Privacy Policy

Last updated: 2 June 2026

1. Who We Are

Unity Bridge Solutions Ltd (company number 17080819) is a software development agency registered in England and Wales. Our registered office is at 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE. We are the data controller responsible for your personal data.

If you have any questions about this policy or wish to exercise your data protection rights, you can contact our data protection lead at contact@unitybridgesolutions.com.

We have not appointed a Data Protection Officer as we do not meet the threshold requiring one under Article 37 of the UK GDPR. Our data protection lead handles all data protection queries and can be reached at the email address above.

For Bridge Voice caller conversation data that we process on behalf of a Bridge Voice customer, the customer is normally the data controller and Unity Bridge Solutions acts as processor. For our own website, billing, account administration, security, support, and business records, Unity Bridge Solutions acts as data controller.

2. Legislation

This policy is issued under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Data Use and Access Act 2025 (DUAA), which amended the UK GDPR and came substantially into force on 5 February 2026.

3. What Data We Collect

We collect personal data that you voluntarily provide through our website forms:

Contact form: name, email address, company name, phone number, and your message.
Quote request form: name, email, company, phone, project details, budget, timeline, and any files you upload for project scoping.
Landing page forms: full name, clinic/business name, email address, and phone number.
Bridge Voice onboarding and trial checkout: account contact details, business name, billing name and email, company phone number, operational setup details, website URL, locations, opening hours, call routing choices, notification preferences, SMS templates, agent configuration, selected plan, trial status, usage allowances, terms acceptance records, and Stripe checkout identifiers.
Bridge Voice calls and dashboard: caller telephone numbers, call recordings where enabled, transcripts, summaries, call timestamps, call duration, call status, SMS content and delivery metadata, leads, booking or enquiry details, dashboard usage, support messages, and any personal information disclosed by callers during conversations.

Providing your name and email address is necessary for us to respond to your enquiry. Bridge Voice account, billing, and operational setup information is necessary to create your trial or subscription, provision your AI voice agent, route calls, and provide the customer dashboard. If you do not provide the required information, we may be unable to respond, quote, create an account, or provide the relevant service.

We also collect standard web server logs (IP address, browser type, pages visited) and cookie data as described in our Cookie Policy.

4. Why We Collect It and Our Lawful Basis

We process personal data on the following legal bases under Article 6(1) of the UK GDPR:

Contract or pre-contract steps (Article 6(1)(b)): to respond to service requests, create Bridge Voice trials and subscriptions, provide secure dashboard access, provision the AI voice agent, manage billing, and deliver customer support where the individual is party to the contract or asks us to take steps before entering into one.
Legitimate interest (Article 6(1)(f)): to respond to enquiries you have submitted, manage project requests, operate and secure our website and services, prevent fraud or abuse, maintain service logs, improve Bridge Voice configuration, troubleshoot calls, and communicate with business customers about service operation. We have assessed that these processing activities are necessary for our business operations and do not override your rights and freedoms.
Legal obligation (Article 6(1)(c)): to keep accounting, tax, invoice, payment, company, and compliance records where the law requires us to do so.
Consent (Article 6(1)(a)): where we send any future marketing communications, we will only do so with your explicit consent. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing us at contact@unitybridgesolutions.com. Withdrawing consent is as easy as giving it and does not affect the lawfulness of processing carried out before withdrawal.

Where we process Bridge Voice caller data on behalf of a customer, the customer is responsible for identifying its lawful basis, providing any required caller privacy notice, informing callers that an AI voice agent is being used, and obtaining consent where required. We process that caller data under the customer's documented instructions and the applicable Bridge Voice data processing terms.

5. Your Right to Object

You have the right to object to processing based on legitimate interests at any time. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defence of legal claims. To object, email us at contact@unitybridgesolutions.com.

6. Third-Party Processors

We use the following third-party services to operate our website and process your data:

Postmark / ActiveCampaign, LLC (United States): email delivery service. Receives your name, email address, and message content for the purpose of delivering your enquiry to our team and sending service, billing, recovery, notification, and support emails.
Vercel, Inc. (United States): website hosting and infrastructure. Processes server logs including IP addresses, browser type, and pages visited.
Supabase, Inc. (United States): authentication, database, and storage infrastructure used for customer accounts, onboarding records, call records, transcripts, dashboard data, and private files.
Stripe Payments Europe, Ltd. and Stripe group companies: Bridge Voice checkout, subscription billing, invoices, saved payment methods, billing portal, and payment event processing. We do not receive full card details from Stripe.
GoCardless Ltd. (United Kingdom): Direct Debit payment request and mandate processing for private custom-work client payment requests only, not Bridge Voice subscriptions.
Render Services, Inc., Vapi, Inc., Twilio group companies, OpenAI, L.L.C., ElevenLabs, and Firecrawl: Bridge Voice runtime hosting, telephony, phone number routing, AI call handling, voice previews, website knowledge extraction, call logging, and related support services. The exact providers used may depend on which Bridge Voice features are enabled.
Google LLC (United States): website analytics via Google Analytics 4 and Google Tag Manager. Collects anonymised usage data including pages visited, session duration, and traffic sources. Only activated with your consent via our cookie consent banner.
CookieYes (CookieYes Limited, United Kingdom): cookie consent management. Stores your consent preferences.

