Privacy Policy
TJP365 Ltd t/a RingDesk · Last updated: June 2026
1. Who we are
RingDesk is an AI-powered communication service for businesses (handling inbound telephone calls and SMS text messages) operated by TJP365 Ltd, a company registered in England and Wales (Company No. 15457512), registered at 55-57 Station Road, Edgware, England, HA8 7HX.
In this policy "we", "us", and "our" mean TJP365 Ltd. You can contact us at privacy@ringdesk.co.uk.
2. What this policy covers
This policy describes how we collect, use, store, and share personal data when you:
- Create and use a RingDesk account (account holders and authorised users)
- Call or send a text message to a telephone number powered by RingDesk (callers and texters)
- Visit our website or admin dashboard
If you are a business customer using RingDesk to handle calls and messages on your behalf, you are the Data Controller for personal data collected during those interactions. We act as your Data Processor. Our Data Processing Agreement (incorporated into your Customer Service Agreement) governs that relationship.
3. Personal data we collect
Account and billing data
When you sign up or subscribe, we collect:
- Name and email address
- Business name and address
- Payment information (processed and stored by Stripe - we do not store card numbers)
- Subscription and invoice history
- Login activity and account settings
Calls, recordings and transcripts
When a caller dials a number managed by RingDesk:
- The call audio is recorded
- The recording is transcribed to text
- The caller's phone number (CLI) is captured
- Any information the caller provides during the call (name, enquiry content, booking details) is captured in the transcript
Callers are notified at the start of each call that they are speaking with an AI assistant and that the call may be recorded.
Text messages (SMS)
Where text messaging is enabled, when someone sends a text message to a number managed by RingDesk:
- The message content is stored and shown to the account holder in the admin dashboard
- The sender's phone number is captured
- Where the account holder enables the AI text agent, our systems generate replies based on the business's configured content
- Opt-out keywords (such as "STOP" and "START") are recorded so we can honour unsubscribe requests
Returning-caller history
Where the account holder enables returning-caller recognition for a desk, we retain a limited history of previous calls and messages linked to a caller's phone number, so the AI agent can recognise a returning caller and personalise the interaction (for example, greeting them by name). This feature is configurable per desk and can be disabled by the account holder.
Usage and analytics data
- Call and message metadata: duration, timestamp, outcome (e.g. booking made, message taken)
- Sentiment and intent classification derived from call and message content
- Platform usage metrics (minutes used, API consumption) for billing and service improvement
4. Why we collect it (lawful basis)
| Purpose | Lawful basis |
|---|---|
| Providing the AI communication service (calls and text messages) | Performance of a contract (with the account holder) |
| Handling two-way SMS conversations and sending notifications | Performance of a contract |
| Recognising and personalising for returning callers (where enabled) | Legitimate interest |
| Processing payments and issuing invoices | Performance of a contract; legal obligation |
| Sending transactional emails (trial, billing, account alerts) | Performance of a contract |
| Allowing account holders to review calls, messages and transcripts | Performance of a contract |
| Platform security, fraud prevention, and abuse detection | Legitimate interest |
| Aggregate usage analytics and service improvement | Legitimate interest |
| Complying with legal obligations (e.g. tax, data retention) | Legal obligation |
5. Who we share data with
We use the following third-party sub-processors to deliver the service. Each is bound by appropriate data protection agreements.
| Sub-processor | Purpose | Location | Transfer basis |
|---|---|---|---|
| Twilio Inc. | Telephone number provisioning, call routing, and SMS message routing | USA | UK IDTA |
| Deepgram Inc. | Speech-to-text transcription of call audio | EU (Ireland) | UK adequacy regulations |
| Anthropic PBC | AI language model (generates agent call and message responses) | USA | UK IDTA |
| Amazon Web Services (Bedrock) | Managed hosting and inference for the AI language model | EU (Ireland) | UK adequacy regulations |
| Cartesia Inc. | Text-to-speech (generates agent voice) | USA | UK IDTA |
| Supabase Inc. | Database hosting, authentication, and data storage | EU (West Europe) | UK adequacy regulations |
| Stripe Inc. | Payment processing and subscription management | USA | UK IDTA |
| Netlify Inc. | Admin dashboard hosting (no personal call data) | USA | UK IDTA |
| Resend Inc. | Transactional email delivery | USA | UK IDTA |
Integrations you enable. Where you connect a third-party system (such as a booking, calendar, or CRM platform), we share relevant call, message, and booking data with that system at your instruction. Those systems are controlled by you and the relevant provider - not by us - and their use of the data is governed by your own agreement with them.
