PRIVACY POLICY

Privacy Policy

Effective Date: 9 November 2025
Company: Axle Flow LTD (“Axle Flow”, “we”, “us”, “our”)
Website: https://axleflow.ai
Contact: [email protected]

Axle Flow LTD provides AI-powered call answering, chat and voice agents, CRM and automation systems, and related consulting and implementation services for businesses (the “Services”). We are committed to protecting the privacy of visitors to our website and individuals whose data we process when delivering our Services.

This Privacy Policy explains how we collect, use, store, and protect personal data in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR), where applicable

This Policy applies to:

  • Visitors to our website (axleflow.ai)

  • Prospective and existing business clients

  • Individuals whose data may be processed via our Services on behalf of our clients

If you do not agree with this Policy, please do not use our website or provide us with personal data.

1. Roles: Data Controller & Data Processor

Depending on the context, Axle Flow may act as:

Data Controller – when we determine how and why personal data is processed, for example:

  • Enquiries via our website or direct contact

  • Our own client records and communications

  • Our own marketing lists

  • Our internal service analytics and business operations

Data Processor – when we process personal data on behalf of our clients, for example:

  • Operating AI agents, call flows, messaging, booking workflows, or CRM/automation systems configured for them

  • Handling leads, enquiries, bookings, or support interactions via systems we run for a client

When we act as a processor:

  • Our client is the controller and is responsible for providing appropriate privacy information and lawful basis to their customers.

  • Our obligations are governed by our agreement and any applicable Data Processing Addendum (DPA).

2. Personal Data We Collect

The personal data we collect depends on how you interact with us.

2.1 Data You Provide Directly

For example:

  • Name

  • Business name and role

  • Email address

  • Phone number

  • Message/enquiry details

  • Billing and invoicing details (for clients)

  • Preferences or information about your Services and setup

2.2 Data Processed via Our Services (B2B Context)

When you are a client or we operate systems on your behalf, we may process (on your instructions or for our own limited purposes):

  • Lead and customer details (names, contact details)

  • Enquiry and booking details

  • Call metadata and call recordings/transcripts (where enabled)

  • Chat conversations and form submissions

  • Workflow and automation logs

  • Configuration details for your AI agents (FAQs, pricing, policies, availability, etc.)

We process this either:

  • As controller (for our own records, diagnostics, security, aggregated usage metrics), or

  • As processor (strictly on your instructions where we run systems for your end customers).

2.3 Technical & Usage Data

When you visit our website or online portals, we may collect:

  • IP address

  • Browser type and version

  • Device type and operating system

  • Pages visited, time on page, referring URLs

  • Basic diagnostic data relating to performance and security

This is used to operate, secure, and improve our Site and Services.

3. How We Use Personal Data & Legal Bases

3.1 When We Act as Controller

We use personal data for:

  • Responding to enquiries & demo requests

    • Legal basis: Legitimate interests / pre-contractual steps

  • Setting up and managing client accounts & Services

    • Legal basis: Contract / legitimate interests

  • Service communications & relevant updates
    (e.g. important changes to features, security, or terms)

    • Legal basis: Legitimate interests / contract

  • Marketing to relevant business contacts
    (e.g. content and offers relevant to your role or organisation)

    • Legal basis: Legitimate interests or consent (where required)

    • You can opt out at any time.

  • Operating, maintaining & securing our Site and systems

    • Legal basis: Legitimate interests

  • Compliance with legal, tax & regulatory obligations

    • Legal basis: Legal obligation

3.2 When We Act as Processor

When processing data on behalf of a client, we:

  • Process data only on their documented instructions;

  • Use it to operate the agreed AI agents, call flows, messaging, booking workflows, CRM/automation and reporting;

  • Implement appropriate security and confidentiality measures;

  • Do not use that data to market our own separate services to those individuals.

The client is responsible for:

  • Choosing a lawful basis

  • Providing privacy information to their customers

  • Managing individuals’ rights requests (we assist where required).

