Privacy Policy

01Who we are

ParrotB ("we", "us", or "our") is the trading name of Luis Landi Unipessoal Lda, the data controller for personal data collected through our platform.

Luis Landi Unipessoal Lda · Rua 27 de Junho, n29, Quintas · 2040-143 Rio Maior, Portugal · NIF: 517125595 · VAT: PT517125595.

Contact: hello@parrotb.com.

No DPO is currently designated - ParrotB does not meet the mandatory thresholds under Art. 37 GDPR. Privacy queries are handled directly by the company at the email above.

02Lawful basis (Art. 6 GDPR)

We process personal data under the following lawful bases:

Contract

Operating the call handling platform, handling bookings, sending SMS confirmations.

Legitimate interest

Call recording (callers are disclosed via AI announcement before recording begins; business customers are informed in the DPA).

Legal obligation

Accounting records retention.

Consent

Marketing communications (opt-in at signup, separately recorded).

03What we collect

Business customers (controllers):

• Name, email, business name, phone, address
• Payment and billing details (processed by Stripe)
• Google Calendar data (if connected)
• AI configuration and working hours

Callers (data subjects on behalf of business customers):

• Phone number (from caller ID), name, email (if provided)
• Call recording and AI-generated transcript
• Appointment details and service address

Automatically collected:

• Usage data and session information
• Essential and functional cookies (see Cookie Policy)

04Purposes

• Operating the call handling platform service (call handling, booking, SMS)
• Account and subscription management
• Service notifications and transactional emails
• Fraud and abuse prevention
• Service improvement using aggregated, anonymised data

05Automated decision-making (Art. 22 GDPR)

ParrotB's AI books appointments and takes messages on behalf of business customers. These actions are performed as part of the contractual service and do not produce legal effects or significantly affect callers independently of human review by the business owner.

If you believe an AI-generated action has affected you, you may contact the business owner or email us to request human review.

06Special category data (Art. 9 GDPR)

Call transcripts may incidentally capture health, religious, or other sensitive information if callers volunteer it. We do not seek this data deliberately. It is processed under the same retention schedule as call data and protected by the same security measures. Business customers are advised to include this risk in their own privacy notices.

07Recipients and sub-processors

We do not sell personal data. Sub-processors we use:

• Supabase - database (Frankfurt, EU)
• Telnyx - voice AI and telephony (US; SCCs in place)
• Stripe - payments (US; SCCs in place)
• Google - Calendar integration (US; SCCs in place)
• Vercel - hosting (Frankfurt, EU)
• Resend - transactional email (US; SCCs in place)
• Backblaze B2 - call recording storage (US; SCCs in place)
• Sentry - error monitoring (US; SCCs in place)

All sub-processors are bound by Art. 28 GDPR data processing agreements.

08Retention

• Call recordings: 30 days (Starter), 90 days (Pro), 365 days (Business)
• Account data: while account is active
• Booking records: 7 years (accounting obligations)
• After account deletion: personal data deleted within 30 days

09International transfers

Data is stored in EU data centres (Frankfurt). Where transfers outside the EEA occur (Telnyx, Stripe, Google, Resend, Backblaze, Sentry), appropriate Standard Contractual Clauses (Art. 46 GDPR) are in place.

10Your rights (Arts. 15-22 GDPR)

Access

Request a copy of your data.

Rectification

Correct inaccurate data.

Erasure

Delete your data ("right to be forgotten").

Restriction

Limit how we process your data.

Portability

Receive your data in JSON/CSV (available in dashboard).

Object

Object to legitimate interest processing.

Withdraw consent

For marketing emails, unsubscribe at any time.

Minimum age: 14 years for Italy and Spain (LOPDGDD Art. 7; D.Lgs. 196/2003). 16 years for other markets. If we learn a child below these thresholds has used the service, we will delete their data promptly.

To exercise rights, email hello@parrotb.com. We respond within 30 days.

11Supervisory authorities

You may lodge a complaint with your national supervisory authority:

• Italy: Garante per la Protezione dei Dati Personali - garante.privacy.it
• Spain: Agencia Española de Protección de Datos (AEPD) - aepd.es

12Changes to this policy

We will notify you of material changes by posting the updated policy here and, where required, by email.

13Contact

For privacy questions or to exercise your rights: hello@parrotb.com.