Privacy Policy

1. About This Policy

This Privacy Policy explains how Mirai Solutions ("we", "us", "our") collects, uses, stores, shares, and protects personal data. It applies to: (a) visitors to our website at miraisolutions.co.uk; (b) businesses and individuals who subscribe to our services ("Clients"); and (c) the customers, contacts, and end users of our Clients whose data may be processed through our platform ("End Users").

We are committed to protecting personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and the Data (Use and Access) Act 2025.

Please read this policy carefully. By using our website or services, you acknowledge that you have read and understood this policy. If you have any questions, contact us at [email protected].

2. Data Controller & Data Processor

Mirai Solutions acts in two capacities depending on the context:

As a Data Controller: We are the data controller for personal data we collect directly from you — for example, when you visit our website, fill in a contact form, book a discovery call, or communicate with us. We determine the purposes and means of processing this data.

As a Data Processor: When we process personal data on behalf of our Clients (for example, storing their customers' contact details in the CRM, recording and transcribing calls handled by the AI receptionist, or sending automated messages on their behalf), we act as a data processor. In this capacity, we process data only on the Client's instructions and for the purpose of delivering our services. Our Clients remain the data controller for their customers' data.

For any data protection queries, contact: [email protected]

3. What Personal Data We Collect

3.1 Data We Collect Directly From You (as Controller)

When you interact with us directly, we may collect: your name; email address; phone number; business name and address; job title or role; information you provide in forms, emails, or during calls with our team; and payment and billing information.

3.2 Data Collected Through Our Services (as Processor)

When our Clients use our services, the following End User data may be processed through our platform: names and contact details (email, phone number, address); call recordings and AI-generated transcripts from the AI receptionist; chat conversations from website chat widgets; appointment and booking details; SMS and email communication logs; review request and response data; and any other information End Users provide during interactions with our Client's systems.

3.3 Data Collected Automatically

When you visit our website, we may automatically collect: IP address; browser type and version; device type and operating system; pages visited, time spent, and navigation paths; referring website or source; and cookie data (see Section 10).

4. How We Use Personal Data

4.1 Data We Control

We use personal data collected directly from you to: respond to enquiries and provide information about our services; set up and manage your account and subscription; process payments and send invoices; deliver, maintain, and improve our services; communicate with you about your account, service updates, and relevant information; analyse website usage to improve our online presence; comply with legal and regulatory obligations; and, where you have consented, send marketing communications about our services.

4.2 Data We Process on Behalf of Clients

We process End User data solely on our Client's instructions and for the purposes of: operating the AI receptionist (answering calls, providing information, booking appointments); operating the chat widget (engaging website visitors, capturing details); storing and organising contact data in the CRM; sending automated follow-up messages (SMS, email) on the Client's behalf; managing review requests and responses; running lead reactivation campaigns; and generating reports and analytics for the Client's dashboard.

We do not use End User data for our own marketing purposes. We do not sell End User data to third parties.

5. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. The bases we rely on are:

Contract (Article 6(1)(b)): Where processing is necessary to deliver services you have subscribed to, or to take steps at your request before entering a contract (e.g. booking a discovery call).

Legitimate Interest (Article 6(1)(f)): Where processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms. This includes: improving our services and systems; analysing website usage; ensuring security of our platform; and communicating relevant service updates. We conduct a legitimate interest assessment for each processing activity relying on this basis.

Consent (Article 6(1)(a)): Where you have given clear, informed consent — for example, opting in to receive marketing emails. You may withdraw consent at any time by contacting us or using the unsubscribe link in our communications.

Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with a legal obligation, such as maintaining financial records or responding to lawful requests from authorities.

6. AI Systems & Automated Processing

Our services include AI-powered systems that process personal data. We believe in being transparent about how these systems work:

6.1 AI Receptionist

The AI receptionist answers telephone calls on behalf of our Clients. It uses large language model technology to understand and respond to callers in natural language. Calls may be recorded and transcribed. The AI uses the caller's spoken words to: identify the purpose of the call; provide relevant information about the Client's business; capture the caller's details (name, phone number, reason for calling); and book appointments where appropriate.

Call recordings and transcripts are stored in the Client's dashboard. The Client, as data controller, is responsible for ensuring callers are informed that calls may be recorded and that AI is used to handle enquiries.

6.2 Chat Widget

The AI chat widget on Client websites engages visitors in real-time conversation. It processes the text input provided by visitors to generate relevant responses and capture contact details. Chat transcripts are stored in the Client's CRM.

6.3 Automated Follow-Ups

Our automation systems send follow-up messages (SMS and email) to End Users on behalf of Clients. These messages are triggered by specific events (e.g. a missed call, a form submission, a completed job). The content and timing of these messages are configured during onboarding and may be customised by the Client.

