Privacy Policy

Last updated: April 2026

1. Introduction

AskAndBook ("we", "us", or "our") operates an AI-powered voice receptionist platform accessible at askandbook.app. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our website, our platform, or when our AI voice agents interact with callers on behalf of businesses we serve.

We are committed to protecting personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa, as well as applicable international privacy standards including the General Data Protection Regulation (GDPR) where relevant.

2. Information We Collect

We collect the following categories of information:

  • Account & business information: Business name, contact name, email address, phone number, billing address, and subscription details when you sign up or contact us.
  • Configuration data: Business hours, FAQs, services offered, booking preferences, and other settings you provide to configure your AI assistant.
  • Call data: Recordings, transcripts, call duration, caller phone numbers, and timestamps for calls handled by our AI voice agents on your behalf.
  • Lead & appointment data: Names, phone numbers, and notes captured by the AI during calls (e.g., booking requests, lead enquiries).
  • Payment information: Subscription and billing data processed through Paystack. We do not store full card details on our servers.
  • Usage & technical data: IP addresses, browser type, pages visited, and session information collected automatically when you use our website or platform.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the AskAndBook platform and AI voice agent services.
  • Configure and personalise AI voice agents for your business.
  • Process payments and manage subscriptions.
  • Send transactional communications (booking confirmations, call summaries, billing notices).
  • Provide customer support and respond to enquiries.
  • Monitor platform performance, security, and reliability.
  • Comply with legal obligations and enforce our Terms of Service.
  • Improve our services through aggregated, anonymised analytics (excluding Google user data — see Section 12).

We will not use your data for unsolicited marketing. Google user data is never used for marketing purposes (see Section 12).

4. Our Role as Data Processor

When businesses use the AskAndBook platform to deploy AI voice agents, AskAndBook acts as a data processor on behalf of those businesses. The business is the data controller and determines the purposes and means of processing personal data collected during calls (such as caller names, phone numbers, and booking details).

In this capacity, we process personal data only as instructed by the business customer, and solely for the purpose of providing the Service. Businesses remain responsible for:

  • Establishing a lawful basis for collecting and processing caller data under POPIA, GDPR, or other applicable law.
  • Ensuring callers are informed that their call may be handled by an AI and may be recorded.
  • Responding to data subject requests from their own callers and customers.

Where AskAndBook collects data directly from platform users (business account holders) for the purposes of operating the Service, we act as a data controller in respect of that data.

5. Call Data & Recordings

Our AI voice agents handle inbound calls on behalf of businesses. When a call is processed:

  • Callers interact with an AI voice agent deployed by the business. The business deploying the agent is responsible for ensuring callers are appropriately informed that their call may be handled by an AI and may be recorded, in accordance with applicable law.
  • Call recordings and transcripts are accessible to the business that owns the relevant phone line, and to AskAndBook for the purposes of providing and improving the Service.
  • Call data is retained for approximately 90 days by default and then permanently deleted, unless the business has configured a different period.
  • Callers may request deletion of their call data by contacting the business directly or by emailing us at support@askandbook.app.

6. WhatsApp Conversations

When you enable the WhatsApp Post-Call Assistant add-on, conversations between your AI assistant and callers are stored to provide the service. This includes message content, timestamps, and caller phone numbers.

  • Conversations are visible to your business team through the portal for customer management purposes.
  • Message content is not routinely accessed by AskAndBook platform administrators. However, AskAndBook may access conversation data where reasonably necessary for platform maintenance, technical support, security investigations, dispute resolution, or compliance with legal obligations.
  • Conversation data is treated with the same level of confidentiality as call recordings and transcripts.
  • Conversations are subject to the same data retention period as your call logs (configurable in your settings, default 90 days).
  • Callers can request deletion of their conversation data by contacting your business directly.

7. SMS Notifications

When you enable the SMS Notifications add-on, we send text messages to callers and your business team on your behalf. We store a record of each SMS sent, including the recipient phone number, message content, delivery status, and timestamp. These records are used for billing, delivery tracking, and troubleshooting. SMS notification logs are subject to the same data retention period as your call logs.

