Privacy Policy

Last updated: May 22, 2026

1. Introduction

Welcome to Dial Milo. This Privacy Policy explains how Inhype Live Limited ("we," "us," or "our"), a company registered in the United Kingdom (Company Number: 13379772), collects, uses, discloses, and protects your personal information when you use our AI receptionist service at dialmilo.com (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

Contact Information:

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

  • Name and email address
  • Business name and (optionally) billing address used to generate invoices
  • Payment information (processed securely through Stripe — we never see your full card number)
  • Profile information you choose to provide

Receptionist Configuration:

  • Scripts, voice and tone settings, business hours, compliance toggles
  • Knowledge base content you upload (PDFs, URLs, text snippets) used to teach the AI about your business
  • Connected phone numbers and forwarding settings
  • Integration credentials and configuration (e.g. Google Calendar connection)

Communication Data:

  • Inbound and outbound caller phone numbers (Call Detail Records)
  • Call audio recordings and transcripts
  • Call duration, timestamps, and outcomes (transfer, message taken, appointment booked, etc.)
  • Messages and notes the AI captures from callers on your behalf
  • Account balance and transaction history

2.2 Information Collected Automatically

Technical Information:

  • IP address and device information
  • Browser type and version
  • Usage statistics and analytics
  • Cookies and similar tracking technologies (session, security, and basic analytics)

Call Quality Data:

  • Network performance metrics
  • Audio quality indicators
  • Connection diagnostics

3. How We Use Your Information

We process your personal information on the following legal bases:

3.1 Contract Performance (Article 6(1)(b) GDPR)

We use your information to:

  • Provide and maintain the AI receptionist service
  • Answer your incoming calls, transcribe them, and take the actions you have configured (transfer, take a message, book an appointment, send SMS, etc.)
  • Manage your account and billing
  • Generate invoices and email receipts
  • Provide customer support

3.2 Legitimate Interests (Article 6(1)(f) GDPR)

We may use your information to:

  • Improve our service quality and user experience
  • Detect and prevent fraud and abuse (e.g. unusual calling patterns)
  • Ensure network and platform security and stability
  • Analyse aggregated usage patterns to optimise our infrastructure

3.3 Legal Obligations (Article 6(1)(c) GDPR)

We may process your information to:

  • Comply with legal and regulatory requirements
  • Respond to lawful requests from authorities
  • Maintain records as required by telecommunications and tax regulations

3.4 Consent (Article 6(1)(a) GDPR)

With your consent, we may:

  • Send you marketing communications
  • Use non-essential cookies for analytics
  • Share information with third parties for specific purposes

4. Caller Information and Your Responsibilities

When the Service answers a call on your behalf, we process information about the caller (a third party) — including their phone number, the audio of the conversation, and a written transcript. As the operator of the receptionist, you are the controller of that caller information with respect to your business relationship with the caller; we act as your processor for that data.

You are responsible for:

  • Configuring the Service to disclose to callers that they are speaking with an AI agent and that the call is being recorded, where required by your jurisdiction (the Service provides toggles for this in your dashboard)
  • Honouring caller opt-out requests and data subject requests passed to you
  • Posting a privacy notice for your callers where required

We will assist you in responding to caller data requests (e.g. deletion of a specific call recording) — contact us at [email protected].

5. Data Retention

We retain your personal information only as long as necessary:

  • Call Detail Records (CDR): retained for the lifetime of your account so you can review them in your dashboard; you may delete individual calls at any time
  • Call recordings and transcripts: retained for the lifetime of your account, or until you delete them; deleted within 30 days of account closure
  • Knowledge base content: retained until you delete it or close your account
  • Account information: duration of your account, plus 6 years after closure for tax and legal compliance
  • Payment records and invoices: 7 years (legal and accounting requirements)
  • Technical logs: 30 days
  • Marketing consent records: until consent is withdrawn

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers (Sub-processors)

We use the following categories of sub-processors to operate the Service:

