Privacy Policy

Privacy Policy

Privacy Policy

Last updated: July 11, 2026

Controller: Martemi Ltd, operating as SmartyAgents.ai

This Privacy Policy explains how SmartyAgents.ai collects, uses, and protects information when you visit our website, contact us, or use our services. This page is provided for general transparency.

This Privacy Policy explains how SmartyAgents.ai collects, uses, and protects information when you visit our website, contact us, or use our services. This page is provided for general transparency.

1. Who We Are

1. Who We Are

This Privacy Policy applies to Martemi Ltd, a company registered in Bulgaria (EU), operating under the brand name SmartyAgents.ai ("we", "us", "our").

We provide AI telephone agent services to businesses across Europe and internationally.

Data Controller contact details:
Email: support@smartyagents.ai
Website: smartyagents.ai

If you are located in the EU/EEA, Martemi Ltd is the data controller responsible for your personal data under the General Data Protection Regulation (EU) 2016/679 ("GDPR").

2. What Personal Data We Collect

2. What Personal Data We Collect

We collect personal data in the following categories:

2.1 Data you provide directly

  • Full name and job title

  • Business name and company details

  • Email address and phone number

  • Billing address and payment details (processed by our payment processor — we do not store card data)

  • Messages sent through our contact form, onboarding form, or by email

  • Any other information you voluntarily submit to us

2.2 Data collected automatically when you visit our website

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and time spent on each page

  • Referring URL

  • Device type

  • Cookies and similar tracking technologies (see Section 9)

2.3 Data we collect in the course of providing our services

  • Call recordings and transcriptions made by AI voice agents deployed on behalf of our clients

  • Caller identification data (where technically available)

  • Appointment booking data and calendar information

  • CRM data synced through integrations at the request of our clients

  • Voice samples (Enterprise plan customers only, where voice cloning is enabled with explicit consent)

2.4 Data collected from third parties

  • Business contact data from publicly available sources (for outreach purposes, subject to legitimate interests assessment)

  • Data from integration partners (e.g. CRM systems, calendar tools, practice management software) at the direction of our clients

3. Legal Basis for Processing

3. Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases:

Purpose

Legal Basis

Responding to enquiries and providing our services

Article 6(1)(b) — Performance of a contract / pre-contractual steps

Processing payments and managing billing

Article 6(1)(b) — Performance of a contract

Sending service-related communications

Article 6(1)(b) — Performance of a contract

Sending marketing communications (with opt-in)

Article 6(1)(a) — Consent

Improving our website and services

Article 6(1)(f) — Legitimate interests

Complying with legal obligations

Article 6(1)(c) — Legal obligation

Processing call recordings for clients

Article 6(1)(b) — Performance of a contract with our client

Business development outreach

Article 6(1)(f) — Legitimate interests (B2B context)

Where we rely on legitimate interests, we have carried out a balancing test and concluded our interests do not override your rights and freedoms. You may request a copy of our legitimate interests assessment by contacting us.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. How We Use Your Personal Data

4. How We Use Your Personal Data

We use personal data for the following purposes:

  • To respond to enquiries, requests, and support tickets

  • To set up, configure, and maintain AI voice agents on your behalf

  • To process payments and manage your subscription

  • To send you onboarding information, service updates, and account notifications

  • To send you marketing communications where you have opted in or where permitted under soft opt-in rules (B2B)

  • To improve our platform, services, and website based on usage data

  • To comply with legal obligations including tax, accounting, and regulatory requirements

  • To protect our legal rights and prevent fraud or misuse of our services

  • To process call recordings and transcriptions as instructed by our clients (data processor role)

5. Our Role: Controller vs. Processor

5. Our Role: Controller vs. Processor

Smarty Agents acts in two distinct roles depending on the context:

As a Data Controller: when we collect and use your data to manage your account, respond to enquiries, process payments, and operate our business.

As a Data Processor: when we process personal data on behalf of our clients through the operation of AI voice agents — including call recordings, caller information, and booking data. In this role, we act solely on the instructions of our client (the Data Controller) under a Data Processing Agreement (DPA).

If you are a caller whose data has been processed by an AI agent operated by one of our clients, your data rights should be directed to that client (the business whose agent answered your call). We will co-operate with any such request where required.

Enterprise clients who require a formal Data Processing Agreement (DPA) under GDPR Article 28 should contact us at support@smartyagents.ai.

