Skip to main content
Version:
Effective:
Last Updated:
We are Intavia LTD, a company registered in Cyprus. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website or use our online demo tools. If you are a customer using our AI receptionist platform to process caller data, the processing of that data is governed by our Data Processing Addendum (DPA), available at: Data Processing Agreement (DPA)

1. What this Privacy Policy covers

This policy applies to:
  • Visitors to our website (intavia.ai)
  • Users who interact with our online AI Receptionist demo widget
  • Individuals who submit contact forms or enquiries
  • Individuals who communicate with us by email or phone
This policy does not apply to caller data processed on behalf of our customers through the Intavia platform.

2. Personal data we collect

We collect the following categories of data depending on how you interact with us.

2.1 Information you provide voluntarily

  • First name
  • Last name
  • Email address
  • Business or contact details
  • Any information you submit through forms
  • Audio generated during the website AI demo
  • AI-generated transcripts of demo calls

2.2 Automatically collected data (“Usage Data”)

  • IP address
  • Browser and device type
  • Pages visited
  • Time spent on pages
  • Technical and diagnostic information
  • Cookies and similar tracking technologies

2.3 AI Demo–Specific Data

If you initiate a demo call on our website, we collect:
  • Audio of your call
  • AI-generated transcript
  • Session metadata including timestamps, call duration, and technical information

3. How and why we use your data

We process personal data for the purposes set out below, each with a lawful basis under UK/EU GDPR.
PurposeDescriptionLawful Basis
Provide our website and servicesTo operate, maintain, and deliver the website and online features.Legitimate interests (running and improving our services)
Respond to enquiries or requestsTo reply to messages and handle contact requests.Legitimate interests (communicating with users)
Provide the website AI Receptionist demoTo enable audio interactions and return demo responses.Legitimate interests (offering and evaluating interest in our services)
Improve the performance and quality of the demoTo troubleshoot issues, analyse interactions, and enhance the demo experience.Legitimate interests (service improvement)
Maintain security and prevent fraudTo secure the website and detect abusive or harmful behaviour.Legitimate interests (ensuring platform integrity)
Comply with our legal obligationsTo meet regulatory, tax, or record-keeping requirements.Legal obligation
We do not sell personal data.

4. AI Demo / Website Widget Call Processing

4.1 What we collect

When you use our AI demo widget, we process:
  • Your voice/audio
  • AI-generated transcript
  • Call/session metadata
  • Any information you verbally provide

4.2 How we use demo call data

We use this data to:
  • Provide the AI demo functionality
  • Diagnose performance issues
  • Improve demo accuracy and responsiveness
  • Respond if you request a follow-up
  • Maintain system safety and prevent abuse

4.3 AI Output Behaviour

Our AI receptionist uses machine-learning models that may:
  • Misinterpret speech
  • Generate inaccurate or fictional responses (“hallucinations”)
  • Incorrectly infer personal information
  • Produce synthetic or approximate language outputs
AI outputs must not be treated as factual.
AI hallucination alone is not a Personal Data Breach unless caused by a security incident.

4.4 Lawful basis for demo processing

  • Legitimate Interests (Article 6(1)(f)) — providing and improving the demo
  • Consent — only when you explicitly request follow-up communication or marketing

4.5 Third-party processors used for the demo

Demo interactions may be processed by:
  • AWS (EU – London) — hosting and infrastructure
  • Sentry (EU) — error monitoring
  • Datadog (EU) — performance monitoring
  • ElevenLabs (US) — speech processing and audio storage
All third parties act strictly under our instructions and cannot use demo data for their own purposes.

4.6 International transfers

Where demo data is processed outside the UK/EU, we use appropriate safeguards such as:
  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Addendum (IDTA)
  • Additional technical and organisational measures

4.7 Demo data retention

We retain demo audio and transcripts for: 30-90 days. After this period, they are permanently deleted. This retention applies only to the website demo widget. Customer platform data may follow different retention periods under the DPA.

4.8 Your rights regarding demo data

You may request:
  • Access to your demo call audio or transcript
  • Deletion
  • Correction of transcript inaccuracies
  • Restriction or objection to processing
  • Data portability (where applicable)
To exercise your rights, contact loic@intavia.ai.

5. Cookies and tracking technologies

We use cookies and similar technologies to:
  • Operate essential website functions
  • Maintain security
  • Understand website usage (if you consent to analytics cookies)
Where required, we display a cookie consent banner allowing you to accept or reject non-essential cookies. For full details, see our Cookie Policy.

6. How long we keep your data

Retention depends on the type of data:
  • Website form submissions: 12–24 months
  • AI demo call data: 30-90 days
  • Technical logs: 30–180 days
  • Email correspondence: as long as necessary to respond
  • Customer platform data: defined in the DPA
We retain data longer only if required by law or necessary to establish or defend legal claims.

7. Your GDPR rights

Under UK and EU GDPR, you have the right to:
  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where processing is based on consent)
  • File a complaint with a supervisory authority
UK regulator (ICO): https://ico.org.uk We will respond to all rights requests within the timelines set by GDPR.

8. Security

We use appropriate technical and organisational measures to protect personal data, including:
  • Encryption in transit (TLS)
  • Role-based access controls and MFA
  • Secure cloud hosting (AWS)
  • Logging and monitoring (Sentry, Datadog)
  • Vulnerability scanning and dependency monitoring
  • Abuse and rate-limit protections
For detailed security measures relevant to customer platform data, refer to our DPA.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and may provide additional notice where appropriate.

10. Contact us

If you have any questions about this Privacy Policy or how we process your data: Email: loic@intavia.ai
Controller: Intavia LTD
Registered address:
Charilaou Xyloforou 13
Agios Athanasios, 4103
Limassol, Cyprus