Knowledge Base / SJM Knowledge Base

Privacy Policy

Effective date: January 01, 2026

Status: ACTIVE - v5.0

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the SJM Voice Intelligence Engine ("SVIE"), the Dashboard, or associated APIs. It tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This policy is drafted in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to SJM Labs Ltd, a private limited company registered in the United Kingdom.
  • Consumer means the end-user (Your customer) calling into the SJM Voice Intelligence Engine.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the SJM Voice Intelligence Engine (SVIE), the Dashboard, and the Website.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service (e.g., Twilio, OpenAI, Vapi, Stripe).
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a call).

2. Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Business Address, State, Province, ZIP/Postal code, City
  • Calendar Data (Google Calendar Appointments)

Voice and Biometric Data

CRITICAL: SJM Labs processes voice recordings. By utilizing the SVIE, You acknowledge that You act as the Data Controller for Your Consumers' data, and We act as the Data Processor.

We collect and process audio recordings of calls made to and from the Service. This includes:

  • Raw Audio: The actual voice recording of the conversation.
  • Transcripts: Text-based representations of the conversation derived via Speech-to-Text (STT) technologies.
  • Sentiment Scores: Algorithmic assessments of the caller's emotional state (e.g., "Angry", "Neutral").

3. Use of Your Personal Data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service, including monitoring the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication regarding updates or informative communications related to the functionalities.
  • For Business Transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.

4. AI Training & Automated Decision Making

Machine Learning Improvements

We utilize Anonymized Data to train and improve our proprietary Artificial Intelligence models (SVIE v4.0 and subsequent iterations). This process involves:

  • Anonymization: Stripping Personal Identifiable Information (PII) such as names, credit card numbers, and specific addresses from transcripts before they enter the training dataset.
  • Aggregation: Combining data points to identify macro-trends in conversation flow (e.g., "Most calls to dental clinics occur on Mondays").

Automated Decision Making

The Service employs automated decision-making protocols to route calls. For example, the "Sentiment Emergency Alert" system automatically decides whether to escalate a call to a human based on voice-stress analysis. You have the right to request human intervention in these processes.

5. Data Retention

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Specifically:

  • Audio Recordings: Retained for 30 days, then securely scrubbed.
  • Transcripts: Retained for 12 months for quality assurance.
  • Financial Records: Retained for 7 years per HMRC (UK Tax) regulations.

6. Disclosure of Your Personal Data

Service Providers

We may share Your personal information with the following third-party vendors to facilitate the Service:

  • Twilio / Vapi: For telephony and voice streaming services.
  • OpenAI / Anthropic: For Large Language Model (LLM) processing.
  • Stripe: For payment processing.
  • Google Cloud Platform (GCP): For database hosting and calendar integration.

International Transfers

Your information, including Personal Data, is processed at the Company's operating offices (United Kingdom) and in any other places where the parties involved in the processing are located (including servers in the US or EU).

If We transfer Your Personal Data out of the UK or EEA, We ensure a similar degree of protection is afforded to it by using specific contracts approved by the UK Government (Standard Contractual Clauses - SCCs).

7. Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

We implement:

  • TLS 1.3 Encryption for data in transit.
  • AES-256 Encryption for data at rest (database storage).
  • Role-Based Access Control (RBAC) limiting internal employee access to data on a strict "need to know" basis.

8. Your GDPR Rights

Under the UK GDPR, You have specific rights regarding your data:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure: You have the right to request that we erase your personal data ("The Right to be Forgotten").
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data.
  • The right to object to processing: You have the right to object to our processing of your personal data.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a machine-readable format.

If you would like to exercise any of these rights, please contact us. We have one month to respond to you.

9. Contact Us

If you have any questions about this Privacy Policy, You can contact us:

  • By email: legal@sjmlabs.tech
  • By visiting this page on our website: www.sjmlabs.tech/contact
  • By mail: SJM Labs Ltd, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