6. Who We Share Your Data With

6. Who We Share Your Data With

We do not sell personal data. We share data only in the following circumstances:

6.1 Service providers and sub-processors
We use carefully selected third-party providers to operate our services. These include:

  • Cloud hosting and infrastructure providers (EU-based or with EU Standard Contractual Clauses in place)

  • Payment processors (e.g. Stripe — PCI-DSS compliant)

  • Email communication tools (e.g. for sending notifications and reports)

  • AI model providers used to power voice agents

  • CRM and calendar integration partners (as directed by our clients)

  • Analytics and website performance tools

All sub-processors are bound by data processing agreements and are required to implement appropriate technical and organisational security measures.

6.2 Legal and regulatory requirements
We may disclose personal data where required to do so by applicable law, court order, or regulatory authority. We will notify you of such disclosures where legally permitted to do so.

6.3 Business transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.

7. International Data Transfers

7. International Data Transfers

We are based in the EU and process data primarily within the European Economic Area (EEA).

Where we use service providers based outside the EEA (including certain AI model providers and infrastructure tools), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions where applicable

  • Binding Corporate Rules where applicable

You may request details of the safeguards in place for specific transfers by contacting us at support@smartyagents.ai.

8. Data Retention

8. Data Retention

We retain personal data for only as long as necessary for the purposes for which it was collected, taking into account our legal obligations and the rights of data subjects.

Data type

Legal Basis

Account and contact data

Duration of contract + 3 years

Billing and payment records

10 years (legal / tax obligation)

Call recordings and transcriptions

As configured by the client (default: 90 days; auto-delete available on all plans)

Website analytics data

12 months

Marketing consent records

Until consent is withdrawn + 3 years

Support correspondence

3 years after last contact

Legal claims data

7 years from resolution

Where a client configures auto-delete for call recordings, those recordings are permanently deleted at the end of the configured period. This setting is available on all plans and can be configured in your onboarding form.

9. Cookies

9. Cookies

Our website uses cookies and similar technologies. By using our website, you consent to our use of cookies in accordance with this section.

Types of cookies we use:

Cookie type

Purpose

Strictly necessary

Enable core website functionality

Analytics

Understand how visitors use our site

Marketing / tracking

Personalise and measure advertising

Preference

Remember your settings and choices

You can manage your cookie preferences at any time via our cookie settings panel. You can also manage cookies through your browser settings, though this may affect website functionality.

For full details of the specific cookies we use, please refer to our Cookie Notice.

10. Your Rights Under GDPR

10. Your Rights Under GDPR

If you are located in the EU/EEA (or UK under UK GDPR), you have the following rights:

10.1 Right of access (Article 15)
You have the right to request a copy of the personal data we hold about you and information about how we use it.

10.2 Right to rectification (Article 16)
You have the right to request that we correct inaccurate or incomplete personal data.

10.3 Right to erasure / 'right to be forgotten' (Article 17)
You have the right to request deletion of your personal data where there is no compelling reason for us to continue processing it.

10.4 Right to restriction of processing (Article 18)
You have the right to request that we restrict processing of your personal data in certain circumstances.

10.5 Right to data portability (Article 20)
Where processing is based on consent or contract, you have the right to receive your personal data in a structured, machine-readable format and to transfer it to another controller.

10.6 Right to object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop immediately.

10.7 Rights related to automated decision-making (Article 22)
Where we use automated processing that produces legal or similarly significant effects, you have the right not to be subject to such decisions without human review. Contact us if you believe this applies to you.

10.8 Right to withdraw consent
Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.

To exercise any of these rights, please contact us at: support@smartyagents.ai

We will respond within 30 days. In complex cases we may extend this by a further 60 days, in which case we will notify you. We will not charge a fee for reasonable requests.

We may need to verify your identity before processing your request.

11. Right to Lodge a Complaint

11. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority.

If you are based in Germany, the relevant authority is your state Data Protection Authority (Landesdatenschutzbehörde). A full list is available at: bfdi.bund.de

If you are based in another EU/EEA country, please contact your national supervisory authority.

We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority — please reach out to us first at support@smartyagents.ai.

12. Children's Data

12. Children's Data

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

13. Changes to This Policy

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page

  • Notify active customers by email where the changes affect how we process their data

  • Where required by law, seek fresh consent

We encourage you to review this policy periodically.

14. Contact Us

14. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or how we handle personal data:

Martemi Ltd — SmartyAgents.ai
Email: support@smartyagents.ai
Website: smartyagents.ai

For data subject rights requests, please include "Data Rights Request" in your subject line and provide sufficient information to verify your identity. We will respond within 30 days.