4. Marketing Communications

We may use your business contact details to send:

  • Information about Axle Flow features, content, or services relevant to your role or organisation.

You can opt out at any time by:

We do not sell your personal data.

5. Cookies & Tracking

We use cookies and similar technologies on our website.

As of the Effective Date:

  • We only use essential / strictly necessary cookies required to operate and secure the website and forms.

  • We do not currently use advertising or advanced analytics cookies that require consent.

Full details are set out in our Cookie Policy, which is available on our website.

If we introduce non-essential cookies (e.g. analytics, advertising, pixels) in future, we will:

  • Update our Cookie Policy; and

  • Implement appropriate consent mechanisms where required.

6. Sharing of Personal Data

We may share personal data with:

  • Service providers / sub-processors
    (e.g. hosting providers, CRM platforms, telephony/SMS services, analytics/security tools, AI infrastructure) solely to support our Site and Services.

  • Professional advisers
    (e.g. legal, compliance, finance) where necessary.

  • Regulators, authorities or law enforcement
    where required by law or to protect our rights, users, or systems.

Key principles:

  • We do not sell personal data.

  • We require third parties to implement appropriate security and data protection measures.

  • As a processor, we only appoint sub-processors in line with our client agreements and applicable law.

7. International Data Transfers

Some of our service providers or infrastructure may be located outside the UK.

Where personal data is transferred internationally, we will ensure appropriate safeguards are in place, such as:

  • UK or EU adequacy regulations; or

  • Standard Contractual Clauses or equivalent protections.

You can contact us for more details about specific safeguards.

8. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Policy or as required by law.

Indicative retention:

  • Enquiries & contact form data: typically up to 24 months from last meaningful interaction.

  • Client account, contract & billing records: typically 6–7 years (legal/tax).

  • System logs, call/chat records & workflow data (for client projects): as agreed in our contract/DPA or until deleted/obfuscated at the client’s request or end of engagement.

  • Marketing contact details: until you unsubscribe or we determine it is no longer appropriate to contact you.

When data is no longer needed, we will securely delete or anonymise it.

9. Security

We take appropriate technical and organisational measures, including:

  • Encrypted transmission (HTTPS/SSL where applicable);

  • Access controls and authentication;

  • Principle of least privilege for accounts and tools;

  • Use of reputable hosting and infrastructure providers;

  • Backups, monitoring, and security updates.

No method of transmission or storage is 100% secure, but we aim to maintain a level of security appropriate to the risk.

10. Your Rights (When We Are Controller)

Where we act as controller, you have rights under UK data protection law, including (subject to conditions):

  • Right of access – request a copy of your personal data;

  • Right to rectification – correct inaccurate or incomplete data;

  • Right to erasure – request deletion in certain circumstances;

  • Right to restrict processing – in specific situations;

  • Right to data portability – receive certain data in a structured, commonly used format;

  • Right to object – including to direct marketing;

  • Right to withdraw consent – where processing is based on consent.

To exercise these rights, contact us at [email protected]. We may need to verify your identity.

If we process your data on behalf of a client (as processor), we will direct you to contact that client, as they are the controller.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

11. AI, Calls & Automated Interactions

Where our AI agents, call flows, or chat systems interact with individuals:

  • Message content, call metadata, recordings, or transcripts may be logged to:

    • deliver the requested service,

    • provide records to our clients,

    • improve configuration and performance,

    • support security, fraud prevention, and diagnostics.

When acting as processor, we handle such data strictly under our client’s instructions and agreements.

Clients are responsible for ensuring their use of AI and telephony is transparent and lawful for their end users.

If you have questions about an interaction with an Axle Flow-operated system, you can contact us at [email protected].

12. Changes to This Privacy Policy

We may update this Policy from time to time (for example, if our Services, technology stack, or legal requirements change).

When we do:

  • We will update the Effective Date at the top; and

  • Provide additional notice where appropriate.

Please review this page periodically for the latest version.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle personal data, please contact:

Axle Flow LTD
Email: [email protected]