User Agreement & Policies

Legal & Compliance

Privacy Policy
Privacy Policy
Privacy

Last updated: January 2026

1. About This Policy

Velto Ltd ("Velto", "we", "us") is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store and protect personal data in connection with our services, including the Airo AI voice agent platform.

Velto Ltd is registered in England and Wales, Company No. 15233558, with a registered address at 124 City Road, London EC1V 2NX.

This policy applies to all individuals whose personal data we process, including visitors to our website, clients, business contacts, and individuals whose contact information is provided to us by our clients for the purposes of operating the Airo platform.

2. Data We Collect

2.1 Data you provide directly

  • Name, email address, phone number and company details when you contact us or engage our services
  • Payment information when you purchase our services
  • Communications you send to us by email or through our website

2.2 Data provided by our clients

Where Velto operates the Airo voice agent on behalf of a client, the client provides us with contact data relating to individuals in their database. This may include:

  • Name, telephone number and email address
  • Any additional profile information provided by the client such as property interest, previous contact history or engagement status

In this context, Velto acts as a data processor on behalf of the client, who is the data controller. We process this data solely for the purposes instructed by the client and in accordance with our Data Processing Agreement.

2.3 Data collected during Airo calls

When the Airo voice agent conducts outbound or inbound calls, the following data may be collected:

  • Call recordings, where the individual has provided explicit consent at the start of the call
  • Call transcripts, where consent has been provided
  • Lead qualification information gathered during the conversation
  • Callback preferences and requested contact times

Where an individual declines consent to recording, the call proceeds without recording and no transcript is retained. The contact is flagged accordingly on the client dashboard.

2.4 Website and usage data

  • IP address and browser information when you visit our website
  • Pages visited and interactions with our website via cookies and similar technologies

3. How We Use Your Data

3.1 To deliver our services

  • Operating and configuring the Airo platform on behalf of clients
  • Conducting outbound calls and processing inbound calls within GDPR-compliant hours
  • Generating call transcripts, qualification data and reports for client dashboards
  • Sending automated follow-up emails on behalf of clients from agreed email addresses
  • Processing payments and managing client accounts

3.2 To improve our services

  • Using anonymised and aggregated performance data (call volumes, connection rates, qualification rates) for product development and benchmarking
  • No personally identifiable information is used for this purpose without prior written consent

3.3 Legal and compliance

  • Complying with applicable laws including UK GDPR and the Data Protection Act 2018
  • Responding to lawful requests from regulatory authorities
  • Protecting our legal rights and interests

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance - where processing is necessary to deliver services you or your organisation have engaged us for
  • Legitimate interests - where we have a legitimate business interest that does not override your rights, such as improving our platform using anonymised data
  • Consent - where you have given explicit consent, such as agreeing to call recording during an Airo call
  • Legal obligation - where we are required to process data to comply with applicable law

5. Data Storage and Security

Your data is stored securely on cloud infrastructure hosted on AWS (Amazon Web Services), which holds SOC 2 Type II, ISO 27001 and GDPR certifications. Our database infrastructure provider (Neon) operates on AWS-backed servers with encryption at rest (AES-256) and in transit (TLS 1.2+).

We implement the following security measures:

  • Encryption of data in transit and at rest
  • Role-based access controls limiting data access to authorised personnel only
  • Multi-factor authentication on all business-critical systems
  • Regular security reviews and access audits
  • Incident response procedures with client notification within 24 hours of discovery of any breach affecting their data

Call recordings and transcripts are retained for a maximum of 90 days from the date of the call, after which they are permanently deleted unless a longer retention period is required by law or agreed with the client. Contact data provided by clients is retained for the duration of the service agreement and deleted within 30 days of contract termination upon written request.

6. Data Sharing

We do not sell your personal data. We may share data in the following limited circumstances:

  • With sub-processors who assist in delivering our services, including cloud infrastructure providers, communication platforms and AI model providers. All sub-processors are bound by data processing agreements and hold appropriate security certifications
  • With clients, in the form of qualified lead data, call summaries and dashboard reporting generated by the Airo platform
  • With regulatory authorities where required by law
  • With professional advisors such as legal counsel where necessary

We do not transfer personal data outside the United Kingdom or European Economic Area without ensuring appropriate safeguards are in place.

7. Velto as Data Processor

Where Velto operates the Airo platform on behalf of a business client, we act as a data processor under UK GDPR Article 28. In this capacity:

  • We process personal data only on the documented instructions of the client
  • We do not use the data for any purpose other than delivering the contracted services
  • We assist clients in fulfilling their obligations regarding data subject rights
  • We notify clients within 24 hours of becoming aware of a personal data breach
  • We delete or return all personal data at the end of the service relationship as instructed by the client

A formal Data Processing Agreement is available upon request and is executed with all enterprise clients prior to the commencement of services.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access - you can request a copy of the personal data we hold about you
  • Right to rectification - you can request correction of inaccurate or incomplete data
  • Right to erasure - you can request deletion of your data where there is no longer a lawful basis for processing
  • Right to restrict processing - you can request that we limit how we use your data
  • Right to object - you can object to processing based on legitimate interests
  • Right to data portability - you can request your data in a structured, machine-readable format
  • Right to withdraw consent - where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at info@velto.co.uk. We will respond within one month of receiving your request.

If you are an individual whose data has been processed by Airo on behalf of one of our clients, your primary point of contact for data rights requests is the client organisation, who is the data controller for that data. We will cooperate fully with any such requests directed to us.

9. Cookies

Our website uses cookies to improve your experience. We use the following types:

  • Functional cookies - to recognise you on return visits and remember your preferences
  • Analytics cookies - to understand how visitors use our website so we can improve it

You can configure your browser to refuse cookies. Some features of our website may not function correctly if cookies are disabled. For more information, visit allaboutcookies.org.

10. Marketing

We may contact you with information about our services where you have given consent or where we have a legitimate interest in doing so. You can opt out of marketing communications at any time by emailing info@velto.co.uk or clicking the unsubscribe link in any marketing email.

11. Changes to This Policy

We review this policy regularly and will publish updates on our website. The date at the top of this document reflects the most recent update. We will notify you of material changes where we have your contact details.

12. Contact Us

For any questions about this policy or to exercise your data rights:

Email: info@velto.co.uk

Post: Velto Ltd, 124 City Road, London EC1V 2NX

To report a complaint or if you feel your concern has not been addressed satisfactorily, you may contact the Information Commissioner's Office:

Information Commissioner's Office

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Helpline: 0303 123 1113

Website: ico.org.uk

Back
Contact Us
Velto
© 2025 . VELTO LTD
SITE MAP
Home
AI in Action
Blogs
Solutions
Contact
About
CONNECT
LinkedIn
YouTube
Instagram
Articles
X
LEGAL
Privacy Policy
Cookie Policy
Terms Of Use
Ethics and Safety
Modern Day Slavery
Anti-Modern Slavery Policy
@ 2024 . VELTO LTD
All rights reserved.
PRIVACY POLICY
TERM OF USE
CONTACT