Privacy Policy
Last updated: 16 July 2026
This policy explains what personal data Dunefox Voice collects, why, where it is processed, and what rights you have over it. Dunefox Voice is operated by Sucetas Technologies UK Limited(“we”, “us”), a company registered in Coventry, United Kingdom. For data you submit to us directly, we are the data controller. Where our customers use Dunefox Voice to process their own contacts’ data, they are the controller and we act as a processor on their instructions.
Data we collect
- Account data — name, work email, phone number, workspace name, and your organisation’s industry and website, provided during sign-up.
- Authentication data — handled by Google Firebase Authentication. If you sign in with Google we receive your email address, name, and Google account identifier. We never receive or store your Google password.
- Call data — for calls placed or received through the platform: phone numbers, call time and duration, audio recordings where recording is enabled, transcripts, and AI-generated summaries and sentiment.
- Contact and lead data — information you or your team upload or that an AI agent captures during a call (name, phone, email, notes, intent).
- Knowledge base content — documents, web pages, and FAQs you upload so your agents can answer questions about your business.
- Usage and billing data — minutes used, calls placed, and subscription state.
- Technical logs — request logs and diagnostic logs used to operate and debug the service.
Calls are recorded and AI-assisted
Calls made through Dunefox Voice are handled by an automated AI agent and may be recorded and transcribed. If you are a customer using Dunefox Voice to call your own contacts, you are responsible for disclosing this and for obtaining any consent required in the jurisdictions you call into, including any applicable call-recording and automated-calling rules. We give you the controls; the legal basis for your campaigns is yours.
How we use it
- To provide the service — placing and receiving calls, running your AI agents, and showing you the results.
- To generate transcripts, summaries, and lead scoring from your calls.
- To answer questions during a call using your knowledge base.
- To meter usage and bill your subscription.
- To keep the service secure, diagnose faults, and prevent abuse.
We do not sell personal data, and we do not use your call content or knowledge base to train our own or any third party’s general-purpose AI models.
Where your data is processed
Dunefox Voice runs on Google Cloud Platform in the asia-south1 (Mumbai, India)region. This means that personal data you or your contacts provide — including call recordings and transcripts — is processed in India. Because we are a UK company, this is an international transfer under UK data protection law, and we rely on appropriate safeguards for it. If you require processing to remain in the UK or EEA, contact us before onboarding.
Who we share it with (sub-processors)
We use the following providers to deliver the service. Each receives only what it needs:
- Google Cloud Platform — hosting, application database for the knowledge base, secret storage, and logging (India).
- MongoDB Atlas — primary application database (organisations, agents, leads, calls, transcripts).
- Plivo — telephony: placing and receiving calls, and call recording storage.
- Google Cloud Speech-to-Text and Text-to-Speech — turning call audio into text and the agent’s replies into speech.
- Google Gemini — generating agent replies, call summaries, and extracted call data.
- Google Firebase Authentication — sign-in.
- ElevenLabs, Deepgram, Sarvam AI, OpenAI, Anthropic — alternative speech and language providers, used only where a workspace selects them.
- Stripe — payment processing. Card details go to Stripe directly; we never see or store them.
- Amazon SES / Google Workspace — transactional email such as summaries and team invitations.
If you connect an integration (for example Google Calendar, Gmail, Google Sheets, Zoho CRM, WhatsApp, or Telegram), data is shared with that provider under your instruction and their own privacy terms apply.
How long we keep it
- Account data — for as long as your workspace exists, then deleted or anonymised.
- Call recordings, transcripts, and lead data — retained while your workspace is active so you can review them. You can delete individual records at any time from the dashboard.
- Billing and usage records — retained as required for accounting and tax purposes.
- Diagnostic logs — retained for a short operational window and then discarded.
Security
- All traffic to and from the service is encrypted in transit (TLS).
- Data is encrypted at rest by our cloud providers.
- Provider credentials you store (for example your own telephony keys) are encrypted before being written to the database.
- Every record is scoped to your workspace; the application enforces isolation between tenants.
- Access to production systems is limited to staff who need it.
Your rights
If you are in the UK or the EEA you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and to receive a copy in a portable format. You may also complain to the UK Information Commissioner’s Office (ICO). To exercise any of these rights, email contact@dunefox.io.
If your data was given to one of our customers (for example, you spoke to an AI agent operated by a business using Dunefox Voice), that business controls your data. Please contact them directly; we will assist them in responding to you.
Cookies
We use cookies that are strictly necessary to run the service — principally to keep you signed in. We do not use advertising cookies.
Contact
Sucetas Technologies UK Limited, Coventry, United Kingdom.
General: contact@dunefox.io
Support: support@dunefox.io
Changes
We will update this policy as the service changes and will revise the date at the top. Material changes will be notified to workspace owners by email.