Privacy Policy

Dilr.Ai Ltd
Last Updated: 30 December 2025

1. Introduction

Dilr.Ai Ltd ("Company", "we", "us", or "our"), a private limited company registered in England and Wales under company number 16842656, with registered office at 92 East Croft House, 86 Northolt Road, Harrow, HA2 0ES, England, is committed to protecting your privacy and personal data.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Dilr voice AI platform ("Service", "Platform"). By using the Service, you consent to the data practices described in this policy.

We are the data controller for the personal data we process, unless otherwise stated. This policy complies with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Account Information

When you register for an account using Google OAuth, we collect:

Name and email address from your Google account
Profile picture (if provided by Google)
Organization name and details (if you create an organization account)
User role and permissions within your organization

2.2 Usage Data

We automatically collect information about your use of the Service:

Call records (duration, timestamps, participants, status)
Voice call recordings and transcripts
AI model usage (LLM tokens, TTS characters, STT minutes)
API requests and responses
Campaign execution data
Device information (browser type, operating system, IP address)
Access logs and security events

2.3 Contact Data

When you upload or create contacts:

Contact names and phone numbers
Contact metadata (groups, tags, custom fields)
Call history with contacts
Contact preferences and consent records

2.4 Payment Information

Payment data is processed by our third-party payment processors (Stripe and Razorpay). We do not store complete credit card numbers or payment credentials. We retain:

Transaction history and invoice records
Token purchase records
Billing address information

2.5 Communications

We collect information from your communications with us:

Support tickets and correspondence
Feedback and survey responses
Email communications

2.6 Identity Verification Data

For users who opt to verify their identity for enhanced features, we may collect:

Government-issued ID documents (processed securely and not stored after verification)
Verification status and timestamp
Country of document issuance

2.7 Twilio Account Information

If you connect your own Twilio account for outbound campaigns:

Twilio Account SID (stored)
Twilio Auth Token (encrypted and stored securely)
Connection status

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

Creating and managing your account
Processing and routing voice calls
Recording and transcribing calls
Executing voice call campaigns
Providing AI-powered voice agents
Managing contact databases
Processing payments and billing

3.2 Service Improvement

Analyzing usage patterns to improve the Platform
Developing new features and functionality
Training and improving AI models
Monitoring and optimizing performance

3.3 Communication

Sending service notifications and updates
Providing customer support
Sending billing and payment information
Communicating about policy changes
Notifying you of pricing changes at least 30 days in advance

3.4 Security and Compliance

Detecting and preventing fraud and abuse
Ensuring Platform security and integrity
Complying with legal obligations
Enforcing our Terms and Conditions

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Contract Performance: Processing necessary to provide the Service under our Terms and Conditions
Legitimate Interests: Improving our Service, security, fraud prevention, and business operations
Legal Obligation: Compliance with applicable laws and regulations
Consent: Where you have given explicit consent (you may withdraw consent at any time)

5. Third-Party Service Providers

We share your data with trusted third-party service providers:

5.1 Infrastructure and Hosting

Google Cloud Platform (GCP)
Hosts our infrastructure, databases, and storage. Data may be processed in GCP data centers in Europe.
Privacy Policy: https://cloud.google.com/privacy

5.2 Telephony Services

Twilio Inc.
Provides voice calling infrastructure, phone number provisioning, and call routing. For outbound campaigns, you connect your own Twilio account and calls are billed directly to your Twilio account.
Privacy Policy: https://www.twilio.com/legal/privacy

5.3 AI Model Providers

OpenAI (Language Models)
Processes call transcripts and provides conversational AI capabilities.
Privacy Policy: https://openai.com/policies/privacy-policy

Deepgram (Speech-to-Text)
Transcribes voice call audio to text.
Privacy Policy: https://deepgram.com/privacy

ElevenLabs (Text-to-Speech)
Converts text to natural-sounding voice for AI agents.
Privacy Policy: https://elevenlabs.io/privacy

5.4 Payment Processors

Stripe and Razorpay
Process payment transactions securely. We do not store complete payment card details.
Stripe Privacy: https://stripe.com/privacy
Razorpay Privacy: https://razorpay.com/privacy

5.5 Authentication

Google OAuth
Provides secure authentication services.
Privacy Policy: https://policies.google.com/privacy

These third parties are contractually obligated to protect your data and use it only for the purposes we specify.

