PRIVACY POLICY

Last updated: July 2026

This Privacy Policy explains how FoodVision23 Ltd ("we", "us", "our"), a company incorporated in the Republic of Cyprus (EU), operating under the brand RingBoost AI through the website www.ringboost.ai, collects, uses, stores, shares and protects your personal data.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC (as amended), and applicable national laws of the Republic of Cyprus and the European Union.

This policy applies to all visitors to our website, prospective and current clients, callers who interact with our AI voice agent ("Emma"), and any other individuals whose personal data we process in the course of providing our services.

1. Data Controller

The data controller responsible for your personal data is:

FoodVision23 Ltd

Trading as: RingBoost AI

Incorporated in the Republic of Cyprus (EU)

Website: www.ringboost.ai

Email: privacy@ringboost.ai

Data Protection Officer: dpo@ringboost.ai

2. What Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with us:

2.1 Website Visitors

  • Technical data: IP address, browser type, operating system, device type, referring URL, pages visited, time on page

  • Cookie data: as described in our Cookie Policy

  • Form submissions: name, email address, phone number, company name, and any message content you provide through contact or demo booking forms

2.2 Prospective Clients

  • Contact and business information: name, email address, phone number, company name, business type, number of locations

  • Demo booking data: date, time, and notes submitted when scheduling a demonstration

  • Communication records: emails, chat messages, and call records from our sales process

2.3 Clients (Subscribers to RingBoost AI Services)

  • Account information: company name, business address, billing address, contact details of authorised personnel

  • Billing data: payment method details (processed by our third-party payment processor, not stored by us directly), invoices, transaction history

  • Service configuration data: phone numbers, routing schedules, escalation contacts, knowledge base content, language preferences, integration credentials

  • Usage data: call minutes consumed, SMS/WhatsApp messages sent, feature usage, login activity on the client dashboard

2.4 Callers (End Users Who Interact with Emma)

  • Call data: caller phone number (CLI), date, time, and duration of call

  • Call recordings: audio recordings of calls handled by Emma (where enabled by the client)

  • Call transcripts: automated text transcriptions of calls

  • Information provided during the call: name, contact details, appointment preferences, booking details, enquiry content, and any other information voluntarily disclosed by the caller

Important: When we process caller data on behalf of our clients, we act as a Data Processor under GDPR Article 28. The client remains the Data Controller and is responsible for ensuring a lawful basis for processing, including obtaining any required consent for call recording in their jurisdiction.

3. How We Use Your Personal Data

We process personal data for the following purposes and on the following legal bases:

  • To provide our AI voice receptionist service (Legal basis: performance of a contract, GDPR Art. 6(1)(b)) — answering inbound and outbound calls, booking appointments, handling enquiries, sending SMS/WhatsApp follow-ups, syncing data with client booking and practice management platforms

  • To manage client accounts and billing (Legal basis: performance of a contract, GDPR Art. 6(1)(b)) — account setup, invoicing, payment processing, plan upgrades and downgrades

  • To respond to enquiries and provide demos (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — responding to contact form submissions, scheduling and conducting product demonstrations

  • To improve our services (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — analysing call analytics, performance metrics, and usage patterns to improve Emma's accuracy, response quality, and service reliability

  • To send marketing communications (Legal basis: consent, GDPR Art. 6(1)(a)) — newsletters, product updates, and promotional content. You may withdraw consent at any time

  • To comply with legal obligations (Legal basis: legal obligation, GDPR Art. 6(1)(c)) — tax records, regulatory requirements, responding to lawful requests from authorities

  • To protect our legitimate interests (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — fraud prevention, security monitoring, enforcing our Terms of Service

4. Call Recordings and Transcripts

Emma may record calls and generate automated transcripts as part of the service provided to our clients. The following applies:

  • Call recording is enabled or disabled by the client during onboarding configuration

  • Where recording is enabled, a standard recording disclosure is played at the start of each call, as required by the ePrivacy Directive

  • The client (Data Controller) is solely responsible for ensuring that call recording complies with applicable laws in their jurisdiction, including the ePrivacy Directive and any national implementation thereof

