1) WHO WE ARE
“Neutropy”, “we”, “us”, or “our” means Neutropy, operating from Ireland.
2) WHAT THIS POLICY COVERS
This Privacy Policy explains how we collect, use, and protect personal data when you:
- visit our website (neutropy.ai);
- use our web voice widget demo (voice/microphone interactions on the site);
- contact us (forms, email, phone);
- request a demo or information about Neutropy.
IMPORTANT: When a business uses Neutropy’s AI receptionist to handle calls/messages for that business, the business is typically the “controller” for caller/end-user data and their privacy notice applies. Neutropy acts as a “processor” on that business’s instructions under a Data Processing Agreement (DPA).
3) PERSONAL DATA WE COLLECT
A) Data you provide to Neutropy
- Identity/contact: name, email address, phone number, business name, job title (if provided)
- Enquiry content: messages, form fields, attachments you send us
- Demo/voice widget content: audio, transcript, and what you say (if you use our web voice widget)
- Booking/demo details: preferred date/time, notes you provide
B) Data we collect automatically (website/app usage)
- Device/usage: IP address, browser type, device identifiers, pages visited, timestamps, referral source
- Cookies and similar technologies (see “Cookies” section)
C) Data processed for customers (processor data)
If you call/message a business that uses Neutropy, we may process on that business’s behalf:
- Call or message content (including audio and transcripts)
- Caller phone number and communication metadata (time, duration, routing, outcome)
- Booking details captured during the interaction
- Records written to the business’s CRM/booking system (e.g., appointment details)
D) Sensitive / special category data
Callers sometimes share sensitive information (for example, health-related information when booking clinics). Where Neutropy processes this for a business customer, the business customer is responsible for establishing the correct lawful basis and providing appropriate notices. Neutropy processes such data only on the customer’s instructions and minimises what it collects where possible.
4) HOW WE USE PERSONAL DATA (PURPOSES AND LEGAL BASES)
We only use personal data where we have a lawful basis under GDPR.
A) Run and secure our website and services
Purpose: security, fraud prevention, debugging, performance monitoring, service reliability
Legal basis: legitimate interests
B) Respond to enquiries and arrange demos
Purpose: reply to messages, schedule calls, provide requested information
Legal basis: legitimate interests; and/or steps prior to entering a contract
C) Provide our services to business customers
Purpose: provide AI receptionist functionality, integrations, routing, analytics, support
Legal basis: performance of a contract (with the business customer); and/or processor activity under a DPA
D) Improve quality and reliability
Purpose: troubleshooting, quality assurance, improving conversation flows and reliability
Legal basis: legitimate interests
Safeguards: we aim to use aggregated metrics where possible and to minimise personal data.
E) Billing and payments
Purpose: subscriptions, invoices, payments, audit trails, tax/accounting records
Legal basis: performance of a contract; legal obligation
Payments: processed by Stripe. Neutropy does not store full credit card details.
F) Marketing communications (Neutropy marketing)
Purpose: send product updates, newsletters, offers
Legal basis: consent (or “soft opt-in” where legally available for similar services)
You can opt out at any time.
We do not sell personal data.
5) VOICE WIDGET / CALL AUDIO, TRANSCRIPTS, AND AI OUTPUTS (IMPORTANT)
A) Web voice widget demo
If you use our web voice widget, we may process audio and transcripts to provide the demo and for quality/security. The widget only accesses your microphone if you choose to start/allow it in your browser.
B) AI limitations
AI can misunderstand speech or generate incorrect outputs. Do not treat AI output as professional advice. For important items (pricing, medical matters, legal matters, refunds/cancellations), verify with a human.
C) Automated decision-making
Neutropy is designed to assist with customer service (e.g., booking or routing) and is not intended to make decisions with legal or similarly significant effects solely by automated processing.
6) WHO WE SHARE DATA WITH
We share personal data only where necessary:
- Cloud hosting / infrastructure providers (hosting, storage, monitoring)
- Communications providers (telephony, email, SMS) including Twilio (where configured)
- AI providers (large language models) including OpenAI, Anthropic (Claude), and Google (Gemini), where configured
- Analytics/advertising providers (only if you consent), including Google Analytics and Meta
- Payment processors (Stripe) for billing
We may also share data with:
- Professional advisers (lawyers, accountants) where necessary
- Authorities where required by law
- A buyer/successor in a business transaction (with safeguards)
7) INTERNATIONAL TRANSFERS
Some providers may process data outside the EEA (including the UK and the US). Where personal data is transferred internationally, we implement appropriate safeguards (such as Standard Contractual Clauses) and apply additional technical and organisational measures where appropriate (for example, encryption and access controls).
8) COOKIES AND TRACKING
We use:
- Strictly necessary cookies (site functionality, security)
- Optional analytics cookies (only if you consent)
- Optional marketing cookies (only if you consent)
We will run a cookie consent banner and preference controls to comply with EU/Irish cookie rules.
Cookie settings: https://neutropy.ai/cookie-settings
Cookie Policy: https://neutropy.ai/cookie-policy
9) DATA RETENTION
We keep personal data only as long as needed for the purposes above.
Standard retention periods:
- Website security/technical logs: up to 90 days
- Enquiries, demo bookings, and sales correspondence: up to 24 months from last interaction
- Web voice widget demo audio/transcripts: up to 30 days
- Marketing lists: until you unsubscribe/withdraw consent
- Contract, billing, and tax records: up to 7 years
- Backups (where applicable): up to 30 days
Processor data for business customers (caller/end-user data) is retained according to the DPA and the customer’s instructions, with a default retention of 90 days unless configured otherwise.
10) SECURITY
We use appropriate technical and organisational measures, including:
- Encryption in transit (TLS)
- Access controls and least-privilege access
- Multi-factor authentication for administrative access
- Logging/monitoring and incident handling processes
No system is 100% secure, but we work to protect your data.
11) YOUR GDPR RIGHTS
Depending on the circumstances, you may have rights to:
- Access your data
- Rectify inaccurate data
- Delete your data
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent (where processing is based on consent)
To exercise your rights, email: luke@neutropy.ai. We may need to verify your identity.
If your request relates to data processed for a business that uses Neutropy, the business (as controller) may need to handle your request. We will route it appropriately.
12) COMPLAINTS (IRELAND)
If you are unhappy with how we handle your data, email us: luke@neutropy.ai.
You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC):
- Postal address: Data Protection Commission, 6 Pembroke Row, Dublin 2, D02 X963, Ireland
- Email: info@dataprotection.ie
- Telephone: (01) 765 0100 / 1800 437 437
13) CHILDREN
Our website and services are not directed at children. We do not knowingly collect children’s personal data.
14) CHANGES TO THIS POLICY
We may update this policy from time to time. We will update the “Last updated” date and, where changes are material, we will take reasonable steps to notify users (e.g., website notice).