Privacy Policy

Introduction

PaulSpeaks Secretary is operated by PaulSpeaks Ltd, a company registered in the United Kingdom. We are committed to protecting your privacy and ensuring your personal data is handled in accordance with UK GDPR and data protection laws.

This privacy policy explains how we collect, use, store, and protect your information when you use our AI receptionist service designed for tradespeople and contractors.

If you have any questions about this policy, please contact us at hello@paulspeaks.com

Information We Collect

Account Information

• Business name and trading name
• Contact details (email address, phone number)
• Business address and location
• Trade or profession (e.g., plumber, electrician, builder)
• Payment information (processed securely via Stripe)

Business Data

• Customer details (names, phone numbers, addresses)
• Job bookings and appointments
• Expense records and income tracking
• Voice command transcripts (AI conversation history)
• Lead information and follow-up notes
• Invoice data and financial records

Technical Information

• Device type and browser information
• IP address and approximate location
• Usage data (features used, login times)
• Session cookies for authentication

How We Use Your Information

We use your information to:

• Provide and maintain the PaulSpeaks Secretary service
• Process voice commands through our AI assistant (Sarah)
• Store and organize your business records securely
• Send booking confirmations and reminders to your customers
• Process payments and manage subscriptions
• Provide customer support and respond to enquiries
• Improve our service and develop new features
• Send important service updates and notifications
• Comply with legal and regulatory obligations

Third-Party Services

We use trusted third-party services to provide and improve our service. Your data may be processed by:

All third-party services we use are GDPR-compliant and maintain high security standards.

Data Storage and Security

Where We Store Your Data

Your data is stored in secure cloud servers provided by Supabase. Database servers may be located in the EU or other regions that provide adequate data protection under UK GDPR standards.

How We Protect Your Data

• End-to-end encryption for data in transit (HTTPS/TLS)
• Encryption at rest for database storage
• Secure authentication and session management
• Regular security audits and updates
• Access controls and role-based permissions
• Automated backups to prevent data loss

Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data will be retained for 90 days to allow reactivation, after which it will be permanently deleted unless required by law.

Your Rights Under UK GDPR

You have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (right to be forgotten)
• Export: Receive your data in a portable format (CSV/JSON)
• Restriction: Limit how we process your data
• Object: Object to processing of your data for certain purposes
• Withdraw consent: Cancel your account and stop processing at any time

To exercise any of these rights, please contact us at hello@paulspeaks.com. We will respond within 30 days.

Cookies and Tracking

We use minimal cookies to ensure the service functions properly:

• Essential cookies: Session authentication and security tokens
• Preference cookies: Remember your settings and preferences

We do not use advertising cookies or third-party tracking scripts.

By using our service, you consent to our use of essential cookies. You can disable cookies in your browser settings, but this may affect functionality.

Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties except in the following circumstances:

• Service providers: OpenAI, Supabase, and Stripe as described above
• Legal requirements: If required by law, court order, or regulatory authority
• Business transfer: In the event of a merger, acquisition, or sale of assets (you will be notified)
• With your consent: When you explicitly authorize us to share your information

Children's Privacy

PaulSpeaks Secretary is a business service intended for professional tradespeople and contractors aged 18 and over. We do not knowingly collect information from anyone under the age of 18. If you are under 18, please do not use this service or provide any personal information.

International Data Transfers

Some of our service providers (OpenAI, Supabase) may process data outside the UK and EU. In such cases, we ensure:

• Adequate data protection safeguards are in place
• Standard Contractual Clauses (SCCs) are used where applicable
• Providers maintain GDPR-equivalent standards

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by:

• Updating the "Last updated" date at the top of this page
• Sending an email notification to your registered email address
• Displaying a notice in your dashboard

Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your data, please contact us:

We aim to respond to all privacy enquiries within 30 days in accordance with UK GDPR requirements.