8. Third-Party Service Providers

We share data with trusted third-party providers solely to operate our platform. These include:

  • AI voice & telephony infrastructure: Providers that handle call routing, phone number provisioning, voice synthesis, and speech-to-text processing. Certain call data (including audio) is transmitted to these providers to facilitate call delivery and generate real-time AI responses. These providers process data solely for this purpose and are bound by strict confidentiality and data processing obligations.
  • AI language processing: We use OpenAI and Anthropic to power the conversational intelligence of our AI voice and WhatsApp agents. Call audio and text content may be processed by these providers to generate real-time responses. Such processing is carried out under data processing agreements that restrict use of the data to service delivery only. Your call data is not used to train AI models — both OpenAI and Anthropic exclude API data from model training by default, and our agreements explicitly prohibit training on customer data. Google user data is never sent to AI or language model providers (see Section 12).
  • Payment processing: Paystack processes subscription payments. We do not store full card details on our servers.
  • Cloud hosting & database infrastructure: Providers hosting our application and data on secure cloud infrastructure.
  • Transactional email: Providers used to send booking confirmations, call summaries, and account notifications.
  • Session & caching services: Providers used to maintain call session state and platform performance.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. All third-party providers are bound by confidentiality obligations and data processing agreements, and may only process data as instructed by us.

Data breach notification: In the event of a security breach that compromises personal data, we will notify affected customers and the relevant supervisory authority in accordance with the timeframes and requirements set out in applicable data protection law (including POPIA and GDPR where relevant).

9. Data Storage & Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including:

  • Transport Layer Security (TLS/HTTPS) for all data in transit.
  • Encryption at rest for sensitive data including call recordings and credentials.
  • Role-based access controls limiting production data access to authorised personnel only.
  • Regular security reviews and monitoring.

While we take all reasonable precautions, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and report any suspected security issues to support@askandbook.app.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account & settings data: Retained for the duration of your subscription, plus 30 days after cancellation.
  • Call recordings & transcripts: Retained for approximately 90 days by default.
  • Billing records: Retained for 7 years as required by South African financial regulations.
  • Lead & appointment data: Retained until deleted by the business or account closure.

11. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete information.
  • Right to deletion: Request deletion of your personal information, subject to legal retention obligations.
  • Right to data portability: Request your data in a structured, commonly used format.
  • Right to object: Object to processing of your data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, email support@askandbook.app. We will respond within 30 days. For POPIA-related complaints, you may also contact the Information Regulator of South Africa at inforegulator.org.za.

12. Google User Data

AskAndBook integrates with Google services to provide booking and productivity features on behalf of business users. When you connect your Google account, we access the following data depending on which integrations you enable:

  • Google Drive (Sheets): We create and write to Google Spreadsheets in your Google Drive to log bookings, leads, and (for real estate businesses) property listings. We only access files that AskAndBook itself creates — we cannot see or access your other Google Drive files.
  • Google Calendar — Events: When a caller books an appointment through your AI agent, we create a calendar event on a calendar you select. While the permissions we request allow access to events on calendars you own, AskAndBook only creates new booking events and checks availability — we do not read, modify, or delete your existing calendar events.
  • Google Calendar — Availability: Before creating a booking, we check your calendar availability (free/busy status) to prevent double-bookings. We can see whether a time slot is free or busy, but we cannot read the details of your existing events.
  • Google Calendar — Calendar list: We read the list of calendars associated with your Google account so you can choose which calendar to use for bookings. This is read-only.

How we use Google data

Google user data is used solely to provide the AskAndBook booking and logging features you have enabled. Specifically:

  • We do not use Google user data for advertising, marketing, or profiling purposes.
  • We do not sell, rent, or share Google user data with third parties except as strictly necessary to provide the Service (e.g., our secure cloud database stores calendar event references).
  • We do not use Google user data to train machine learning or AI models.
  • Google OAuth access tokens and refresh tokens are stored encrypted in our database and are used only to perform the integrations described above.

Google API Services User Data Policy

AskAndBook's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking access

You can disconnect your Google account at any time from the Integrations page in your AskAndBook portal. You can also revoke AskAndBook's access from your Google Account permissions page. When access is revoked, AskAndBook will no longer be able to create calendar events or write to Google Sheets on your behalf. Any data previously written to your Google Sheets or Calendar remains in your Google account and is not affected.

13. Cookies

Our website uses essential cookies for authentication, session management, and security. We do not use third-party advertising or tracking cookies. By using our website, you consent to the use of essential cookies. You can disable cookies in your browser settings, but this may affect the functionality of the platform.

14. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

15. International Data Transfers

Some of our third-party service providers process data outside South Africa. Where such transfers occur, we ensure appropriate safeguards are in place (such as standard contractual clauses or adequacy decisions) in accordance with POPIA and GDPR requirements.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users or by a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the updated policy.

17. Contact Us

For privacy-related enquiries, requests, or complaints, please contact us at:

AskAndBook
Email: support@askandbook.app
Website: askandbook.app