← Back to Sign In

Privacy Policy

Last updated: May 12, 2026

1. Introduction

LORA (the “Service”) is an AI-powered Lead Operations & Response Assistant application provided via the website lorahq.co.uk. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI receptionist service, website, and related applications (collectively, the “Service”).

LORA is the name of the application. lorahq.co.uk is the domain through which the Service is delivered. References to “we,” “our,” or “us” refer to the operator of this Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Personal Information

When you sign up for the Service, we collect information that identifies you personally, such as:

  • Your name and email address
  • Your Google Calendar account information (via OAuth, with your explicit consent)
  • Billing information (processed securely through our third-party payment processor)
  • Business name and phone number associated with your account

2.2 Call Data

As part of providing the AI receptionist service, we collect and process:

  • Call recordings and transcripts of conversations between callers and the AI receptionist
  • Call metadata such as caller phone number, call duration, and timestamps
  • Voicemail messages left by callers

2.3 Automatically Collected Information

When you visit our website or use the Service, we may automatically collect:

  • Log data (IP address, browser type, pages visited, time and date of访问)
  • Device information (operating system, device type)
  • Usage data (features used, interactions with the Service)

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide, maintain, and improve the AI receptionist Service
  • To process and manage call handling, scheduling, and notifications
  • To authenticate your identity and authorize access to your account
  • To process payments and manage your subscription
  • To communicate with you about your account, updates, and support
  • To monitor and analyze usage trends to improve the Service
  • To comply with legal obligations and enforce our Terms of Service

4. Lawful Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases for processing your personal data:

  • Consent: We process your Google Calendar data based on your explicit consent, granted through the OAuth authorisation flow. You may withdraw your consent at any time by disconnecting your Google Calendar account or contacting us.
  • Legitimate Interests: We process call data, usage data, and account information to deliver and improve the Service, manage our business operations, and ensure the security and integrity of our platform. These activities are necessary for our legitimate business interests and do not override your fundamental rights and freedoms.
  • Contractual Necessity: We process billing and account information as necessary to perform our contract with you and provide the Service you have requested.

5. Google API Disclosure

Lora’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained via Google APIs (including Google Calendar data) is used strictly for the following purposes:

  • Reading and creating calendar events to manage scheduling and appointments on your behalf
  • Enabling lead management and automated response features within the Service

We explicitly confirm that data obtained via Google APIs:

  • Is never sold to third parties
  • Is never used for serving personalised or contextual advertising
  • Is never used to train, improve, or fine-tune Large Language Models (LLMs) or any other artificial intelligence models
  • Is only transferred to third parties where strictly necessary to provide the Service (e.g., cloud infrastructure) or as required by law

6. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party vendors who help us operate the Service (e.g., cloud hosting, payment processing, AI model providers). These providers are contractually bound to protect your data.
  • Google APIs: If you connect your Google Calendar, we access and use Google API data only to provide the Service features you request.
  • Legal Requirements: If required by law, regulation, or legal process, we may disclose your information to comply with such obligations.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Call recordings and transcripts are retained for the duration of your subscription and may be retained for a reasonable period thereafter for backup and legal compliance purposes.

8. Data Deletion

You have the right to request the deletion of your personal data at any time. To request deletion of your data, please contact us at rrouxditbuisson@gmail.com.

We will respond to your deletion request within 30 days. Please note that we may need to retain certain information as required or permitted by law, such as billing records for tax purposes. Once your request is fulfilled, we will permanently delete or anonymise your personal data from our systems, including call recordings, transcripts, and account information.

9. Your Rights and Choices

Under UK GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data (see Section 8 above).
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Withdrawal of Consent: Withdraw your consent at any time where we rely on consent to process your data.
  • Objection: Object to the processing of your data where we rely on legitimate interests as the lawful basis.

To exercise any of these rights, please contact us at rrouxditbuisson@gmail.com.

10. Data Security

We implement appropriate technical and organisational measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security audits. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Third-Party Services

The Service integrates with third-party services including:

  • Google Calendar & Google OAuth: For calendar synchronisation and authentication
  • Twilio: For telephony services (phone calls, SMS)
  • Supabase: For authentication, database, and storage
  • Stripe: For payment processing
  • Google AI (Gemini): For AI-powered call handling

These third parties have their own privacy policies governing the use of your data. We encourage you to review their policies.

12. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Email: rrouxditbuisson@gmail.com