Privacy Policy

Last updated: 17 February 2026  |  DLX SOLUTIONS GROUP LIMITED  |  Company No: 17033961

1. Who We Are

DLX SOLUTIONS GROUP LIMITED ("DLX", "we", "our", "us") is a private limited company registered in England and Wales.

Company number: 17033961
Registered office: 11 Rhodfa Brenig, Colwyn Bay, LL29 6EA
Contact email: support@dlxsolutions.co.uk

We are the data controller for personal data collected through this website and through our AI receptionist service. Where we process personal data on behalf of our business clients (e.g. the callers who call our clients' phone numbers), we act as a data processor and our clients act as data controllers.

2. What Data We Collect

2.1 Callers to our AI receptionist service

When a person calls a phone number managed by our AI receptionist service, we may collect:

  • Name (as provided by the caller)
  • Phone number (as provided by the caller, or from the Twilio Caller ID where available)
  • Reason for calling and details of their enquiry
  • Urgency level and preferred callback time
  • Audio recording of the call (where recording is enabled)
  • Text transcript of the call
  • Call metadata: date, time, duration, call SID

A call recording disclaimer is played at the start of every call: "This call may be recorded for quality and training purposes."

2.2 Business clients and prospects

When you enquire about or sign up for our services, we collect:

  • Name and email address
  • Business name and phone number
  • Business hours, services, and configuration details
  • Payment and billing information (invoiced separately)
  • Correspondence with us

2.3 Website visitors

When you visit our website, we may collect:

  • Information submitted via contact forms
  • Technical data such as IP address, browser type, and pages visited (where analytics are enabled)
  • Cookie data — see our Cookie Policy

3. How We Use Your Data

3.1 AI receptionist callers

  • To capture and deliver lead information to the business you called
  • To send an SMS summary to the business owner
  • To store the call record for the business client's reference
  • For dispute resolution (using call recordings within the retention period)
  • For billing purposes (call volume, lead counts)

3.2 Business clients

  • To set up and manage your AI receptionist account
  • To deliver lead summaries to you
  • To invoice you for services
  • To contact you about your account, service updates, or material changes

3.3 Website visitors

  • To respond to your enquiry
  • To provide information about our services
  • To improve the website (analytics, where consent is given)

4. Lawful Basis for Processing

  • Contract: processing necessary to fulfil our agreement with business clients (lead capture, SMS notifications, billing)
  • Legitimate interests: processing caller data on behalf of the business who contracted with us to receive missed call leads; operating and improving the service; security and fraud prevention; responding to enquiries
  • Legal obligation: where required to comply with applicable law
  • Consent: for non-essential cookies and marketing communications (where applicable)

5. Data Sharing and Recipients

We share data only with the following parties and only where necessary:

  • Business clients: lead data (name, phone, reason, urgency) is the core purpose of our service and is delivered to the business client
  • Twilio Inc: telephony, call routing, recording, and SMS delivery
  • Supabase: database storage for call records and client configuration
  • OpenAI: intent classification only (limited, anonymised data; not used to train models)
  • Cloud hosting provider (Railway/Render): application server hosting

We do not sell, rent, or share personal data with any third party for marketing, advertising, or any other commercial purpose not related to delivering our service.

Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place (such as standard contractual clauses) in compliance with UK GDPR.

6. Data Retention

  • Call audio recordings: automatically deleted after 60 days
  • Call transcripts: automatically deleted after 60 days
  • Lead records (name, phone, reason): retained for the duration of the client contract, then deleted within 30 days of contract termination or on request
  • Call metadata: retained for 90 days
  • Client account data: retained for the duration of the contract plus 3 years for accounting purposes
  • Contact form submissions: retained for 12 months
  • Invoicing and billing records: retained for 7 years (UK legal requirement)

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data (subject to legal retention obligations)
  • Restriction: request that we restrict processing of your data in certain circumstances
  • Portability: receive your data in a commonly used machine-readable format
  • Object: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at: support@dlxsolutions.co.uk

We will respond within one calendar month. We may ask you to verify your identity before acting on a request.

8. Sensitive (Special Category) Data

Our service is not designed to collect sensitive personal data (such as health, financial, political, or religious information). Our AI is configured not to ask for such information. However, callers may occasionally volunteer sensitive information during a call. Where this occurs:

  • We minimise use to only what is necessary to route the enquiry
  • We do not store sensitive data beyond what is captured in the standard call record
  • Call recordings and transcripts containing sensitive data are subject to the same 60-day deletion schedule

If a caller identifies a medical emergency or urgent safety situation, the AI advises them to call 999 or 112 and does not attempt to collect data in that scenario.

9. Security

We implement appropriate technical and organisational measures to protect personal data including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • Restricted access controls (service role keys, no public database access)
  • Automatic deletion schedules for recordings and transcripts
  • Regular review of security practices

No system is completely secure. In the event of a data breach affecting your rights, we will notify you and (where required) the ICO in accordance with UK GDPR obligations.

10. Cookies

We use essential cookies required for the site to function. We do not use advertising or tracking cookies without your consent. See our Cookie Policy for full details.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page will reflect when changes were made. For material changes, we will notify business clients directly.

12. Contact & Complaints

For any privacy-related queries or to exercise your rights:

Email: support@dlxsolutions.co.uk
Address: DLX SOLUTIONS GROUP LIMITED, 11 Rhodfa Brenig, Colwyn Bay, LL29 6EA

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Phone: 0303 123 1113
Post: ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF