PRIVACY POLICY
Last updated: July 2026
This Privacy Policy explains how FoodVision23 Ltd ("we", "us", "our"), a company incorporated in the Republic of Cyprus (EU), operating under the brand RingBoost AI through the website www.ringboost.ai, collects, uses, stores, shares and protects your personal data.
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the ePrivacy Directive 2002/58/EC (as amended), and applicable national laws of the Republic of Cyprus and the European Union.
This policy applies to all visitors to our website, prospective and current clients, callers who interact with our AI voice agent ("Emma"), and any other individuals whose personal data we process in the course of providing our services.
1. Data Controller
The data controller responsible for your personal data is:
FoodVision23 Ltd
Trading as: RingBoost AI
Incorporated in the Republic of Cyprus (EU)
Website: www.ringboost.ai
Email: privacy@ringboost.ai
Data Protection Officer: dpo@ringboost.ai
2. What Personal Data We Collect
We collect and process the following categories of personal data, depending on how you interact with us:
2.1 Website Visitors
Technical data: IP address, browser type, operating system, device type, referring URL, pages visited, time on page
Cookie data: as described in our Cookie Policy
Form submissions: name, email address, phone number, company name, and any message content you provide through contact or demo booking forms
2.2 Prospective Clients
Contact and business information: name, email address, phone number, company name, business type, number of locations
Demo booking data: date, time, and notes submitted when scheduling a demonstration
Communication records: emails, chat messages, and call records from our sales process
2.3 Clients (Subscribers to RingBoost AI Services)
Account information: company name, business address, billing address, contact details of authorised personnel
Billing data: payment method details (processed by our third-party payment processor, not stored by us directly), invoices, transaction history
Service configuration data: phone numbers, routing schedules, escalation contacts, knowledge base content, language preferences, integration credentials
Usage data: call minutes consumed, SMS/WhatsApp messages sent, feature usage, login activity on the client dashboard
2.4 Callers (End Users Who Interact with Emma)
Call data: caller phone number (CLI), date, time, and duration of call
Call recordings: audio recordings of calls handled by Emma (where enabled by the client)
Call transcripts: automated text transcriptions of calls
Information provided during the call: name, contact details, appointment preferences, booking details, enquiry content, and any other information voluntarily disclosed by the caller
Important: When we process caller data on behalf of our clients, we act as a Data Processor under GDPR Article 28. The client remains the Data Controller and is responsible for ensuring a lawful basis for processing, including obtaining any required consent for call recording in their jurisdiction.
3. How We Use Your Personal Data
We process personal data for the following purposes and on the following legal bases:
To provide our AI voice receptionist service (Legal basis: performance of a contract, GDPR Art. 6(1)(b)) — answering inbound and outbound calls, booking appointments, handling enquiries, sending SMS/WhatsApp follow-ups, syncing data with client booking and practice management platforms
To manage client accounts and billing (Legal basis: performance of a contract, GDPR Art. 6(1)(b)) — account setup, invoicing, payment processing, plan upgrades and downgrades
To respond to enquiries and provide demos (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — responding to contact form submissions, scheduling and conducting product demonstrations
To improve our services (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — analysing call analytics, performance metrics, and usage patterns to improve Emma's accuracy, response quality, and service reliability
To send marketing communications (Legal basis: consent, GDPR Art. 6(1)(a)) — newsletters, product updates, and promotional content. You may withdraw consent at any time
To comply with legal obligations (Legal basis: legal obligation, GDPR Art. 6(1)(c)) — tax records, regulatory requirements, responding to lawful requests from authorities
To protect our legitimate interests (Legal basis: legitimate interest, GDPR Art. 6(1)(f)) — fraud prevention, security monitoring, enforcing our Terms of Service
4. Call Recordings and Transcripts
Emma may record calls and generate automated transcripts as part of the service provided to our clients. The following applies:
Call recording is enabled or disabled by the client during onboarding configuration
Where recording is enabled, a standard recording disclosure is played at the start of each call, as required by the ePrivacy Directive
The client (Data Controller) is solely responsible for ensuring that call recording complies with applicable laws in their jurisdiction, including the ePrivacy Directive and any national implementation thereof
Default retention period for call recordings and transcripts is 30 days, after which they are automatically deleted unless the client has configured a different retention period
Clients may request early deletion of recordings at any time
5. Who We Share Your Data With
We do not sell your personal data. We share personal data only with the following categories of recipients, and only to the extent necessary to provide our services:
AI and voice infrastructure: RetellAI (voice agent platform), for processing and handling calls
Telephony provider: Twilio, for call routing and SMS/WhatsApp delivery
Automation platform: Make, for connecting Emma with client booking systems including Cliniko, Doctolib, Mindbody, Virtuagym, Treatwell, Fresha, Phorest, SevenRooms, OpenTable, Quandoo, TheFork, Oracle OPERA, Cloudbeds, Mews, Clio, and others
CRM and client management: GoHighLevel, for managing client accounts and communications
Client dashboard: Lovable (with Supabase backend), for the client-facing portal and white-label reporting
Analytics: Google Analytics (GA4), for website performance measurement
Cloud hosting: for secure data storage, primarily within the EEA
Payment processor: for subscription payments (we do not store card details directly)
Professional advisors: legal, accounting, and tax advisors, as required
Law enforcement or regulatory bodies: where required by law or to protect our legal rights
All third-party processors are bound by Data Processing Agreements (DPAs) in accordance with GDPR Article 28.
6. International Data Transfers
We primarily store and process personal data within the European Economic Area (EEA). Where data is transferred outside the EEA (for example, to service providers based in the United States), we ensure appropriate safeguards are in place, including:
EU Commission adequacy decisions (GDPR Art. 45)
Standard Contractual Clauses (SCCs) approved by the EU Commission (GDPR Art. 46(2)(c))
EU-US Data Privacy Framework certification, where applicable
You may request details of the specific safeguards applied to any transfer by contacting privacy@ringboost.ai.
7. Data Retention
Call recordings and transcripts: 30 days (default), unless configured otherwise by the client
Client account data: duration of the contractual relationship plus 6 years for tax and legal compliance
Prospective client data: 12 months from last interaction, unless consent is given for longer retention
Website analytics data: as governed by our Cookie Policy (maximum 26 months for Google Analytics)
Marketing consent records: for as long as consent remains active, plus 3 years for proof of consent
Billing and financial records: 6 years, as required by Cyprus tax law
After the applicable retention period, data is securely deleted or anonymised.
8. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of access (Art. 15) — obtain confirmation of whether we process your data and request a copy
Right to rectification (Art. 16) — request correction of inaccurate or incomplete data
Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten")
Right to restriction of processing (Art. 18) — request limitation of how we use your data
Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format
Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing
Right to withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw it at any time without affecting prior processing
Right regarding automated decision-making (Art. 22) — Emma does not make decisions with legal or similarly significant effects; all call handling is informational and operational
To exercise any of these rights, contact info@foodvision23.com. We will respond within 30 days.
For callers: if you interacted with Emma on behalf of one of our clients, the client is the Data Controller for your call data. Please contact the business you called directly to exercise your rights. We will assist our clients in fulfilling such requests.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
Encryption of data in transit (TLS/SSL) and at rest
Access controls and role-based permissions for all internal systems
Regular security assessments of third-party providers
Data breach notification within 72 hours to the supervisory authority (GDPR Art. 33) and to affected individuals where required (GDPR Art. 34)
10. Children's Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child's data has been provided to us, contact info@foodvision23.com immediately.
11. Data Processing Agreements
Where we act as Data Processor on behalf of our clients, we enter into a Data Processing Agreement (DPA) in accordance with GDPR Article 28, setting out the subject matter, duration, nature and purpose of processing, the types of personal data, and the obligations and rights of both parties. Clients may request a copy at privacy@ringboost.ai.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date above. For significant changes, we may also notify clients directly via email.
13. Contact Us and Complaints
FoodVision23 Ltd (trading as RingBoost AI)
Incorporated in the Republic of Cyprus (EU)
Email: info@foodvision23.com
Data Protection Officer: info@foodvision23.com
If you are unsatisfied with our response, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (the supervisory authority of the Republic of Cyprus), or with the supervisory authority of the EU Member State in which you reside or work.
© 2026 FoodVision23 Ltd (trading as RingBoost AI). All rights reserved. Registered in the Republic of Cyprus (EU).