Who we are
Sayora is an AI phone-answering service for UK small businesses. We answer your inbound calls when you can’t, capture lead details, answer common questions from a knowledge base you provide, and notify you by SMS. Optionally, Sayora can also book, reschedule, and cancel appointments in a calendar you connect.
Sayora is operated by Sayora Ltd, a company registered in Scotland with company number SC888928. Our registered office is 13/4 Grindlay Street, Edinburgh, Scotland, EH3 9AT.
We are the data controller for personal data we collect about you when you sign up as a Sayora customer (a “client”), and the data processor for personal data we handle on your behalf about people who call you (your “callers”).
In this policy:
- “We”, “us”, “our” means Sayora.
- “You” / “your” means a Sayora client, a UK business owner using Sayora to answer calls.
- “Caller” means an end-user who calls a phone number Sayora answers on your behalf.
What we collect
From you (as a Sayora client)
- Account details: name, business name, email address, phone number, postal address (required by our telephony partner for the UK Ofcom regulatory bundle).
- Authentication: email address only. Sign-in is by magic link, no password is stored.
- Configuration you provide: business hours, knowledge-base entries (FAQs, services, pricing), greeting and policy preferences, optional calendar connection details.
- Communications with us: support emails and messages.
From your callers (on your behalf)
When a caller dials a Sayora-managed phone number:
- The caller’s phone number (always, automatically, needed to route the call).
- Call audio. Calls are recorded by our voice partner (Retell AI) so we can transcribe them, so you can listen back to a lead, and so AI quality issues can be investigated. Sayora does not download or store a copy of the audio bytes itself. We store only a reference URL to Retell’s hosted recording, and stream it on demand when an authorised user (you, or a Sayora staff member with a legitimate reason) listens back. Audio retention is governed by Retell’s policy.
- Transcribed text of the conversation.
- Caller-provided details: typically name, reason for call, preferred callback time.
- Call metadata: start/end time, duration, call outcome (for example: lead captured, abandoned, marked as spam) and the spam classification recorded for the call (a flag and a short reason).
- Appointment details for bookings made by Sayora, mirrored into our database and into your connected calendar (cal.com or Google Calendar).
Every call begins with an audible disclosure that the conversation is recorded and may be reviewed by a human. Callers can decline and request that you call them back directly.
From your connected calendar (if you enable calendar booking)
Sayora supports two calendar providers: cal.com and Google Calendar. Connection is optional.
If you connect cal.com, we receive: your cal.com username and email, the list of your event types (slug, label, duration), and OAuth access + refresh tokens. Tokens are stored encrypted.
If you connect Google Calendar, we receive: your Google account email address, the list of calendars in your Google account (so you can pick which one Sayora writes to), and OAuth access + refresh tokens. Tokens are stored encrypted. See the dedicated Google API Services User Data Policy section below for the full disclosure required by Google.
Why we collect it (legal basis under UK GDPR)
| Data | Legal basis |
|---|---|
| Your account + configuration | Contract (Art. 6(1)(b)): necessary to deliver the service to you. |
| Your callers’ details (as your processor) | You determine the basis (typically legitimate interests in not missing a customer enquiry); we process under your instructions. |
| Call recordings + transcripts | Legitimate interests (call quality, dispute resolution) and contract performance. |
| Google / cal.com calendar data | Contract (you’ve enabled the integration). |
| Marketing emails to you | Consent. You can withdraw at any time. |
How we use it
- To answer your phone calls when you can’t.
- To text you a lead summary after each captured call.
- To text the caller a thank-you confirmation (configurable per client).
- To book, reschedule, or cancel appointments in your connected calendar when you’ve enabled that feature.
- To investigate and resolve technical issues, security incidents, or abuse.
- To comply with legal and regulatory obligations (Ofcom records for the UK number assigned to you).
We may use anonymised, aggregated data (e.g., “average call length”, “common intent categories”) to improve the service. This data cannot be linked back to a specific caller or client.
Who we share it with (subprocessors)
We use the third parties below to deliver the service. Each is bound by a data-processing agreement.
Sayora’s direct subprocessors:
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (Ireland) |
| Twilio Ireland Limited | UK phone numbers, SIP trunk into the voice runtime | EU (Ireland), with some US processing |
| Retell AI | Voice conversation orchestration (call audio, recordings, transcripts) | US |
| The SMS Works | UK SMS delivery | UK |
| Railway | Application hosting | US |
| cal.com | Optional calendar provider | EU |
| Google (Calendar API) | Optional calendar provider | US/EU |
Sub-processors used inside Retell (Retell’s own subprocessors that handle call audio on Retell’s infrastructure, which Sayora does not integrate with directly):
| Sub-processor | Purpose | Location |
|---|---|---|
| Deepgram | Speech-to-text transcription | US |
| Anthropic (Claude) | Large language model behind Sayora’s responses | US |
| ElevenLabs | Text-to-speech (the voice you hear) | US |
We do not sell personal data. We do not share data with any third party for that party’s own marketing purposes.
International transfers outside the UK / EEA rely on UK adequacy regulations where applicable, the EU-US Data Privacy Framework where the recipient is certified, or Standard Contractual Clauses (SCCs) with the UK Addendum.