  • Payment processor (Stripe): processes your payment information; PCI-DSS compliant
  • AI providers: process call audio in real time to power the AI receptionist; also process knowledge base content to generate embeddings for retrieval
  • Telephony carrier(s): route inbound calls to the Service and route outbound transfers and SMS
  • Cloud infrastructure providers: host the Service and store call recordings, transcripts, and your account data
  • Email delivery provider: sends transactional emails such as receipts and account notifications
  • Analytics providers: monitor usage and performance of the Service
  • Calendar / CRM / messaging integrations you opt into (e.g. Google Calendar): receive only the data needed to perform the integration you have enabled

All sub-processors are bound by data processing agreements and process data only on our documented instructions. A current list of sub-processors is available on request at [email protected].

6.2 Legal Requirements

We may disclose information when required by law, including:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security requirements
  • Protection of our legal rights

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

7. International Data Transfers

Your information may be transferred to and processed in countries outside the UK/EEA, including the United States (where many of our sub-processors are based). When we transfer data internationally, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms
  • Adequacy Decisions: transfers to countries with adequate data protection
  • Your explicit consent: for specific transfers with your knowledge

8. Your Rights Under GDPR

You have the following rights regarding your personal information:

8.1 Right to Access (Article 15)

Request a copy of the personal data we hold about you.

8.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete information.

8.3 Right to Erasure (Article 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

8.4 Right to Restrict Processing (Article 18)

Limit how we use your information in certain circumstances.

8.5 Right to Data Portability (Article 20)

Receive your data in a machine-readable format and transfer it to another provider.

8.6 Right to Object (Article 21)

Object to processing based on legitimate interests or direct marketing.

8.7 Right to Withdraw Consent (Article 7(3))

Withdraw consent at any time for consent-based processing.

8.8 Right to Lodge a Complaint

File a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

To exercise your rights, contact us at: [email protected]

We will respond to your request within 30 days. Many of these rights can also be exercised directly from your dashboard (e.g. deleting individual calls, closing your account).

9. Security Measures

We implement appropriate technical and organisational measures to protect your data:

Technical Safeguards:

  • TLS encryption for all data in transit
  • Encryption at rest for call recordings, transcripts, and knowledge base content
  • HttpOnly, secure session cookies; CSRF protection on state-changing requests
  • Idempotent payment processing and transactional audit logs
  • Regular security review

Organisational Measures:

  • Access controls and authentication for our staff
  • Data processing agreements with sub-processors
  • Incident response procedures
  • Principle of least privilege for production access

10. Call Recording and Transcription

The Service records and transcribes calls answered by the AI receptionist. Recordings and transcripts are stored against your account so you can review what was said and how the AI responded.

Important — caller disclosure:

Many jurisdictions require that callers be informed when a call is being recorded or when they are speaking with an AI rather than a human. The Service exposes compliance toggles in your dashboard to enable AI disclosure, recording disclosure, and opt-out handling. You are responsible for enabling the toggles required in your jurisdiction.

You may delete individual call recordings and transcripts from your dashboard at any time. Deleted recordings are removed from primary storage immediately and from backups within 30 days.

11. Children's Privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at [email protected].

12. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Strictly necessary cookies: session management, security (CSRF), and authentication. These cannot be disabled.
  • Analytics cookies: to understand how the Service is used and improve it. You can decline these.

We do not use third-party advertising cookies.

13. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the ICO within 72 hours of becoming aware
  • We will notify you without undue delay if the breach poses a high risk
  • Notifications will include the nature of the breach and remedial actions

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or Service notification
  • Obtain consent if required by law

15. Contact Us

For privacy-related questions, requests, or concerns:

Email: [email protected] Subject Line: Privacy Request

Data Protection Officer: Available upon request

Postal Address: Inhype Live Limited United Kingdom Company Number: 13379772

UK Supervisory Authority: Information Commissioner's Office (ICO) Website: https://ico.org.uk Helpline: 0303 123 1113


© 2026 Inhype Live Limited. All rights reserved.