Privacy Policy

Last updated: March 2026

1. Who we are

This privacy policy explains how Coastline Automation Ltd (“we”, “us”, “our”), trading as RingCatch, collects, uses, stores, and protects personal data.

Coastline Automation Ltd is a company registered in England and Wales.

Company number: [COMPANY_NUMBER]
Registered office: [REGISTERED_ADDRESS]
Contact email: richard@coastlineautomation.co.uk
ICO registration number: [ICO_NUMBER]

We operate the website ringcatch.ai and provide a managed AI phone receptionist service (“RingCatch”) to trade businesses across the United Kingdom.

2. Who this policy applies to

This policy covers two groups of people:

Website visitors: People who visit ringcatch.ai, book consultations via our scheduling tool, or contact us by email.

Callers: People who call a phone number answered by a RingCatch AI agent on behalf of one of our client businesses. If you have called a business that uses RingCatch, this section explains how your data is handled.

If you are a caller to a business that uses RingCatch, that business is the “Data Controller” for your personal data — they determine why your data is collected (to receive your business enquiry). Coastline Automation Ltd acts as the “Data Processor” — we process your data on behalf of that business in order to deliver the RingCatch service to them.

3. What personal data we collect

From website visitors:

Name, email address, and phone number (when you book a consultation or contact us directly)
Technical data including IP address, browser type, device information, and pages visited (collected via cookies — see our Cookie Policy)
Any additional information you voluntarily provide to us by email or during a consultation call

From callers to RingCatch agents:

Your phone number (captured automatically when you call)
Your name (if provided during the conversation)
Details of the service you need, including job type, location, and urgency (provided during the conversation)
A recording of the call (audio)
A transcript of the call (text, generated from the audio)
Call metadata, including the date, time, and duration of the call
Structured lead data extracted from the conversation (a summary of your name, requirements, location, and urgency)

We do not intentionally collect special category data (such as health information, religious beliefs, or ethnic origin). However, callers may occasionally disclose such information during a conversation. Where this happens, the data is captured in the call recording but is not specifically extracted or processed.

4. How we use your data

Website visitor data is used to:

Respond to your enquiry or consultation booking
Provide you with information about RingCatch services
Improve our website and user experience
Comply with legal obligations

Caller data is used to:

Deliver a structured summary of your enquiry to the business you called, via SMS and email, so they can follow up with you
Attempt to call you back if your original call was not answered (one automated callback attempt only, in compliance with UK regulations)
Monitor and improve the quality and accuracy of the AI agent
Provide monthly performance summaries to the client business (in aggregate — individual caller details are not shared in summaries)
Resolve disputes or investigate complaints about the service

We do not:

Use your data to send you marketing communications
Sell your data to third parties
Use call recordings or transcripts to train third-party AI models
Make automated decisions that produce legal or similarly significant effects on you

5. Lawful basis for processing

Under the UK General Data Protection Regulation (UK GDPR), we must have a lawful basis for processing your personal data. The bases we rely on are:

Consent: When you book a consultation or submit your contact details through our website, you consent to us processing that data to respond to your enquiry.

Contract performance: When a caller contacts a business that uses RingCatch, we process the caller's data as necessary for the performance of the contract between Coastline Automation and the client business — specifically, to capture and deliver the lead information that the service is designed to provide.

Legitimate interest: We process call recordings and transcripts for quality assurance, service improvement, and dispute resolution. We have carried out a balancing test and determined that these interests do not override the rights and freedoms of the callers, given that callers are informed at the start of the call that it may be recorded, the recordings are retained for a limited period, and access is restricted. For clients on our Pro tier, call transcripts are reviewed by a human to identify improvements to the AI agent — callers are informed of this at the start of the call.

6. Call recording and AI transparency

RingCatch uses artificial intelligence (AI) voice technology to answer phone calls on behalf of our client businesses. When you call a number answered by RingCatch:

The AI agent will identify itself as an AI assistant at the start of the call
The call may be recorded for quality assurance and service improvement purposes
The AI will engage you in a natural conversation to understand your requirements
Information you provide is extracted and sent to the business you called

The AI does not make decisions that have legal or significantly impactful effects on you. It captures your enquiry and delivers it to the business — the business decides how to respond.

