How we handle your data.

ATI Labs Ltd is the data controller for the information you provide directly to us through this website (e.g. demo requests). For voice and conversation data processed through the ATI platform on behalf of our customers, ATI acts as a data processor and our customer is the controller.

For data protection questions, contact us at privacy@atilabs.ai.

• Site-visit data: pages viewed, basic referrer information, and the form fields you choose to submit (name, email, company, message).
• Voice and transcript data processed by ATI agents on behalf of our customers, where ATI is acting as processor under our customer’s instructions.
• Account data for customers using our admin console: email, role, organisation, sign-in events.

• To respond to demo requests and sales conversations.
• To run the ATI voice agents our customers have configured.
• To improve service reliability, debug incidents, and produce aggregate usage reporting.
• To comply with legal obligations.

We do not train models on customer data.Customer voice, transcript and CRM data are never used to train any model · ours or our vendors’. We also do not retain conversation content for our own use.

We use a short list of subprocessors to deliver the service · cloud hosting (AWS), telephony (Twilio), monitoring and observability vendors. A full subprocessor list is available on request and is updated quarterly. Customers are notified by email at least 30 days before any new subprocessor is added.

We run multi-region residency across UK eu-west-2, India ap-south-1, UAE me-central-1 and US us-east-1. Customers can pin their data to a specific region. New residency options are added as customer demand drives them.

TLS 1.3 in transit and AES-256 at rest. Multi-tenant isolation enforced at the database layer. Role-based access controls and audit logging on customer data. We are actively working toward SOC 2 attestation; happy to share our current control set and roadmap with your security team.

Site form submissions: 24 months from submission, then deleted. Customer call recordings and transcripts: retained according to each customer’s configured policy. Account logs: 12 months. We honour deletion requests within 30 days of receipt.

Where applicable under GDPR, UK GDPR, DPDP or comparable law, you can:

• Request a copy of the personal data we hold about you.
• Correct inaccurate data.
• Ask us to delete your data (subject to legal retention rules).
• Object to processing or restrict it.
• Withdraw consent at any time.

Reach out at privacy@atilabs.ai and we’ll respond within 30 days.

We use only essential cookies needed to keep your session alive and remember theme preferences. We do not use third-party advertising cookies on this website.

Material changes will be flagged on this page with a new “Last updated” date and, where required, notified by email to active customers at least 30 days in advance.

privacy@atilabs.ai

For broader security questions, see our Trust Center.