  • Default retention period for call recordings and transcripts is 30 days, after which they are automatically deleted unless the client has configured a different retention period

  • Clients may request early deletion of recordings at any time

5. Who We Share Your Data With

We do not sell your personal data. We share personal data only with the following categories of recipients, and only to the extent necessary to provide our services:

  • AI and voice infrastructure: RetellAI (voice agent platform), for processing and handling calls

  • Telephony provider: Twilio, for call routing and SMS/WhatsApp delivery

  • Automation platform: Make, for connecting Emma with client booking systems including Cliniko, Doctolib, Mindbody, Virtuagym, Treatwell, Fresha, Phorest, SevenRooms, OpenTable, Quandoo, TheFork, Oracle OPERA, Cloudbeds, Mews, Clio, and others

  • CRM and client management: GoHighLevel, for managing client accounts and communications

  • Client dashboard: Lovable (with Supabase backend), for the client-facing portal and white-label reporting

  • Analytics: Google Analytics (GA4), for website performance measurement

  • Cloud hosting: for secure data storage, primarily within the EEA

  • Payment processor: for subscription payments (we do not store card details directly)

  • Professional advisors: legal, accounting, and tax advisors, as required

  • Law enforcement or regulatory bodies: where required by law or to protect our legal rights

All third-party processors are bound by Data Processing Agreements (DPAs) in accordance with GDPR Article 28.

6. International Data Transfers

We primarily store and process personal data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to service providers based in the United States), we ensure appropriate safeguards are in place, including:

  • EU Commission adequacy decisions (GDPR Art. 45)

  • Standard Contractual Clauses (SCCs) approved by the EU Commission (GDPR Art. 46(2)(c))

  • EU-US Data Privacy Framework certification, where applicable

You may request details of the specific safeguards applied to any transfer by contacting privacy@ringboost.ai.

7. Data Retention
  • Call recordings and transcripts: 30 days (default), unless configured otherwise by the client

  • Client account data: duration of the contractual relationship plus 6 years for tax and legal compliance

  • Prospective client data: 12 months from last interaction, unless consent is given for longer retention

  • Website analytics data: as governed by our Cookie Policy (maximum 26 months for Google Analytics)

  • Marketing consent records: for as long as consent remains active, plus 3 years for proof of consent

  • Billing and financial records: 6 years, as required by Cyprus tax law

After the applicable retention period, data is securely deleted or anonymised.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy

  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data

  • Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten")

  • Right to restriction of processing (Art. 18) — request limitation of how we use your data

  • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format

  • Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing

  • Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting prior processing

  • Right regarding automated decision-making (Art. 22) — Emma does not make decisions with legal or similarly significant effects; all call handling is informational and operational

To exercise any of these rights, contact info@foodvision23.com. We will respond within 30 days.

For callers: if you interacted with Emma on behalf of one of our clients, the client is the Data Controller for your call data. Please contact the business you called directly to exercise your rights. We will assist our clients in fulfilling such requests.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest

  • Access controls and role-based permissions for all internal systems

  • Regular security assessments of third-party providers

  • Data breach notification within 72 hours to the supervisory authority (GDPR Art. 33) and to affected individuals where required (GDPR Art. 34)

10. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child's data has been provided to us, contact info@foodvision23.com immediately.

11. Data Processing Agreements

Where we act as Data Processor on behalf of our clients, we enter into a Data Processing Agreement (DPA) in accordance with GDPR Article 28, setting out the subject matter, duration, nature and purpose of processing, the types of personal data, and the obligations and rights of both parties. Clients may request a copy at privacy@ringboost.ai.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date above. For significant changes, we may also notify clients directly via email.

13. Contact Us and Complaints

FoodVision23 Ltd (trading as RingBoost AI)

Incorporated in the Republic of Cyprus (EU)

Email: info@foodvision23.com

Data Protection Officer: info@foodvision23.com

If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (the supervisory authority of the Republic of Cyprus), or with the supervisory authority of the EU Member State in which you reside or work.

© 2026 FoodVision23 Ltd (trading as RingBoost AI). All rights reserved. Registered in the Republic of Cyprus (EU).