Privacy Policy
TJP365 Ltd t/a RingDesk - Last updated: May 2026
1. Who we are
RingDesk is an AI-powered telephone call answering service operated by TJP365 Ltd, a company registered in England and Wales (Company No. 15457512), registered at 55-57 Station Road, Edgware, England, HA8 7HX.
In this policy "we", "us", and "our" mean TJP365 Ltd. You can contact us at privacy@ringdesk.co.uk.
2. What this policy covers
This policy describes how we collect, use, store, and share personal data when you:
- Create and use a RingDesk account (account holders and admin users)
- Call a telephone number powered by RingDesk (callers)
- Visit our website or admin dashboard
If you are a business customer using RingDesk to answer calls on your behalf, you are the Data Controller for personal data collected during those calls. We act as your Data Processor. Our Data Processing Agreement (incorporated into your Customer Service Agreement) governs that relationship.
3. Personal data we collect
Account and billing data
When you sign up or subscribe, we collect:
- Name and email address
- Business name and address
- Payment information (processed and stored by Stripe - we do not store card numbers)
- Subscription and invoice history
- Login activity and account settings
Call recordings and transcripts
When a caller dials a number managed by RingDesk:
- The call audio is recorded
- The recording is transcribed to text
- The caller's phone number (CLI) is captured
- Any information the caller provides during the call (name, enquiry content, booking details) is captured in the transcript
Callers are notified at the start of each call that they are speaking with an AI assistant and that the call may be recorded.
Usage and analytics data
- Call metadata: duration, timestamp, outcome (e.g. booking made, message taken)
- Sentiment and intent classification derived from call content
- Platform usage metrics (minutes used, API consumption) for billing and service improvement
4. Why we collect it (lawful basis)
| Purpose | Lawful basis |
|---|---|
| Providing the AI call answering service | Performance of a contract (with the account holder) |
| Processing payments and issuing invoices | Performance of a contract; legal obligation |
| Sending transactional emails (trial, billing, account alerts) | Performance of a contract |
| Allowing account holders to review calls and transcripts | Performance of a contract |
| Platform security, fraud prevention, and abuse detection | Legitimate interest |
| Aggregate usage analytics and service improvement | Legitimate interest |
| Complying with legal obligations (e.g. tax, data retention) | Legal obligation |
5. Who we share data with
We use the following third-party sub-processors to deliver the service. Each is bound by appropriate data protection agreements.
| Sub-processor | Purpose | Location | Transfer basis |
|---|---|---|---|
| Twilio Inc. | Telephone number provisioning and call routing | USA | UK IDTA |
| Deepgram Inc. | Speech-to-text transcription of call audio | USA | UK IDTA |
| Anthropic PBC | AI language model (generates agent responses) | USA | UK IDTA |
| Microsoft Azure (Cognitive Services) | Text-to-speech (generates agent voice) | EU (West Europe) | UK adequacy regulations |
| Supabase Inc. | Database hosting, authentication, and data storage | EU (West Europe) | UK adequacy regulations |
| Stripe Inc. | Payment processing and subscription management | USA | UK IDTA |
| Netlify Inc. | Admin dashboard hosting (no personal call data) | USA | UK IDTA |
| Resend Inc. | Transactional email delivery | USA | UK IDTA |
We do not sell personal data to third parties. We do not share personal data with advertisers or data brokers.
6. How long we keep your data
| Data type | Retention period |
|---|---|
| Call recordings | 24 months from the date of the call, then automatically deleted |
| Call transcripts | 24 months from the date of the call, then automatically deleted |
| Account and configuration data | 90 days after account termination, then deleted |
| Billing and invoice records | 7 years (legal obligation - VAT and company records) |
| Support tickets | Duration of the account relationship plus 90 days |
7. Your rights under UK GDPR
If you are an individual whose personal data we hold, you have the following rights:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to erasure - you can ask us to delete your personal data where there is no overriding legal reason to keep it.
- Right to rectification - you can ask us to correct inaccurate personal data.
- Right to restriction - you can ask us to restrict processing of your data in certain circumstances.
- Right to portability - you can ask us to provide your data in a machine-readable format.
- Right to object - you can object to processing based on legitimate interest.
Note for callers: If you called a number managed by RingDesk, the business that operates that number is the Data Controller for your call data. Your rights request should be directed to that business in the first instance. We will assist any business in responding to data subject rights requests as required under our Data Processing Agreement.
8. How to make a data subject request
To exercise any of the rights above, contact us at:
TJP365 Ltd (Data Controller)Privacy enquiries: privacy@ringdesk.co.uk
55-57 Station Road, Edgware, England, HA8 7HX
We will respond to all data subject requests within one calendar month of receipt, as required by UK GDPR. We may need to verify your identity before processing your request.
There is no charge for making a request. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline to act on it - we will explain our reasons if so.
9. Security
We take the security of personal data seriously. Our technical and organisational measures include:
- All data in transit is encrypted via TLS 1.2 or higher
- Call recordings and transcripts are stored encrypted at rest
- Access to the platform requires authenticated login
- Row-level security ensures each account can only access its own data
- Infrastructure is hosted within the UK/EEA on SOC 2-certified providers
- Access to personal data by staff and contractors is subject to confidentiality obligations
In the event of a personal data breach, we will notify affected account holders and, where required, the Information Commissioner's Office (ICO) within 72 hours of becoming aware.
10. Cookies
The RingDesk admin app uses session cookies for authentication only. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required for strictly necessary session cookies.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified to account holders by email at least 14 days before they take effect. The date at the top of this page reflects when it was last updated.
12. How to complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority:
Information Commissioner's Office (ICO)Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
We would always appreciate the opportunity to resolve any concerns directly before you contact the ICO - please get in touch at privacy@ringdesk.co.uk first.