← Back to Home

Privacy Policy

Last updated: 15 February 2026

1. Who We Are

NoCoded ("we", "us", "our") is an AI automation consultancy registered in England and Wales. We provide voice agent, intelligent automation, and custom platform services to businesses in the United Kingdom and internationally.

Data Controller: NoCoded
Email: info@nocoded.ai
Location: United Kingdom

2. Information We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

  • Name, email address, phone number, and business details when you book a call, submit a contact form, or engage with our services
  • Company name, job title, industry, and business requirements shared during consultations
  • Payment and billing information processed through our payment providers
  • Any files, documents, or data you share with us as part of a project engagement

2.2 Information Collected Automatically

  • Browser type, operating system, device information, and screen resolution
  • IP address and approximate geographic location
  • Pages visited, time spent on pages, referral source, and navigation patterns
  • Cookies and similar tracking technologies (see Section 8)

2.3 Information from Third-Party Services

  • Cal.com: When you book a call through our website, Cal.com processes your name, email, and scheduling preferences
  • Fireflies.ai: When meetings are recorded and transcribed, Fireflies processes audio recordings, attendee names, email addresses, and generates transcripts, summaries, and action items
  • Analytics providers: We may use analytics services that collect anonymised usage data about website visitors

3. Voice Agent Services

Our voice agent services involve AI-powered telephone systems that handle inbound and outbound calls on behalf of our clients. This section explains how personal data is processed in connection with these services.

3.1 Call Recording and Processing

  • Voice agents may record telephone conversations for quality assurance, compliance, training, and service delivery purposes
  • Call recordings are processed by our voice agent platform provider (Retell AI) and telephony provider (Twilio)
  • Recordings may include the caller's voice, name, phone number, and any information shared during the call
  • Call metadata (duration, timestamps, phone numbers, call outcomes) is collected and stored
  • AI-generated transcripts and summaries may be created from call recordings

3.2 Call Data Retention

  • Call recordings are retained for a maximum of 90 days unless a longer retention period is required by law or agreed with the client
  • Call metadata and transcripts may be retained for the duration of the client engagement plus 12 months
  • Clients may request earlier deletion of recordings and associated data

3.3 Caller Rights

Where calls are recorded, callers are informed at the start of the call. Callers may request access to their call recordings, transcripts, or the deletion of their data by contacting us at info@nocoded.ai.

4. Intelligent Automation Services

Our automation services connect business systems and automate workflows using platforms such as n8n. This may involve processing personal data in the following ways:

  • Transferring data between client systems (CRMs, email platforms, accounting software, databases) as instructed by the client
  • Processing customer records, lead information, employee data, or transaction data as part of automated workflows
  • Generating automated communications (emails, SMS, notifications) on behalf of clients
  • Storing workflow logs and execution data for debugging and audit purposes
  • Processing document content using AI for extraction, classification, or summarisation

In these cases, NoCoded acts as a Data Processor on behalf of our clients (the Data Controllers). We process data only in accordance with client instructions and our Data Processing Agreement.

5. Custom Platform Services

When we build custom platforms, portals, or applications for clients, those platforms may collect and process personal data from the client's customers, employees, or other users. In these cases:

  • The client is the Data Controller for data collected through their platform
  • NoCoded acts as a Data Processor during development, testing, and maintenance
  • We may have access to production data for the purposes of bug fixes, support, and feature development
  • Access to client data is restricted to authorised NoCoded personnel on a need-to-know basis
  • All data access is logged and auditable
  • We recommend and implement appropriate security measures including encryption at rest and in transit, role-based access control, and regular security reviews

6. How We Use Your Information

We use personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve our services
  • Communication: To respond to enquiries, schedule meetings, send project updates, and provide support
  • Billing: To process payments and manage invoicing
  • Legal compliance: To comply with legal obligations, including tax, accounting, and regulatory requirements
  • Business improvement: To analyse website usage, improve our services, and develop new features
  • Marketing: To send relevant information about our services, with your consent where required
  • Security: To protect against fraud, abuse, and unauthorised access

7. Legal Basis for Processing

Under UK GDPR, we process personal data on the following legal bases:

  • Contract: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, marketing, and fraud prevention, where these interests are not overridden by your rights
  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Legal obligation: Processing necessary to comply with a legal obligation

8. Cookies and Tracking

Our website uses the following types of cookies and tracking technologies:

  • Essential cookies: Required for the website to function properly, including session management and security
  • Functional cookies: Used to remember your preferences and provide enhanced features
  • Analytics cookies: Used to understand how visitors interact with our website, helping us improve the user experience
  • Third-party cookies: Set by services embedded on our site, including Cal.com (booking), and any analytics providers

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our website.

9. Data Sharing and Third Parties

We may share personal data with the following categories of recipients:

  • Service providers: Retell AI (voice agents), Twilio (telephony), Cal.com (scheduling), Fireflies.ai (meeting transcription), Supabase (database hosting), Vercel (website hosting), n8n (automation platform)
  • Payment processors: For secure payment processing
  • Professional advisors: Accountants, lawyers, and other professional advisors as necessary
  • Legal authorities: Where required by law, regulation, or legal process

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

10. International Data Transfers

Some of our service providers are based outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, adequacy decisions, or other lawful transfer mechanisms. Key providers and their locations include:

  • Retell AI — United States (SCCs)
  • Twilio — United States (SCCs, certified under UK Extension to the EU-US Data Privacy Framework)
  • Fireflies.ai — United States (SCCs)
  • Vercel — United States (SCCs)
  • Supabase — configurable region (we use EU/UK regions where possible)

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Enquiry data: 24 months from last contact
  • Client project data: Duration of engagement plus 24 months
  • Call recordings: 90 days (unless otherwise agreed or legally required)
  • Meeting transcripts: Duration of engagement plus 12 months
  • Financial records: 7 years (as required by UK tax law)
  • Website analytics: 26 months

12. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@nocoded.ai. We will respond within one month of receiving your request.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and security best practices
  • Incident response procedures for data breaches
  • Secure development practices for custom platforms

14. AI and Automated Decision-Making

Our services use artificial intelligence for call handling, data processing, and workflow automation. We do not use AI to make solely automated decisions that have legal or similarly significant effects on individuals without human oversight. Where AI is used in decision-making processes (such as lead qualification or call triage), human review is available upon request.

15. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

16. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our services, legal requirements, or business practices. Material changes will be communicated via our website. We encourage you to review this policy periodically.

17. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

18. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: info@nocoded.ai
Location: United Kingdom