Privacy

Privacy Policy

This page is maintained by CallMate to explain what personal data we collect and how we use it. It is not an independent certification.

Last updated: 18 June 2026

CallMate ("we", "us", "our") provides a missed call text back and lead capture service to UK businesses. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have under the UK GDPR and the Data Protection Act 2018.

1. Who we are

CallMate is operated from the United Kingdom. For questions about this policy or your data, contact privacy@getcallmate.co.uk.

2. Information we collect

  • Account information — name, business name, email address, phone number, password (hashed).
  • Communications data — phone numbers of callers, call metadata (time, duration, status) and SMS message content sent or received through your account.
  • Billing information — handled by our payment processor (Stripe). We never store full card numbers.
  • Usage data — log files, IP address, browser type, pages viewed, for security and product analytics.

3. How we use your data

  • Provide and operate the CallMate service.
  • Send auto-reply SMS messages on your behalf.
  • Process payments and send invoices.
  • Provide customer support.
  • Improve the service, prevent fraud, and meet legal obligations.

4. Legal bases (UK GDPR)

We process personal data under one of the following lawful bases: performance of a contract, legitimate interests (e.g. service security and improvement), consent (e.g. marketing emails), or legal obligation.

5. Sharing your data

We share data only with the sub-processors we need to run the service — including Twilio (telephony), Stripe (payments), Supabase (hosted database and auth) and our cloud hosting provider. We do not sell personal data.

6. Retention

Account data is retained while your subscription is active and for up to 12 months after cancellation. Call and SMS records are retained for a rolling 24 months unless you request earlier deletion. Billing records are retained for 7 years to meet HMRC requirements.

7. Your rights

You have the right to access, correct, delete, restrict or port your personal data, and to object to certain processing. Submit a request to privacy@getcallmate.co.uk. You also have the right to complain to the Information Commissioner's Office (ICO).

8. International transfers

Where data is processed outside the UK, we rely on UK-approved safeguards such as the International Data Transfer Agreement (IDTA) or the UK addendum to the Standard Contractual Clauses.

9. Security

We use encryption in transit (TLS), encryption at rest for the database, role- based access controls, and regular security reviews. No system is 100% secure, but we work hard to protect your information.

10. Changes

We may update this policy. Material changes will be notified by email or in-app notice at least 14 days before they take effect.

See also our Cookie Policy and GDPR information.