We do not sell personal data to third parties. We do not share personal data with advertisers or data brokers.
6. How long we keep your data
We apply automatic, time-based deletion across all data categories. Retention periods are enforced by a daily automated process.
| Data type | Retention period | Basis |
|---|---|---|
| Call recordings | 90 days from the date of the call by default (configurable at account level), then deleted | Legitimate interest (capped) |
| Call and message transcripts and summaries | 90 days from the date of the call or message | Legitimate interest (capped) |
| Text messages (SMS) | 90 days from receipt | Legitimate interest (capped) |
| Caller messages and voicemails | 90 days from receipt | Legitimate interest (capped) |
| Booking records containing caller details | 90 days after completion or cancellation | Legitimate interest (capped) |
| Returning-caller history | 90 days, in line with the underlying call/message data | Legitimate interest (capped) |
| Operational and error logs | 30 days | Legitimate interest |
| Account activity and audit logs | 12 months | Legitimate interest |
| Account configuration | Duration of subscription; deleted 7 days after account closure | Performance of contract |
| Billing and invoice records | 7 years | Legal obligation (UK VAT Act / Companies Act) |
| Usage billing records | 6 years | Legal obligation (UK VAT Act) |
| Support correspondence | 12 months after a ticket is closed | Legitimate interest |
When an account is permanently closed, all personal and configuration data is deleted within 7 days. Billing records are anonymised and retained for the legally required period. Call and message records are subject to the 90-day rolling deletion regardless of account status.
7. Your rights under UK GDPR
If you are an individual whose personal data we hold, you have the following rights:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to erasure - you can ask us to delete your personal data where there is no overriding legal reason to keep it.
- Right to rectification - you can ask us to correct inaccurate personal data.
- Right to restriction - you can ask us to restrict processing of your data in certain circumstances.
- Right to portability - you can ask us to provide your data in a machine-readable format.
- Right to object - you can object to processing based on legitimate interest.
Note for callers and texters: If you called or texted a number managed by RingDesk, the business that operates that number is the Data Controller for your data. Your rights request should be directed to that business in the first instance. We will assist any business in responding to data subject rights requests as required under our Data Processing Agreement.
Right to erasure - account holders: If you are a RingDesk account holder and wish to request deletion of your personal data ahead of our standard retention periods, contact us at privacy@ringdesk.co.uk with the subject line "Erasure request". We will action all verified erasure requests within one calendar month. Please note that billing and invoice records must be retained for the legally required period and cannot be deleted early.
8. How to make a data subject request
To exercise any of the rights above, contact us at:
- TJP365 Ltd (Data Controller)
- Privacy enquiries: privacy@ringdesk.co.uk
- 55-57 Station Road, Edgware, England, HA8 7HX
We will respond to all data subject requests within one calendar month of receipt, as required by UK GDPR. We may need to verify your identity before processing your request.
There is no charge for making a request. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or decline to act on it - we will explain our reasons if so.
9. Security
We take the security of personal data seriously. Our technical and organisational measures include:
- All data in transit is encrypted via TLS 1.2 or higher
- Call recordings, transcripts and messages are stored encrypted at rest
- Access to the platform requires authenticated login
- Row-level security ensures each account can only access its own data
- Infrastructure is hosted within the UK/EEA on SOC 2-certified providers
- Access to personal data by staff and contractors is subject to confidentiality obligations
In the event of a personal data breach, we will notify affected account holders and, where required, the Information Commissioner's Office (ICO) within 72 hours of becoming aware.
10. Cookies
The RingDesk admin app uses session cookies for authentication only. We do not use third-party tracking cookies or advertising cookies. No cookie consent banner is required for strictly necessary session cookies.
11. Changes to this policy
We may update this policy from time to time. Material changes will be notified to account holders by email at least 14 days before they take effect. The date at the top of this page reflects when it was last updated.
12. How to complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection supervisory authority:
- Information Commissioner's Office (ICO)
- Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
- Helpline: 0303 123 1113
- Website: ico.org.uk
We would always appreciate the opportunity to resolve any concerns directly before you contact the ICO - please get in touch at privacy@ringdesk.co.uk first.
TJP365 Ltd · Registered in England and Wales · Company No. 15457512 · Registered office: 55-57 Station Road, Edgware, England, HA8 7HX · VAT No. 459 7746 28