Privacy Policy

Last updated: May 1, 2026

1. Who we are

Invox AI ("Invox", "we", "us") provides an AI receptionist platform for tradespeople and service businesses. We are based in the United Kingdom. If you have any questions about this policy, contact us at support@invoxai.uk.

2. What data we collect

We collect:

  • Account data — your name, email, phone number, business details, and login credentials.
  • Caller and contact data — the phone numbers, names, voice recordings, transcripts, SMS content, and job details exchanged between your AI agent and the people who contact you.
  • Integration data — data from services you connect, such as Google Workspace (Calendar, Gmail, Sheets, Drive), Vonage, and Stripe.
  • Usage data — logs of agent actions, billing/credit events, and diagnostic information used to keep the service running.

3. How we use your data

We use your data solely to provide and improve the Invox AI service, which means:

  • Running your AI agents — answering calls, replying to texts, booking jobs.
  • Syncing appointments to your calendar and sending follow-up messages on your behalf.
  • Showing you call history, transcripts, and CRM records inside your dashboard.
  • Billing you for credits used and preventing fraud or abuse.
  • Providing customer support when you ask for it.

We do not sell your data. We do not use your data, or your callers' data, to develop, improve, or train any AI or machine-learning models — including our own models, third-party models, or general-purpose foundation models.

4. Google Workspace data (Limited Use)

When you connect a Google account, Invox AI requests permission to access your Google Calendar, Gmail, Google Sheets, and Google Drive — only to the extent needed for the feature you are using.

Invox AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, that means:

  • Calendar — we read your availability and write appointments your AI agent books. We do not share this with anyone else.
  • Gmail — we send emails as you (e.g. a follow-up quote) using only the gmail.send scope. We do not read your inbox, drafts, or any existing messages.
  • No AI/ML training on Google Workspace data. We do not use any data obtained through Google Workspace APIs (Calendar, Gmail, Sheets, Drive) to develop, improve, or train generalised AI/ML models, our own models, or any third-party models. Google Workspace data is used solely to power the user-facing features described above and is not retained for model training of any kind.
  • We do not transfer Google Workspace data to third parties, except as necessary to provide or improve user-facing features that are prominent in the Invox application's user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
  • We do not use Google Workspace data for advertising.
  • We do not allow humans to read your Google Workspace data, except (a) with your explicit consent for specific messages, (b) where necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations, and only where the data have been aggregated and anonymised.

You can disconnect your Google account from Invox at any time in Settings → Integrations, which revokes our access. You can also revoke access directly at myaccount.google.com/permissions.

5. Call recordings and transcripts

When your AI agent answers a call, the call is transcribed and may be recorded for quality assurance, tuning of your own agent's prompts and configuration, and dispute resolution. Call recordings and transcripts are never used to train AI/ML models — neither our own models, nor any third-party or general-purpose foundation models — and they are never combined with Google Workspace data. You can delete recordings and transcripts from your dashboard. Where UK law requires you to notify callers that calls are recorded, it is your responsibility to include that notice in your agent's greeting.

6. Who we share data with

We share data only with the service providers Invox needs to run:

  • Supabase (database & authentication)
  • Vercel (hosting)
  • Vonage (telephony & SMS)
  • Retell AI (real-time voice inference)
  • OpenAI and Anthropic (LLM inference)
  • Stripe (payments)
  • Google (when you choose to connect Google Workspace)
  • Sentry (error monitoring)

Each of these providers is bound by contract to handle data only for the purpose of providing their service to Invox.

7. Data retention

We keep account data for as long as your account is active. Call recordings and transcripts are retained for 90 days by default unless you change the setting. You can request deletion of your account and all associated data by emailing support@invoxai.uk.

8. Your rights (UK GDPR)

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Ask us to delete your data (subject to legal obligations).
  • Object to, or restrict, certain kinds of processing.
  • Ask for a copy of your data in a portable format.
  • Complain to the UK Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data.

To exercise any of these rights, email support@invoxai.uk.

9. Security

We encrypt data in transit (TLS) and at rest. OAuth tokens are encrypted with a key that only our application servers hold. Access to production systems is restricted to authorised team members and logged.

10. Changes to this policy

If we make material changes to this policy we will notify account holders by email at least seven days before the changes take effect.

11. Contact

For any privacy question or request, email support@invoxai.uk.