Issued by: BeVisible Online Solutions Ltd
Effective Date: 01 January 2025
Last Updated: 20 September 2025

1. Purpose & Scope

This Policy explains how BeVisible Online Solutions Ltd (“BeVisible,” “we,” “us”) uses Voice AI and Conversational AI across GoHighLevel/LeadConnector and compatible platforms (e.g., VAPI, Retell, Thoughtly, GHL), to support inquiries, appointment scheduling, and customer engagement. It describes our commitments to:

Transparency in AI-driven interactions

Privacy protection and compliance with global data laws (GDPR/CCPA and others)

Responsible AI practices (no manipulation; accuracy-focused)

Security and data-minimization

This Policy applies to BeVisible’s services, including white-label deployments and client subaccounts.

2. Roles & Data Handling

2.1 Controller / Processor Roles

For BeVisible’s own clients, prospects, and BVHN members, BeVisible is the Data Controller.

For client subaccounts (e.g., hotels or service businesses), the Client is the Data Controller and BeVisible acts as Data Processor, processing data only on the Client’s documented instructions.

2.2 AI Interactions & Data Types

When users engage with our AI agents (voice or chat), we may process:

Identity/Contact: full name, email address, phone number (and optionally address where the Client collects it)

Interaction Data: call audio, transcripts, chat logs, timestamps, booking details

RAG/Website Data: content retrieved from the Client’s site to answer queries

We do not collect government IDs or cardholder data. Payment details are handled by the payment provider (e.g., Stripe).

2.3 Lawful Basis & Consent

We process personal data under lawful bases such as contract, consent, legitimate interests, and legal obligations. Where required, users are informed and can provide or withdraw consent at any time.

3. Payments

BeVisible and its Clients do not collect or store credit card data.

All payments/subscriptions are processed by Stripe (or another payment service provider). These providers are PCI-DSS compliant and act as independent controllers for payment data.

BeVisible retains only non-sensitive payment artifacts (e.g., status, subscription IDs).

4. Sub-Processors

To provide our services, we use trusted sub-processors, including but not limited to:

GoHighLevel / LeadConnector – CRM, automations, workflows

Stripe – payment processing

Twilio – telephony/SMS

OpenAI – natural language processing

VAPI – AI orchestration & integrations

Retell – AI voice agent platform

Others as required to operate and improve services

A complete, current list of sub-processors is available on request.

5. AI Transparency & Responsible Use

Users will be clearly informed when they are interacting with an AI agent.

AI outputs are designed to be helpful, accurate, and non-manipulative.

No model training: We do not sell data or use it to train external AI models. AI providers may temporarily process data solely to enable the requested functionality.

Users may opt out of AI interactions or request deletion as described in Section 8.

6. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

Encrypted transport (TLS), platform encryption at rest

Role-based access control and least-privilege

MFA where available; staff confidentiality and training

Vendor due diligence and sub-processor contractual safeguards

Logging/monitoring and platform-level backups/DR

7. Retention & Deletion

We retain personal data only as long as necessary to deliver services or meet legal obligations (e.g., up to 7 years for Hong Kong business records).

AI logs/transcripts are retained for troubleshooting and quality assurance, then deleted or anonymized.

Upon verified request or service termination, data will be deleted or returned unless retention is required by law or limited by platform capabilities.

8. Individual Rights (GDPR/CCPA and Others)

Depending on jurisdiction, individuals may have rights to access, rectify, delete, restrict/object, portability, and withdraw consent.

For California residents, additional rights apply under CCPA/CPRA (right to know, delete, opt out of sale/sharing, non-discrimination).

Requests can be made via [email protected]