Gasta AI — Privacy Policy
Effective Date
January 2026
Last Updated
January 2026
Data Controller
Gasta AI
ICO Registration
CSN2334115
This Privacy Policy explains how Gasta AI ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the Gasta AI application. This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
We collect the following categories of personal data:
Account and Business Information:
- Your name and email address
- Your business name, type, and contact details
- Your profile photo or business logo (if uploaded)
- Your subscription tier and billing history
Call and Communications Data:
- Phone numbers of callers to your Twilio number
- Call logs including date, time, and duration
- SMS message content sent to and from your Twilio number
- Voice call transcripts generated by the AI
- Booking details collected during AI calls
Technical Data:
- Device type and operating system
- App usage data and crash reports
- IP address and login timestamps
2. How We Use Your Data
We use your data for the following purposes:
- To provide and operate the Service, including provisioning your Twilio number and enabling AI features.
- To process your subscription payments via Stripe.
- To send you service-related notifications, including appointment confirmations and payment receipts.
- To display your call logs, messages, and bookings within the app.
- To improve the performance and accuracy of our AI systems using anonymised and aggregated data only.
- To comply with legal obligations.
3. Legal Basis for Processing
Under UK GDPR, we process your data on the following legal bases:
- Contract performance — to provide the Service you have subscribed to.
- Legitimate interests — to improve our Service and prevent fraud.
- Legal obligation — to comply with applicable laws and regulations.
- Consent — where you have explicitly provided consent, such as for marketing communications.
4. Caller Data and Third Party Information
When callers contact your Twilio number, we process their phone numbers and the content of their messages or calls. As the business owner, you are a data controller in respect of this caller data. You are responsible for ensuring your use of the Service complies with UK GDPR, including informing callers where required that their call may be answered by an AI system.
5. Data Sharing
We share your data only with the following trusted third parties, who are bound by data processing agreements:
- Twilio Inc. — for phone number provisioning, call routing, and SMS delivery.
- Anthropic — for AI processing of messages and call transcripts.
- Stripe Inc. — for payment processing.
- Railway — for secure cloud hosting of your data.
We do not sell your personal data to third parties. We do not use your data for advertising purposes.
6. Data Retention
- Account data is retained for the duration of your subscription plus 30 days after cancellation.
- Call logs and message history are retained for 12 months.
- Call transcripts and recordings are retained for 90 days.
- Payment records are retained for 7 years as required by HMRC.
7. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted database storage, secure HTTPS connections, JWT-based authentication, and access controls. However, no system is completely secure and we cannot guarantee absolute security.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — to request a copy of the data we hold about you.
- Right to rectification — to correct inaccurate or incomplete data.
- Right to erasure — to request deletion of your data in certain circumstances.
- Right to restriction — to limit how we process your data.
- Right to data portability — to receive your data in a machine-readable format.
- Right to object — to object to processing based on legitimate interests.
To exercise any of these rights, contact us at support@gasta.ai. We will respond within 30 days.
9. Complaints
If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. International Transfers
Some of our third party providers (including Twilio, Anthropic, and Stripe) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or in-app notification. Continued use of the Service constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions or to exercise your rights:
Email: support@gasta.ai
Website: https://gasta.ai
Data Controller: Gasta AI
Address: Northern Ireland, United Kingdom