1. Who We Are

This Privacy Policy describes how ByteSensory Limited (“Cleveri,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data in connection with our AI-powered voice recovery and agent-assisted communication services.

Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Company Number: 16777030
ICO Registration Number: 16777030
Email: privacy@getcleveri.com

Cleveri is a trading name of ByteSensory Limited, registered in England and Wales.

We operate in accordance with the UK GDPR, the Data Protection Act 2018, and where applicable, the EU GDPR.

2. Scope

This Privacy Policy applies to:

• Our websites (getcleveri.com, app.getcleveri.com, bytesensory.com);

• Our AI-powered voice recovery platform, APIs, and dashboards;

• Any managed recovery campaigns we conduct on behalf of our clients; and

• Any human-assisted or AI-generated communications made under our clients’ instructions.

This policy does not apply to external websites, third-party integrations, or client systems that connect to Cleveri.

3. Our Role Under GDPR

Depending on the context, we act as either:

(a) Data Processor

When processing customer data (e.g., debtors, members, or payers) on behalf of our business clients (credit unions, lenders, finance companies), we act as a data processor.
In this role, the client remains the data controller and determines the lawful basis, consent, and purpose of contact.

(b) Data Controller

We act as a data controller for information relating to:

• Our business contacts and clients;

• Website visitors and service subscribers;

• Our employees, contractors, and partners.

4. Data We Collect

We collect and process the following categories of data:

A. Client Business Data

• Organisation name, address, and contact details

• Account credentials and billing information

• User activity logs, support communications

B. Customer (End-User) Data (processed under client instruction)

• Name, phone number, account ID, loan or invoice reference

• Payment status and contact history

• Call recordings, transcripts, and AI emotion insights

• Responses or commitments made during a conversation

C. Technical and Usage Data

• Device identifiers, IP address, browser type

• API and webhook logs

• Connection timestamps and event data

5. How We Use Personal Data

We use data only as necessary to provide and improve our Services, specifically for:

• Delivering AI-powered and human-assisted call services on behalf of our clients

• Analysing voice tone, intent, and emotion to personalise responses

• Generating and storing call transcripts for audit and training (within agreed retention)

• Providing compliance reporting and recovery analytics

• Improving our AI models (on anonymised and aggregated data only)

• Managing billing, support, and security

We never sell personal data or use call content for unrelated marketing or profiling.

6. Legal Basis For Processing

We process data based on the following lawful bases under the UK/EU GDPR:

Clients are responsible for ensuring they have an appropriate lawful basis (e.g., consent or legitimate interest) for contacting their customers.

7. AI Processing And Human Review

Cleveri’s platform uses AI-driven speech recognition, natural language understanding, and emotion detection to analyse voice data in real time.

• Emotion & Intent Detection: AI identifies stress, confidence, or willingness-to-pay indicators.

• Human Escalation: When AI detects complex or sensitive cases, our trained agents review transcripts or take over live calls.

• Transparency: All AI activity is logged and auditable.

• Explainability: Each AI decision (e.g., risk score, escalation trigger) is recorded with confidence scores.

No automated decision is made without human oversight where such decisions could materially affect an individual.

8. Data Retention

We retain personal data only as long as necessary for contractual or regulatory purposes.

At the end of retention, data is securely deleted or irreversibly anonymised using ISO/IEC 27001–aligned processes.

9. Data Sharing & Subprocessors

We share data only with trusted, GDPR-compliant subprocessors who support our Services.

Core subprocessors include:

• Twilio Inc. – voice and telephony API provider (UK/EU hosting)

• TrueLayer Ltd. – bank connectivity (regulated by FCA)

• Google Cloud Platform (UK/EU region) – data storage and compute

• HubSpot / Zendesk – client relationship management

• New Relic / Cloudflare – monitoring and security infrastructure

All subprocessors are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where required.

10. Data Transfers Outside The Uk/Eu

Where data is transferred outside the UK or EEA (e.g., to US subprocessors), we ensure:

• Adequate protection under UK adequacy decisions, or

• EU/UK Standard Contractual Clauses (SCCs) with supplementary safeguards.

No voice or transcript data is transferred outside the UK/EU without explicit client approval.

11. Security Measures

Cleveri maintains a certified Information Security Management System (ISMS) aligned with ISO/IEC 27001 standards, including:

• Data encryption in transit (TLS 1.3) and at rest (AES-256)

• Access control and identity management

• Network and infrastructure monitoring

• Staff background checks and mandatory data protection training

• Incident response and breach notification protocol within 72 hours

12. Individual Rights

Under the UK and EU GDPR, individuals have the following rights:

• Access their personal data

• Rectify inaccurate information

• Erase data (“right to be forgotten”)

• Restrict or object to processing

• Data portability (structured, machine-readable format)

• Lodge a complaint with a supervisory authority

When we act as processor, we refer all rights requests to the data controller (our client) for response.

Requests may be sent to: privacy@getcleveri.com

13. Children’s Data

Our Services are intended for business use and not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors.

14. Automated Decision-Making

Cleveri’s AI voice agents assist in assessing tone, urgency, and intent but do not make binding decisions regarding eligibility, credit, or financial consequences.
All outcomes are subject to human review or client confirmation before final action.

15. FCA & Ethical Communication Commitment

All communications made through our platform follow:

• FCA’s “Treating Customers Fairly (TCF)” principles

• Consumer Duty standards of clarity, empathy, and fairness

• Prohibition of harassment, pressure, or deceptive language

We maintain auditable call records for transparency and compliance review.

16. Your Data Protection Contacts

Data Protection Officer (DPO):
DPO Officier
privacy@getcleveri.com

EU Representative:
DPO Officier, ByteSensory Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. 
privacy@getcleveri.com

Supervisory Authority (UK):
Information Commissioner’s Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
www.ico.org.uk

17. Changes To This Policy

We may update this Privacy Policy from time to time.
The “Last Updated” date at the top indicates the current version.
Material changes will be communicated via email or platform notice.

18. Contact Us

If you have any questions or wish to exercise your data rights, contact:

ByteSensory Limited (trading as Cleveri)
Email: privacy@getcleveri.com
Phone: +44 208 092 6256
Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