This policy applies to all customers worldwide. It covers the New Zealand Privacy Act 2020, Australian Privacy Act 1988, EU and UK GDPR, California CCPA/CPRA, Canadian PIPEDA, and other applicable privacy frameworks.
Last updated: May 2026 · Applies globally
Recepflo is an AI receptionist platform operated by Recepflo Limited, a company registered in New Zealand. We provide voice, SMS, WhatsApp, and web chat services that help service businesses answer enquiries and manage bookings automatically. Contact: hello@recepflo.ai
We collect: (1) Account information — business name, owner name, email address, phone number, and billing details provided during signup. (2) Business configuration — services, operating hours, staff details, FAQs, and channel settings. (3) Customer interaction data — names, phone numbers, message content, booking details, and conversation transcripts created when your customers contact your business through Recepflo. (4) Usage data — log data, feature usage, and session information used to operate and improve the service.
For customers in the EU and UK, we process personal data under the following lawful bases: Contract — processing necessary to deliver the service you have subscribed to. Legitimate interests — service improvement, security, and fraud prevention where these do not override your rights. Legal obligation — where processing is required by applicable law. Consent — where we rely on consent, you may withdraw it at any time without affecting prior processing.
We use collected information to: deliver the AI receptionist service and manage bookings; route and respond to customer messages; send account, billing, and notification emails; operate and improve the dashboard; detect and prevent fraud or abuse; comply with legal obligations; and respond to your support requests. We do not sell your data or your customers' data to any third party.
We share data with third-party providers only to the extent necessary to operate the service. Current sub-processors include: Anthropic (AI text processing, USA); ElevenLabs (voice AI, USA); Twilio (telephony, USA); Meta (WhatsApp messaging, USA); WebSMS Connexus (SMS, NZ/AU); Google (calendar integration, USA); Resend (transactional email, USA); Clerk (authentication, USA); Stripe (payments, USA); Vercel (cloud hosting, USA). Each provider is bound by their own data processing terms and applicable privacy laws.
Recepflo operates globally and your data may be transferred to and processed in countries outside your own, including the United States. For transfers from the EU or UK, we rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms. For transfers from Australia and New Zealand, we take reasonable steps to ensure overseas recipients handle data consistently with applicable local privacy principles.
We retain account and business configuration data for the duration of your subscription and for up to 12 months after account closure, unless a longer period is required by law. Customer interaction data (transcripts, bookings, leads) is retained for up to 24 months from creation. You may request earlier deletion by contacting hello@recepflo.ai. Deletion requests will be completed within 30 days subject to legal retention obligations.
We apply industry-standard technical and organisational safeguards including encrypted data storage and transmission (TLS), access controls, authenticated APIs, and regular security reviews. We will notify affected customers of any personal data breach within 72 hours of becoming aware of it, as required under GDPR and applicable law. No method of transmission over the internet is fully secure.
Recepflo uses cookies and similar technologies strictly necessary for authentication and session management. We do not use advertising or cross-site tracking cookies. If you access the service from the EU or UK, a cookie notice will be displayed. You may control non-essential cookies through your browser settings.
Recepflo is a business service and is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided personal information through our service, contact us at hello@recepflo.ai and we will promptly delete it.
You have the right to: access personal data we hold about you; request correction of inaccurate data; request erasure ('right to be forgotten') where there is no overriding legal basis to retain it; restrict or object to processing; receive your data in a portable format; withdraw consent at any time; and lodge a complaint with your local supervisory authority (e.g. your national DPA, or the ICO in the UK at ico.org.uk). Submit requests to hello@recepflo.ai. We will respond within one calendar month.
California residents have the right to: know what personal information is collected and how it is used; request deletion of personal information; opt out of the sale or sharing of personal information (we do not sell or share personal information); correct inaccurate personal information; and not be discriminated against for exercising these rights. Submit requests to hello@recepflo.ai or via our in-app privacy request form. We will respond within 45 days.
Under the Privacy Act 2020, you have the right to request access to and correction of personal information we hold about you. Complaints may be made to the Office of the Privacy Commissioner at privacy.org.nz. Contact us at hello@recepflo.ai. We will respond within 20 working days.
Under the Privacy Act 1988 and Australian Privacy Principles, you have the right to access and seek correction of personal information we hold. Complaints may be made to the Office of the Australian Information Commissioner at oaic.gov.au. Contact us at hello@recepflo.ai. We will respond within 30 days.
Under PIPEDA and applicable provincial privacy laws, you have the right to access, correct, and request deletion of personal information we hold about you. Complaints may be made to the Office of the Privacy Commissioner of Canada at priv.gc.ca. Contact us at hello@recepflo.ai.
Regardless of where you are located, we aim to handle personal information responsibly and transparently. If your country has specific privacy rights not listed here, we will endeavour to honour them. Contact hello@recepflo.ai with any privacy request and we will respond appropriately under the laws applicable to you.
As Recepflo actively offers services to individuals in the EU, we have appointed an EU GDPR representative as required by Article 27 of the GDPR. Representative details are available on request by contacting hello@recepflo.ai.
We may update this Privacy Policy from time to time. Material changes will be notified by email to account holders at least 14 days before they take effect. The current version is always available at recepflo.ai/privacy. Continued use of the service after the effective date constitutes acceptance.
To exercise any privacy right, submit a data request, or raise a concern, contact us at hello@recepflo.ai. We aim to acknowledge all requests within 5 business days and resolve them within the timeframe required by your local law. If you are unsatisfied with our response, you may escalate to your national data protection authority.