This policy explains how Yokeru collects, uses, shares and protects personal data, both as a provider of AI voice services to our business customers and in relation to visitors to our website and people who contact us. It covers our customers and users in the United Kingdom, the European Union and the United States.
| Legal entity | Yokeru Systems Limited, trading as Yokeru / Yokeru.ai |
|---|---|
| Registered address | 4th Floor, 100 Fenchurch Street, London, England, EC3M 5JD |
| Company number | 13160073 |
| Privacy contact | privacy@yokeru.io |
As a processor (or service provider). When we run AI voice agents for a business customer (for example a telecare provider, healthcare organisation or local authority), that customer is the data controller (and, under US law, the business) and decides what data is processed and why. We process that personal data only on their documented instructions. This is the main way Yokeru handles personal data.
As a controller (or business). For our own website, marketing and business contacts, Yokeru determines how the limited personal data involved is handled (for example, the contact details of someone who enquires about our services).
We collect only what is needed to deliver the service the customer has asked for. We do not build a separate demographic profile of the people being called.
Most personal data we process for our customers is provided to us by the customer (the controller), or is generated during a call (audio and transcript). Website and enquiry data is provided directly by you or collected automatically when you visit our site.
For service delivery, our customer (the controller) sets the purpose and lawful basis under the UK GDPR / EU GDPR; we act on their instructions. For our own activities, we rely on:
Our service uses automated voice processing to triage and handle calls on a customer's behalf. The customer designs, tests and approves how the agent behaves and remains responsible for it. The system is built to escalate to a human wherever there is uncertainty, and a person can be reached at any point. Where automated processing could have a significant effect on an individual, the customer (controller) is responsible for ensuring appropriate safeguards and human oversight are in place. We do not carry out automated decision-making about visitors to our own website.
Yokeru does not use customer call data to train AI models, and our sub-processors are contractually restricted from doing so. Downstream AI providers operate under enterprise terms that prohibit training on the data.
We store personal data at rest in the region appropriate to each customer. Data for our UK and EU customers is stored in the United Kingdom (London region); data for our US customers is stored in the United States. This includes backups. All data is encrypted at rest (AES-256) and in transit (TLS 1.2 or higher).
We use a small number of vetted sub-processors (service providers) under written contracts with appropriate data-protection terms, including:
A current list of our named sub-processors is available to customers on request.
Depending on a customer's region and the providers involved, some processing may take place outside the customer's home country. For example, live voice processing may involve transferring call audio for the duration of the call only. Where personal data of UK or EU individuals is transferred outside the UK or EEA, we rely on appropriate safeguards, including the EU Standard Contractual Clauses (Module 2, Controller-to-Processor) together with the UK Addendum, which form a complete transfer mechanism. We do not retain personal data outside the customer's designated storage region beyond what is needed to handle a live call.
Personal data processed for a customer is retained for the duration of that customer's contract (configurable per service) and is deleted on termination with written confirmation. Business-contact and website data is kept only as long as necessary for the purpose for which it was collected, after which it is deleted or anonymised.
We maintain role-based, least-privilege access with multi-factor authentication, encryption in transit and at rest, and an internal incident-response process. We are Cyber Essentials Plus certified and in the final stages of ISO/IEC 27001 certification. If a personal data breach occurs, we notify the affected controller without undue delay and within 48 hours of becoming aware, and we support notification to individuals and regulators where required.
If you are in the UK or EU, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability, and to withdraw consent where processing is based on consent. Where Yokeru processes your data on behalf of a customer, please contact that organisation (the controller) in the first instance; we will support them in fulfilling your request. For data we hold as a controller, contact privacy@yokeru.io. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or your local EU supervisory authority.
If you are a resident of California, Virginia, Colorado, Connecticut, Utah or another US state with a comprehensive privacy law, you may have the rights set out below in relation to personal information we handle as a business. Where we process personal information on behalf of a customer as a service provider, please direct your request to that customer; we will assist them.
In the past 12 months we may have collected the following categories: identifiers (such as name, email and phone number); internet or network activity (website usage); audio information (call recordings and transcripts, processed on behalf of customers); and, where shared during a call, information that may relate to health or welfare. We collect these from you, from our customers, and automatically through our website, and use them for the purposes described in this policy.
Yokeru does not sell personal information, and does not share it for cross-context behavioural advertising, as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) and similar US state laws.
Contact us at privacy@yokeru.io. We will verify your request using the information we hold, and you may use an authorised agent where permitted by law. We will respond within the timeframes required by applicable law. California residents may also contact the California Privacy Protection Agency or the California Attorney General.
Some calls handled on a customer's behalf may involve information relating to a person's health or welfare. We treat this as sensitive information and apply additional care. Where we process protected health information on behalf of a US customer that is a HIPAA covered entity or business associate, we do so only on that customer's instructions and will enter into a Business Associate Agreement where one is required. We do not use this information for any purpose other than delivering the service.
Our services and website are intended for businesses and adults. We do not knowingly collect personal information from children. Where a customer's service involves contacting individuals, the customer is responsible for the lawful basis and any age-related considerations for those individuals.
Our website uses essential cookies to function and may use analytics cookies to understand how the site is used. Where required, we ask for your consent to non-essential cookies, and you can manage your preferences through your browser settings.
We may update this policy from time to time. The date at the top shows when it was last revised. For any privacy question or to exercise your rights, contact us at privacy@yokeru.io.