← Back to homePrivacy Policy
Last updated: April 2026
This Privacy Policy explains how Coastline Automation Ltd (trading as RingCatch) collects, uses, and protects personal data. It applies to two audiences: (1) visitors to ringcatch.ai who enquire about our services, and (2) callers who interact with RingCatch AI voice agents on behalf of our clients.
1. Who We Are
Data Controller (for website visitors): Coastline Automation Ltd
Data Processor (for callers to client businesses): Coastline Automation Ltd processes caller data on behalf of our clients, who are the Data Controllers for their callers' personal data.
Coastline Automation Ltd
Registered in England and Wales · Company No. 17046438
Registered address: 11 Ashdown Ave, Saltdean, BN2 8AH
ICO registration number: C1902158
Contact: richard@coastlineautomation.co.uk
2. Personal Data We Collect
From website visitors:
- Name, email address, phone number (via Calendly booking form or contact form)
- IP address, browser type, and device information (via analytics cookies, where consent is given)
- Any information you voluntarily provide by email or enquiry form
From callers to RingCatch AI agents:
- Phone number (captured automatically by Twilio telephony infrastructure)
- Name, job type and service required, location or postcode, urgency level (all provided verbally during the call)
- Call recording (full audio, stored securely by Retell AI)
- Call transcript (generated by Retell AI's speech-to-text system)
- Call metadata: date, time, duration, and call outcome
- Structured lead data extracted from the conversation
3. How We Use Your Data and Our Lawful Basis
- Responding to website enquiries and booking consultations — Legitimate Interest / Consent
- Delivering structured lead information to the client business via SMS, email, and WhatsApp — Contract performance
- Call recording for quality assurance and dispute resolution — Legitimate Interest
- Monitoring and improving AI agent performance (Pro tier) — Legitimate Interest
- Sending automated missed-call callbacks (one attempt only) — Contract performance
- Providing monthly performance summaries to clients — Contract performance
We do not use caller data for marketing purposes, sell personal data to third parties, or use personal data to train third-party AI models.
4. Sub-Processors and International Transfers
We use the following sub-processors. Where data is transferred outside the UK, we ensure adequate safeguards are in place:
| Sub-processor | Purpose | Location | Safeguard |
|---|
| Retell AI | Voice AI, call recording, transcription | USA | UK IDTA or equivalent |
| Twilio | Telephony, SMS delivery, outbound callbacks | USA | UK IDTA or equivalent |
| Google (Workspace, Sheets) | Email delivery, call log storage | USA/EU | Google DPA + SCCs |
| n8n | Workflow automation | EU (Ireland) | EU-hosted, no transfer issue |
| Calendly | Consultation booking | USA | UK IDTA or equivalent |
5. Data Retention
- Call recordings and transcripts: 60–90 days from the date of the call, then permanently deleted
- Structured lead data (Google Sheets call log): 12 months, then anonymised or deleted
- Website visitor data via Calendly: subject to Calendly's own retention policy
- Client relationship data: duration of the client relationship plus 6 months after termination
6. AI-Specific Transparency
- Calls to our clients' numbers may be answered by an AI voice agent. The agent identifies itself as an AI assistant at the start of every call.
- The AI captures structured information from the conversation and delivers it to the business owner. It does not make decisions with legal or significant effects on callers.
- The AI does not provide quotes, accept bookings, or commit the business to any service.
- Call recordings may be reviewed by a human for quality assurance purposes.
- Callers can ask to leave a message for the business owner if they prefer not to speak with the AI.
7. Security
We apply appropriate technical and organisational security measures including encryption of data in transit (TLS/HTTPS), access restricted to authorised personnel only, and sub-processors maintaining their own security certifications. In the event of a personal data breach, we will notify affected clients within 24 hours of becoming aware.
8. Your Rights
Under UK GDPR you have the right to: access your data, rectification, erasure, restrict processing, data portability, object to processing, withdraw consent, and lodge a complaint with the ICO at ico.org.uk.
To exercise any of these rights, contact us at: richard@coastlineautomation.co.uk
9. Changes to This Policy
We may update this Privacy Policy from time to time. Continued use of our service following any changes constitutes acceptance of the updated policy.