How we handle your data.

ATI Labs Ltd is the data controller for the information you provide directly to us through this website (e.g. demo requests). For voice and conversation data processed through the ATI platform on behalf of our customers, ATI acts as a data processor and our customer is the controller.

For data protection questions, contact us at privacy@atilabs.ai.

• Site-visit data: pages viewed, basic referrer information, and the form fields you choose to submit (name, email, company, message).
• Voice and transcript data processed by ATI agents on behalf of our customers, where ATI is acting as processor under our customer’s instructions.
• Account data for customers using our admin console: email, role, organisation, sign-in events.

• To respond to demo requests and sales conversations.
• To run the ATI voice agents our customers have configured.
• To improve service reliability, debug incidents, and produce aggregate usage reporting.
• To comply with legal obligations.

We do not train models on customer data.Customer voice, transcript and CRM data are never used to train any model · ours or our vendors’. We also do not retain conversation content for our own use.

We use a short list of subprocessors to deliver the service: cloud hosting (Amazon Web Services), telephony carriers (Telnyx), speech and language vendors used inside the voice pipeline (Deepgram for speech-to-text, ElevenLabs for text-to-speech, OpenAI for language models), website hosting (Vercel), product analytics (PostHog, EU cloud), transactional email (Resend) and CRM for sales enquiries (Attio). A full subprocessor list is available on request and is updated quarterly. Customers are notified by email at least 30 days before any new subprocessor is added.

Platform data is processed and stored in the UK (AWS eu-west-2, London). Website analytics are processed in the EU (PostHog EU cloud). Additional residency regions for platform data are available for enterprise deployments as customer demand drives them — ask us about your region.

TLS 1.3 in transit and AES-256 at rest. Multi-tenant isolation enforced at the database layer. Role-based access controls and audit logging on customer data. We are actively working toward SOC 2 attestation; happy to share our current control set and roadmap with your security team.

Site form submissions: 24 months from submission, then deleted. Customer call recordings and transcripts: retained according to each customer’s configured policy. Account logs: 12 months. We honour deletion requests within 30 days of receipt.

Where applicable under GDPR, UK GDPR, DPDP or comparable law, you can:

• Request a copy of the personal data we hold about you.
• Correct inaccurate data.
• Ask us to delete your data (subject to legal retention rules).
• Object to processing or restrict it.
• Withdraw consent at any time.

Reach out at privacy@atilabs.aiand we’ll respond within 30 days.

We use essential cookies to remember your region and theme preferences. First-party product analytics (PostHog, EU cloud — including session replay) run only if you accept themin the cookie banner; choosing “Essential only” keeps analytics off. We do not use third-party advertising cookies on this website. To change your choice, clear this site’s data in your browser and the banner will ask again.

Material changes will be flagged on this page with a new “Last updated” date and, where required, notified by email to active customers at least 30 days in advance.

privacy@atilabs.ai

For broader security questions, see our trust center.