Call recordings may be reviewed by a human (the RingCatch service manager) for the purpose of improving the AI agent's accuracy and conversation quality. This review is carried out under our legitimate interest basis and is subject to the same retention limits and access controls as all other call data.

7. Who we share your data with

We share personal data with the following parties:

Our client businesses

If you call a number answered by RingCatch, a structured summary of your enquiry (name, requirements, location, urgency) is delivered to the business you called via SMS and email. The call recording and transcript are available to us (Coastline Automation) for quality assurance but are not routinely shared with the client business unless specifically requested and agreed.

Our service providers

We use the following third-party service providers to deliver the RingCatch service:

Service provider	What they do	Where they are based
Retell AI	Powers the AI voice agent, stores call recordings and transcripts	United States
Twilio	Provides the telephone number and call routing, delivers SMS messages	United States
Google (Workspace and Sheets)	Hosts email delivery and call log data	United States and European Union
n8n	Automates the workflow between the AI agent and the delivery of lead data	European Union
Calendly	Manages consultation bookings for website visitors	United States

We do not share your data with any other third parties, and we do not sell your data.

8. International data transfers

Some of our service providers are based in the United States. When your data is transferred outside the United Kingdom, we ensure that appropriate safeguards are in place in accordance with UK GDPR. These safeguards include:

UK International Data Transfer Agreements (IDTAs) with our US-based service providers
Standard Contractual Clauses (SCCs) where applicable
Reliance on the service provider's own data protection certifications and compliance frameworks (such as SOC 2 and ISO 27001)

If you would like more information about the specific safeguards in place for any transfer, please contact us at richard@coastlineautomation.co.uk.

9. How long we keep your data

We retain personal data only for as long as necessary for the purposes described in this policy.

Data type	Retention period
Call recordings (audio)	90 days from the date of the call, then automatically deleted
Call transcripts (text)	90 days from the date of the call, then automatically deleted
Structured lead data (name, requirements, location)	12 months, then anonymised or deleted
Call metadata (date, time, duration)	12 months, then deleted
Website visitor data (consultation bookings, contact form submissions)	For the duration of the business relationship or enquiry, then deleted within 6 months
Client business data (account information, billing)	For the duration of the client relationship plus 6 years (to meet UK legal and accounting requirements)

10. How we protect your data

We take the security of personal data seriously and have implemented appropriate technical and organisational measures, including:

All data is encrypted in transit using TLS/HTTPS
Access to call recordings, transcripts, and lead data is restricted to authorised personnel only
Our service providers maintain their own security certifications and standards (Twilio: SOC 2, ISO 27001; Google: SOC 2, ISO 27001)
We do not store call recordings or transcripts on our own servers — these are hosted by Retell AI under their security framework
Structured lead data stored in Google Sheets is protected by Google Workspace security controls including two-factor authentication

In the event of a personal data breach, we will notify the relevant client (Data Controller) without undue delay and within 24 hours of becoming aware of the breach. The client is responsible for notifying the Information Commissioner's Office (ICO) within 72 hours if required under UK GDPR.

11. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you.

Right to rectification: You can ask us to correct inaccurate or incomplete personal data.

Right to erasure: You can ask us to delete your personal data in certain circumstances (for example, if the data is no longer necessary for the purpose it was collected).

Right to restrict processing: You can ask us to temporarily limit how we use your data while a concern is being resolved.

Right to data portability: You can request that we provide your data in a structured, commonly used, machine-readable format.

Right to object: You can object to our processing of your data where we rely on legitimate interest as our lawful basis. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Right to withdraw consent: Where we process your data based on consent, you can withdraw that consent at any time.

Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

To exercise any of these rights, please contact us at richard@coastlineautomation.co.uk. We will respond to your request within 30 days.

If you are a caller to a business that uses RingCatch: Because the business you called is the Data Controller, we recommend contacting that business directly in the first instance. If you contact us, we will work with the relevant business to fulfil your request.

12. Cookies

Our website uses cookies. For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

13. Children's data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If a caller is under 16, their data will be handled in accordance with this policy and deleted upon request.

14. Changes to this policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or data processing practices. When we make significant changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

15. Contact us

If you have any questions about this privacy policy or how we handle your personal data, please contact us:

Email: richard@coastlineautomation.co.uk
Post: Coastline Automation Ltd, [REGISTERED_ADDRESS]