6.4 No Significant Automated Decision-Making

Our AI systems assist with communication and administrative tasks. They do not make decisions that produce legal effects or similarly significant effects on individuals as defined under Article 22 of the UK GDPR. The AI provides information and captures data; it does not make binding decisions about individuals (such as credit approvals, employment decisions, or access to services).

7. Data Sharing & Third Parties

We do not sell personal data to any third party. We may share personal data with the following categories of recipients, solely for the purposes described in this policy:

Sub-Processors & Service Providers: We use trusted third-party providers to deliver our services. These include: CRM and workflow platform providers; AI model and language model providers; voice AI and telephony providers; website hosting providers; email and SMS delivery services; payment processing providers; and analytics tools.

All sub-processors are bound by data processing agreements that require them to process data in accordance with UK GDPR. A current list of our sub-processors is available on request by emailing [email protected].

Legal & Regulatory: We may disclose personal data where required by law, regulation, court order, or governmental request, or where disclosure is necessary to protect our legal rights.

Business Transfers: If Mirai Solutions is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected parties of any such transfer.

8. International Data Transfers

Some of our sub-processors may process data outside the United Kingdom. Where personal data is transferred to countries that do not have an adequacy decision under UK GDPR, we ensure appropriate safeguards are in place. These may include: UK International Data Transfer Agreements (IDTAs); Standard Contractual Clauses (SCCs) supplemented with additional safeguards where necessary; or transfers to countries covered by a UK adequacy decision.

You may request further information about the safeguards we use for international transfers by contacting us.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Client Account Data: We retain your account information for the duration of your subscription and for up to 6 years after termination to comply with legal and financial record-keeping obligations.

End User Data (CRM, Calls, Chats): End User data is retained in the Client's CRM and dashboard for the duration of the Client's subscription. Upon termination, we will retain this data for up to 90 days to allow for data export, after which it will be securely deleted unless the Client requests earlier deletion or retention is required by law.

Call Recordings & Transcripts: Call recordings and transcripts are retained for the duration of the Client's subscription. Clients may delete individual recordings at any time via their dashboard. Upon termination, recordings are deleted in accordance with the 90-day retention period above.

Website Analytics Data: Analytics data is retained in anonymised or aggregated form and is not linked to identifiable individuals after 26 months.

Marketing Data: If you have opted in to marketing communications, we retain your contact details until you unsubscribe or request deletion.

10. Cookies & Tracking

Our website uses cookies — small text files stored on your device — to improve your browsing experience and analyse website usage.

Essential Cookies: Required for the website to function correctly (e.g. session management, security). These cannot be disabled.

Analytics Cookies: Help us understand how visitors use our website, including pages visited and traffic sources. We use this data to improve our website. You may opt out of analytics cookies through your browser settings or our cookie banner.

Marketing Cookies: If used, these track your browsing activity to deliver relevant advertisements. These are only placed with your consent.

You can manage your cookie preferences at any time through your browser settings. Disabling certain cookies may affect website functionality. For more information on cookies, visit allaboutcookies.org.

11. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of Access: You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data.

Right to Rectification: You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (e.g. when data is no longer necessary for the purpose it was collected, or you withdraw consent).

Right to Restriction: You have the right to request that we restrict processing of your personal data in certain circumstances (e.g. while we verify the accuracy of data you have contested).

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.

Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. As noted in Section 6.4, our AI systems do not make such decisions.

Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. In complex cases, we may extend this by a further 60 days, and will inform you if this is necessary.

End Users: If you are a customer or contact of one of our Clients and wish to exercise your data rights, please contact the relevant business directly (as they are the data controller). We will assist our Clients in responding to data subject requests as required.

12. Data Security

We take the security of personal data seriously and implement appropriate technical and organisational measures to protect it. These include: encryption of data in transit and at rest; access controls to limit who can view and process personal data; regular security reviews and monitoring; secure authentication for dashboard access; and incident response procedures to detect, investigate, and respond to data breaches.

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining and improving our security practices.

13. Data Breaches

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will: notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach; notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms; and where we are acting as data processor, notify the relevant Client without undue delay so they can fulfil their own notification obligations.

We maintain a breach response plan and keep records of all personal data breaches, including their effects and the remedial actions taken.

14. Children's Data

Our services are designed for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

15. Marketing Communications

We may send you marketing communications about our services where: (a) you have given your explicit consent (opt-in); or (b) you are an existing Client and the communications relate to similar services to those you have subscribed to (soft opt-in under PECR), provided you have not opted out.

Every marketing communication includes an unsubscribe option. You can also opt out at any time by contacting us at [email protected]. We will process your request promptly.

16. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, business practices, or applicable law. Material changes will be communicated via email or through a prominent notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

We encourage you to review this policy periodically. Your continued use of our services after changes are published constitutes acceptance of the updated policy.

18. Complaints

If you are not satisfied with how we handle your personal data, we encourage you to contact us first at [email protected] so we can try to resolve your concern.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113

19. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact us:

Mirai Solutions
Email: [email protected]
Website: miraisolutions.co.uk