCs) approved by the ICO; or the transferee's participation in approved certification schemes. We conduct transfer impact assessments where required.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including: encryption in transit (TLS 1.3) and at rest (AES-256); role-based access controls; row-level security on all database tables; regular security audits; automated breach detection; and staff training on data protection. In the event of a personal data breach, we will notify the ICO within 72 hours where required and affected individuals without undue delay where there is a high risk to their rights.
10. Cookies
We use cookies and similar technologies on our website. For full details on what cookies we use and how to manage them, please see our Cookie Policy.
11. Children's Data
Our service is designed for businesses and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child's data has been collected, contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email to registered users at least 30 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.
13. Contact & Complaints
For any questions about this Privacy Policy or to exercise your data rights:
Email: info@forwardcycle.co.uk
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
ico.org.uk | 0303 123 1113