GDPR & Data Protection

Our role

For your account data, CallMate acts as a data controller. For the personal data of your callers and leads that flows through your account, CallMate acts as a data processor on your behalf.

Your rights

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making and profiling

To exercise any of these rights, email privacy@getcallmate.co.uk. We aim to respond within 30 days.

Data Processing Agreement

Business customers can request our Data Processing Agreement (DPA) for signature. Email legal@getcallmate.co.uk.

Sub-processors

We use a small set of carefully chosen sub-processors to deliver the service, including Twilio (telephony), Stripe (payments), Supabase (database & auth) and our cloud hosting provider. A current list is available on request.

International transfers

Where personal data is transferred outside the UK or EEA, we rely on UK-recognised safeguards such as the UK International Data Transfer Agreement (IDTA) or the UK addendum to the EU Standard Contractual Clauses.

Security

We use TLS in transit, encryption at rest, role-based access controls, and audit logging. Find more detail in our Privacy Policy.

Reporting a concern

If you believe your data has been mishandled, email privacy@getcallmate.co.uk. You may also contact the UK Information Commissioner's Office (ICO).