Turnless← Back to Turnless

Privacy Policy

Last updated: 25 February 2026.

1. Introduction

Turnless ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered phone receptionist service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, business name, phone number, and payment information
  • Business Information: Business hours, services offered, pricing, and other business details you provide during onboarding
  • Communications: Messages you send to us, support requests, and feedback

2.2 Information Collected Automatically

  • Call Data: Phone numbers, call duration, timestamps, call recordings, and transcripts
  • Usage Data: How you interact with our Service, features used, and performance metrics
  • Device Information: IP address, browser type, operating system, and device identifiers
  • Cookies: We use cookies and similar tracking technologies (see our Cookie Policy)

2.3 Information from Third Parties

  • Payment Processors: Payment confirmation and billing information from Stripe
  • Calendar Services: Appointment data from Google Calendar, Microsoft Outlook, or Apple Calendar
  • Telephony Services: Call metadata from Twilio

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process your transactions and manage your account
  • Answer incoming calls on your behalf using AI
  • Schedule appointments and manage your calendar
  • Send you service updates, security alerts, and administrative messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyse usage patterns and trends
  • Detect, prevent, and address technical issues and fraudulent activity
  • Comply with legal obligations and enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your personal data based on:

  • Contract Performance: Processing necessary to provide our Service to you
  • Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
  • Legal Obligation: Complying with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

5.1 Service Providers

AnthropicAI processing for call handling
TwilioTelephony services
StripePayment processing
AWSCloud hosting and infrastructure
ElevenLabsVoice synthesis

5.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, subpoenas).

6. Data Retention

  • Account Data: Retained while your account is active and for 90 days after closure
  • Call Recordings: Retained for 90 days unless you request deletion
  • Transaction Records: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Aggregated and anonymised data may be retained indefinitely

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your personal data
  • Restriction: Request restriction of processing
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@turnless.ai

8. Data Security

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication (including two-factor authentication)
  • Employee training on data protection
  • Incident response procedures

No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission and adequacy decisions where applicable.

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date. For material changes, we will provide additional notice via email.

12. Contact Us

Email: privacy@turnless.ai

Data Protection Officer: dpo@turnless.ai

You have the right to lodge a complaint with your local data protection authority.