6. Data Storage and Retention

6.1 Storage Location

Your data is primarily stored on Google Cloud Platform servers located in Europe (europe-west2 region). Call recordings and uploads are stored in Google Cloud Storage buckets.

6.2 Retention Periods

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

Account data: Retained while your account is active, plus 90 days after account closure
Call recordings and transcripts: Retained indefinitely unless you delete them or close your account
Usage logs: Retained for 12 months for security and analytics
Billing records: Retained for 7 years for accounting and tax purposes
Support communications: Retained for 3 years

6.3 Data Deletion

You may request deletion of your data at any time. Upon account termination, you have 30 days to export your data before permanent deletion.

7. Data Security

We implement comprehensive security measures to protect your data:

Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Control: Role-based access control (RBAC) and principle of least privilege
Authentication: OAuth 2.0 and JWT-based authentication
Infrastructure Security: GCP security features, VPC networks, private IP addresses
Monitoring: Continuous security monitoring and audit logging
Incident Response: Documented procedures for security incidents
Regular Updates: Security patches and updates applied promptly
Credential Security: Third-party credentials (like Twilio tokens) are encrypted using industry-standard symmetric encryption

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Your Data Protection Rights

Under GDPR and CCPA, you have the following rights regarding your personal data:

8.1 Right to Access

You can request a copy of your personal data. Most data is accessible through your account dashboard.

8.2 Right to Rectification

You can update incorrect or incomplete personal data through your account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data, subject to legal retention requirements.

8.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another service.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority:
UK: Information Commissioner's Office (ICO) - https://ico.org.uk
EU: Your local supervisory authority
California: California Attorney General - https://oag.ca.gov

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at contact@dilr.ai. We will respond within 30 days (or as required by applicable law).

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Categories of Personal Information

We collect the following categories of personal information:

Identifiers (name, email, IP address)
Commercial information (purchase history, usage data)
Internet activity (browsing history, API usage)
Audio recordings (call recordings)
Professional information (organization, role)

9.2 Sale of Personal Information

We do not sell your personal information. We do not share personal data with third parties for monetary consideration.

9.3 CCPA Rights

You have the right to:

Know what personal information we collect, use, and disclose
Request deletion of your personal information
Opt-out of the sale of personal information (not applicable as we don't sell)
Non-discrimination for exercising your CCPA rights

10. Cookies and Tracking Technologies

10.1 What We Use

We use cookies and similar tracking technologies to:

Maintain your login session
Remember your preferences
Analyze usage patterns
Improve Platform performance

10.2 Types of Cookies

Essential Cookies: Required for authentication and basic functionality
Analytics Cookies: Help us understand how users interact with the Platform
Preference Cookies: Remember your settings and choices

10.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Platform functionality.

11. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, particularly:

United States (for AI processing by OpenAI, Deepgram, ElevenLabs)
European Economic Area (for GCP and primary data storage)

When we transfer data internationally, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Additional security measures to protect your data

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at contact@dilr.ai, and we will delete such information.

Dilr provides comprehensive tools to help you comply with call recording laws, including:

Automatic recording announcements configurable for one-party or two-party consent jurisdictions
Built-in consent tracking and documentation systems
Customizable AI agent prompts to announce recording at the start of calls
Compliance workflows to ensure proper notice is given to call participants
Consent record storage and management

While we provide these compliance tools to assist you, you remain responsible for using them appropriately and ensuring your call recording practices comply with all applicable laws in your jurisdiction.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes by:

Sending an email to your registered email address
Posting a notice on the Platform
Updating the "Last Updated" date at the top of this policy

Material changes will take effect 30 days after notification. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Data Controller Information

The data controller responsible for your personal data is:

Dilr.Ai Ltd
Company Registration Number: 16842656
Registered Office: 92 East Croft House, 86 Northolt Road, Harrow, HA2 0ES, England

If you are located in the EEA or UK, we are the data controller for the purposes of GDPR.

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Dilr.Ai Ltd
92 East Croft House, 86 Northolt Road
Harrow, HA2 0ES
England

Company Registration Number: 16842656
Email: contact@dilr.ai
Website: https://dilr.ai