1. Who We Are

NAYA AI is a trading name operated by NAYA Systems Ltd, a company registered in England and Wales. Our registered address is available on request. We provide AI-powered sales systems for small and medium-sized businesses, including voice agents, lead qualification flows, automated follow-up sequences, and supporting analytics (collectively, the "Platform"). References to "we", "us", or "our" in this policy refer to NAYA Systems Ltd.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable privacy legislation. If you have any questions about this policy, please contact us at [email protected].

2. Information We Collect

2.1 Information You Provide Directly

Name, email address, and phone number when you submit an enquiry or apply to work with us
Business name, industry, and revenue details provided in onboarding forms
Payment and billing information (processed securely by Stripe; we do not store card details)
Communications you send us via email, chat, or contact forms

2.2 Information Collected Automatically

IP address, browser type, device type, and operating system
Pages visited, time on site, and referring URLs
Cookie and session data (see Section 4)

2.3 Call and Voice Data

Our Platform operates AI voice agents on behalf of our clients. In doing so, we may process:

Call recordings and transcripts generated by AI voice agents deployed for our clients
Lead and prospect contact data provided by our clients for use within the Platform
Interaction metadata including call duration, timestamps, and outcome classifications

Call recording and AI disclosure: Where our Platform places or receives calls on behalf of a client, the AI voice agent will identify itself as an automated system at the start of the call in accordance with applicable regulations, including the UK Privacy and Electronic Communications Regulations (PECR) and, where applicable, the US Telephone Consumer Protection Act (TCPA). Clients are responsible for ensuring they have obtained appropriate consent from their leads and prospects before deploying our voice agents to contact them.

3. How We Use Your Information

We process personal data on the following lawful bases:

Contract performance: To deliver the services you have engaged us for, including building, deploying, and maintaining your sales system.
Legitimate interests: To improve our Platform, prevent fraud, ensure platform security, and communicate service updates.
Legal obligation: To comply with applicable laws, regulatory requirements, and lawful requests from authorities.
Consent: To send marketing communications where you have opted in. You may withdraw consent at any time.

4. Cookies and Tracking

We use cookies and similar technologies to operate the website, analyse usage, and improve your experience. These include:

Essential cookies: Required for the website to function. Cannot be disabled.
Analytics cookies: Help us understand how visitors use the site (e.g. page views, session duration). Data is aggregated and anonymised.
Marketing cookies: Used to deliver relevant advertising where you have consented.

You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use the site.

5. How We Share Your Information

We do not sell or rent your personal data. We may share data with:

Service providers: Trusted third parties who assist in delivering our services, including cloud hosting providers, CRM platforms, telephony infrastructure providers, and payment processors. All are bound by data processing agreements.
AI and telephony sub-processors: We use third-party AI model providers and voice infrastructure services to power our voice agents. These providers process call data solely to deliver the service and are prohibited from using it for their own purposes.
Legal and regulatory bodies: Where required by law, court order, or to protect our legal rights.
Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Client account data: retained for the duration of the contract and up to 7 years thereafter for legal and financial compliance.
Call recordings and transcripts: retained for up to 90 days by default unless a client requests extended retention or earlier deletion.
Marketing enquiry data: retained for up to 2 years from last contact, or until you request deletion.
Website analytics data: retained in aggregated, anonymised form indefinitely.

7. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Rectify inaccurate or incomplete data
Erase your data ("right to be forgotten") where there is no overriding legal basis for retention
Restrict processing of your data in certain circumstances
Port your data to another provider in a machine-readable format
Object to processing based on legitimate interests or for direct marketing
Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. International Transfers

Some of our service providers are based outside the UK or EEA. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO or equivalent mechanisms.

9. Data Security

We implement industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and regular security reviews. No method of transmission over the internet is completely secure; we cannot guarantee absolute security but we take all reasonable steps to protect your information.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies before providing any personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available at scale.nayaai.io/privacy-policy. Continued use of our services after any changes constitutes acceptance of the revised policy.

12. Contact Us

NAYA Systems Ltd
Email: [email protected]