Privacy Notice

Who we are

AuditSail Limited operates a B2B compliance monitoring platform. Our customers are businesses that submit call recordings to our platform for compliance analysis against their own rules and standards.

What this notice covers

This notice explains how we use personal data contained in call recordings for the purpose of improving our AI models and compliance scoring methodology. This processing is separate from the compliance analysis service we provide to our customers, where we act as a data processor on their instructions.

For model improvement processing, we act as an independent data controller. This notice is provided under Article 14 of the UK General Data Protection Regulation (UK GDPR) because we obtain the personal data from our business customers rather than directly from you.

What personal data we process

• Voice recordings and transcriptions of calls submitted to our platform by our business customers
• Names and identifiers of callers and call centre staff where present in the recordings or transcriptions
• Analytical outputs derived from compliance analysis of those recordings

Where we obtain your data

From our business customers, who submit call recordings to our platform for compliance analysis. Our customers are responsible for ensuring they have a lawful basis for recording calls and for meeting their own transparency obligations to you at the point of recording.

What we use it for

We use call recordings, transcriptions, and analysis outputs to develop, improve, benchmark, and refine our compliance scoring methodology, AI models, and platform services. We also use evaluation feedback provided by our customers on compliance flags to improve our AI models.

Our lawful basis

We rely on Article 6(1)(f) UK GDPR – legitimate interests. Our legitimate interest is improving the accuracy and reliability of our AI-powered compliance scoring models and platform services. We have carried out a Legitimate Interests Assessment which concludes that this processing does not override your interests or rights.

Who we share your data with

We do not share personal data processed for model improvement with third parties in identifiable form. The processing is conducted within our own infrastructure. Our sub-processors process data on our instructions under appropriate contractual safeguards.

International transfers

Our sub-processors are located in the United States. Transfers are protected by the UK Addendum to the EU Standard Contractual Clauses, approved by the Information Commissioner's Office under section 119A of the Data Protection Act 2018.

How long we keep your data

We retain personal data for as long as it is necessary for model improvement purposes. Models are continuously improved and benchmarked against historical data. At each annual review we assess whether retained data continues to contribute to model improvement.

Your rights

Under the UK GDPR you have the right to:

• Object to processing (Article 21) – you can object to our use of your data for model improvement. We must then stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
• Access your personal data (Article 15)
• Rectification of inaccurate data (Article 16)
• Erasure of your data in certain circumstances (Article 17)
• Restriction of processing in certain circumstances (Article 18)
• Data portability (Article 20)

To exercise any of these rights, contact us at privacy@auditsail.com.

Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Special category data

We do not seek, extract, or use any special category data (such as health data, racial or ethnic origin, or religious beliefs) as part of model improvement processing. Where such information is incidentally present in a call recording, it is not isolated as a data point or used as a training signal.