We do not sell your personal data to any third parties.

7. Google User Data, API Services, and Limited Use

Bridge Voice offers an optional Google Calendar integration. When a Bridge Voice customer chooses to connect their Google account, we ask Google for permission, through Google OAuth, to the following scopes:

openid, email, profile: to identify which Google account has been connected (the account's name and email address).
See the list of calendars on your account (calendar.calendarlist.readonly): so you can choose which calendar Bridge Voice should use for bookings.
Create and manage the events the agent books (calendar.events.owned): so your Bridge Voice AI agent can add, update, and show appointment events it books on your behalf.
Check free/busy availability (calendar.events.freebusy): so the agent only offers times when you are available.

We access this Google user data solely to identify the connected account, let you choose a calendar, check availability, and create, update, and display the appointment events booked by your Bridge Voice agent. We do not use it for any other purpose.

Who we share Google user data with. We do not sell Google user data, and we do not transfer or disclose it to any third party except as strictly necessary to provide and secure the Google Calendar feature you chose to enable:

Google LLC: the source of the data and the service to which calendar events are written.
Supabase, Inc. (United States): stores your connection record and your Google OAuth tokens in encrypted form.
Vercel, Inc. (United States): hosting and infrastructure that processes the requests moving this data between your browser, our servers, and Google.
Our Bridge Voice voice runtime infrastructure (including Render Services, Inc.): uses the stored authorisation, once you assign the integration to an agent, to check availability and create calendar events during calls.

We do not share Google user data with advertising platforms, data brokers, or any party for advertising, profiling, or unrelated purposes.

Limited Use. Unity Bridge Solutions' use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

We do not use Google user data to develop, improve, or train generalised or non-personalised artificial intelligence or machine learning models.
We do not transfer or sell Google user data for serving advertisements.
We do not allow humans to read this data unless (a) you have given explicit consent to read specific data, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymised.

You can disconnect the Google Calendar integration at any time from the Bridge Voice dashboard. Disconnecting revokes our access and deletes the stored Google authorisation. You can also review and revoke access directly in your Google Account at myaccount.google.com/permissions.

8. International Data Transfers

Some of our third-party processors are based in the United States. When your personal data is transferred outside the United Kingdom, this constitutes a "restricted transfer" under Articles 44–49 of the UK GDPR.

We ensure these transfers are protected by appropriate safeguards:

UK adequacy regulations: where the UK government has made an adequacy decision for the recipient country.
Appropriate safeguards: where no adequacy decision exists, we rely on the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses, together with a transfer risk assessment confirming that the standard of data protection is not materially lower than under UK law (as updated by the DUAA 2025).

You can request a copy of the safeguards in place by contacting us at contact@unitybridgesolutions.com.

9. Automated Decision-Making

We do not use solely automated decision-making, including profiling, that produces legal effects or similarly significantly affects you. Bridge Voice uses AI to generate caller responses, summaries, transcripts, lead information, and configuration assistance, but customers remain responsible for configuring how their agent handles calls and for reviewing the outputs where human judgement is required. Google Analytics may segment visitors into categories for reporting purposes, but this does not inform any individual decisions about you.

10. Cookies

Our website uses cookies. For full details on the cookies we use, why we use them, and how to manage your preferences, please see our Cookie Policy.

11. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required for legal, accounting, tax, fraud prevention, security, dispute, or backup reasons.

Enquiry data is normally retained for 12 months from submission unless a project engagement proceeds.
Project, contract, payment, invoice, and account records are normally retained for the engagement period and for up to 6 years afterwards in accordance with contractual, accounting, and limitation-period requirements.
Bridge Voice onboarding drafts are kept for a short recovery window and then expired or deleted if the user does not proceed.
Bridge Voice call data, recordings, transcripts, metadata, SMS events, and leads are normally retained while the service is active and for the export or deletion period stated in the Bridge Voice service agreement or dashboard. After termination, caller data is deleted or returned according to the customer's documented instructions unless we need to retain limited data for legal, security, backup, billing, or dispute reasons.
Analytics and cookie data are retained according to the settings in our analytics and cookie tools, as described in our Cookie Policy.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/HTTPS), access controls limiting data access to authorised personnel, authenticated dashboards, row-level security where applicable, and secure hosting, database, and runtime infrastructure.

13. Children's Data

Our website and services are directed at businesses and professionals. We do not knowingly collect personal data from children under 18. If you believe a child has submitted personal data through our forms, please contact us and we will delete it promptly.

14. Your Rights

Under UK data protection law (Articles 15–22 of the UK GDPR), you have the right to:

Access the personal data we hold about you (Article 15).
Rectification of inaccurate or incomplete data (Article 16).
Erasure of your personal data ("right to be forgotten") (Article 17).
Restriction of processing in certain circumstances (Article 18).
Data portability — receive your data in a structured, commonly used format (Article 20).
Object to processing based on legitimate interests (Article 21).

To exercise any of these rights, please email us at contact@unitybridgesolutions.com. We will respond to your request within one month.

15. Complaints

If you have a complaint about how we process your personal data, please contact us first using our data protection complaints process. You can submit a complaint by emailing contact@unitybridgesolutions.com with the subject line "Data Protection Complaint". We will acknowledge your complaint within 30 days and respond without undue delay.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by calling 0303 123 1113.