Gasta AI — Privacy Policy

Effective Date

January 2026

Last Updated

January 2026

Data Controller

Gasta AI

ICO Registration

CSN2334115

This Privacy Policy explains how Gasta AI ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the Gasta AI application. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect the following categories of personal data:

Account and Business Information:

  • Your name and email address
  • Your business name, type, and contact details
  • Your profile photo or business logo (if uploaded)
  • Your subscription tier and billing history

Call and Communications Data:

  • Phone numbers of callers to your Twilio number
  • Call logs including date, time, and duration
  • SMS message content sent to and from your Twilio number
  • Voice call transcripts generated by the AI
  • Booking details collected during AI calls

Technical Data:

  • Device type and operating system
  • App usage data and crash reports
  • IP address and login timestamps

2. How We Use Your Data

We use your data for the following purposes:

  • To provide and operate the Service, including provisioning your Twilio number and enabling AI features.
  • To process your subscription payments via Stripe.
  • To send you service-related notifications, including appointment confirmations and payment receipts.
  • To display your call logs, messages, and bookings within the app.
  • To improve the performance and accuracy of our AI systems using anonymised and aggregated data only.
  • To comply with legal obligations.

3. Legal Basis for Processing

Under UK GDPR, we process your data on the following legal bases:

  • Contract performance — to provide the Service you have subscribed to.
  • Legitimate interests — to improve our Service and prevent fraud.
  • Legal obligation — to comply with applicable laws and regulations.
  • Consent — where you have explicitly provided consent, such as for marketing communications.

4. Caller Data and Third Party Information

When callers contact your Twilio number, we process their phone numbers and the content of their messages or calls. As the business owner, you are a data controller in respect of this caller data. You are responsible for ensuring your use of the Service complies with UK GDPR, including informing callers where required that their call may be answered by an AI system.

5. Data Sharing

We share your data only with the following trusted third parties, who are bound by data processing agreements:

  • Twilio Inc. — for phone number provisioning, call routing, and SMS delivery.
  • Anthropic — for AI processing of messages and call transcripts.
  • Stripe Inc. — for payment processing.
  • Railway — for secure cloud hosting of your data.

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

6. Data Retention

  • Account data is retained for the duration of your subscription plus 30 days after cancellation.
  • Call logs and message history are retained for 12 months.
  • Call transcripts and recordings are retained for 90 days.
  • Payment records are retained for 7 years as required by HMRC.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted database storage, secure HTTPS connections, JWT-based authentication, and access controls. However, no system is completely secure and we cannot guarantee absolute security.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — to request a copy of the data we hold about you.
  • Right to rectification — to correct inaccurate or incomplete data.
  • Right to erasure — to request deletion of your data in certain circumstances.
  • Right to restriction — to limit how we process your data.
  • Right to data portability — to receive your data in a machine-readable format.
  • Right to object — to object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@gasta.ai. We will respond within 30 days.

9. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. International Transfers

Some of our third party providers (including Twilio, Anthropic, and Stripe) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification. Continued use of the Service constitutes acceptance of the updated policy.

12. Contact Us

For any privacy-related questions or to exercise your rights:

Email: support@gasta.ai

Website: https://gasta.ai

Data Controller: Gasta AI

Address: Northern Ireland, United Kingdom