Retention
| Data | How long we keep it |
|---|---|
| Call audio | Stored by Retell AI for up to 90 days after the call, then automatically deleted on Retell’s side. Sayora itself stores only a reference URL to Retell’s hosted file. |
| Call transcripts | Stored alongside the call record for up to 90 days, then automatically deleted on Retell’s side; the Sayora-side transcript copy is deleted with the call record when your account moves to Deleted (see “Account lifecycle” below). |
| Lead summaries | Held with the call record. Deleted when the account moves to Deleted. |
| Account data | Held while your account is Active or Archived. Deleted when the account moves to Deleted (typically 6 months after archival via the auto-delete cron, sooner on request), except records we must keep for tax or legal reasons (typically up to 6 years for financial records). |
| Calendar credentials and webhook secrets (Google, cal.com) | Held encrypted while the integration is active. On disconnect the connection is archived and the credentials and webhook secret are taken out of active use immediately; the archived row (including the encrypted values) is deleted alongside the rest of the connection record when the account moves to Deleted. You can request immediate deletion. |
| Marketing email list | Until you unsubscribe. |
| Audit logs (security, admin actions) | Retained alongside the related account; deleted with that account when it moves to Deleted, except for a small set of immortal records (one row per hard-delete) kept indefinitely for compliance traceability. |
Account lifecycle
Your Sayora account moves through three states, and what we retain depends on the state:
- Active. You are a paying client, calls are answered, all the retention windows above apply.
- Archived. You have paused or closed the account but it is still recoverable. We stop answering calls (the number plays an out-of-service message). Your data is held untouched for 6 months in case you come back.
- Deleted. Either you confirmed a hard delete, or the 6-month archive window expired. Everything we control is purged: your account, all call records, transcripts, lead summaries, calendar connections, MCP credentials, and any remaining Retell-side recordings or transcripts inside the 90-day window. The only thing kept is a single immortal audit row recording that the deletion happened and when, with no personal data attached.
You will be emailed 7 days before automatic deletion and again when it completes. You can request earlier deletion at any time (see “Your rights” below).
Your rights (UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased (subject to legal retention requirements).
- Restrict or object to processing.
- Receive your data in a portable format.
- Withdraw consent at any time, where consent is the legal basis.
- Complain to the Information Commissioner’s Office (ICO) at ico.org.uk.
To exercise any of these, email hi@sayora.ai. We respond within 30 days.
If you are a caller (not a Sayora client) and want your data removed from a Sayora client’s records, please contact the client directly. We act only as their processor for caller data; the client decides what to retain.
Google API Services User Data Policy
Sayora’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When a Sayora client connects their Google Calendar, the following applies.
What Google data we access
- Your Google account email address (
https://www.googleapis.com/auth/userinfo.email), used to display which Google account is connected in the Sayora portal and to identify the connection internally. - Your Google Calendar (
https://www.googleapis.com/auth/calendar.eventsandhttps://www.googleapis.com/auth/calendar.readonly), used to read free/busy time on the calendar you select, create events when Sayora books an appointment on a caller’s behalf, update events when Sayora reschedules, and delete events when Sayora cancels.
How we use it
- Only to provide the calendar-booking feature you explicitly enabled.
- We read free/busy intervals and events tagged with a private identifier we set (
sayoraEventTypeSlug). We do not read events Sayora did not create. - We mirror booking activity into our own database so callers asking about their appointment get accurate answers without an extra round-trip to Google.
What we do NOT do
- We do not use Google user data for serving advertisements.
- We do not sell Google user data.
- We do not transfer Google user data to any third party except (a) as needed to provide the calendar-booking feature back to you, (b) where required by law, or (c) in connection with a merger, acquisition, or sale of assets, with notice to you.
- We do not allow humans at Sayora to read your Google calendar data, except (a) with your explicit consent, (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) in aggregated, anonymised form for internal operations.
- We do not transfer Google user data to AI/ML models for training the underlying model. The AI uses your data only at inference time to handle the current call.
How to revoke access
- In the Sayora portal: open the Calendar settings page and click Disconnect. The connection is archived, the Google push-notification channel is stopped, and the OAuth tokens are taken out of active use immediately. The encrypted tokens are deleted with the rest of the archived connection record per our retention schedule (or sooner on request).
- Directly with Google: visit myaccount.google.com/permissions, find “Sayora” in the list, and click “Remove access”.
Security
- OAuth tokens and webhook secrets are encrypted at rest with AES-256-GCM. The encryption key is held in our hosting provider’s secret store, separate from the database.
- All traffic between you, your callers, and Sayora is over HTTPS / TLS 1.2+.
- Database access is restricted by role-based access control plus row-level security; service-role keys are held only by the application server.
- We follow standard security practices: dependency updates, secrets rotation, access logging, principle of least privilege.
We will notify you within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to your rights or freedoms, and report to the ICO as required by UK GDPR.
Children
Sayora is a B2B service for UK businesses. We do not knowingly collect personal data from children under 13. If you believe we have, contact us and we will delete it.
Cookies
The Sayora portal uses cookies strictly necessary to keep you signed in (a Supabase session cookie, and a short-lived __oauth_state cookie during calendar connection).
This website (sayora.ai) uses Google Analytics to understand how the site is used. These analytics cookies are off by default and only set if you accept them via the cookie banner; until then we collect no analytics cookies and Google receives only anonymous, cookieless signals. You can decline and continue with essential cookies only, and change your mind by clearing the sayora-consent value in your browser. The site also loads a Cal.com booking widget on the booking page, which sets a cookie strictly necessary to run the calendar you came to use. We do not use advertising or cross-site tracking cookies.
Changes to this policy
We may update this policy. When we make material changes we will notify you by email and update the “Last updated” date at the top. Your continued use of the service after the change date constitutes acceptance.
Contact
- Email: hi@sayora.ai
- Postal address: Sayora Ltd, 13/4 Grindlay Street, Edinburgh, Scotland, EH3 9AT
- ICO complaint: ico.org.uk/make-a-complaint