Skip to main content

Privacy Policy

Last updated: March 2026

1. Who we are

ParrotB (“we”, “us”, or “our”) is the trading name of Luis Landi Unipessoal Lda, the data controller for personal data collected through our platform.

Luis Landi Unipessoal Lda
Rua 27 de Junho, n29, Quintas
2040-143 Rio Maior, Portugal
NIF: 517125595 | VAT: PT517125595

Contact: hello@parrotb.com

No DPO is currently designated - ParrotB does not meet the mandatory thresholds under Art. 37 GDPR. Privacy queries are handled directly by the company at the email above.

2. Lawful basis (Art. 6 GDPR)

We process personal data under the following lawful bases:

  • Contract - operating the AI receptionist, handling bookings, sending SMS confirmations.
  • Legitimate interest - call recording (callers are disclosed via AI announcement before recording begins; business customers are informed in the DPA).
  • Legal obligation - accounting records retention.
  • Consent - marketing communications (opt-in at signup, separately recorded).

3. What we collect

Business customers (controllers):

  • Name, email, business name, phone, address
  • Payment and billing details (processed by Stripe)
  • Google Calendar data (if connected)
  • AI configuration and working hours

Callers (data subjects on behalf of business customers):

  • Phone number (from caller ID), name, email (if provided)
  • Call recording and AI-generated transcript
  • Appointment details and service address

Automatically collected:

  • Usage data and session information
  • Essential and functional cookies (see Cookie Policy)

4. Purposes

  • Operating the AI receptionist service (call handling, booking, SMS)
  • Account and subscription management
  • Service notifications and transactional emails
  • Fraud and abuse prevention
  • Service improvement using aggregated, anonymised data

5. Automated decision-making (Art. 22 GDPR)

ParrotB's AI books appointments and takes messages on behalf of business customers. These actions are performed as part of the contractual service and do not produce legal effects or significantly affect callers independently of human review by the business owner.

If you believe an AI-generated action has affected you, you may contact the business owner or email us to request human review.

6. Special category data (Art. 9 GDPR)

Call transcripts may incidentally capture health, religious, or other sensitive information if callers volunteer it. We do not seek this data deliberately. It is processed under the same retention schedule as call data and protected by the same security measures. Business customers are advised to include this risk in their own privacy notices.

7. Recipients and sub-processors

We do not sell personal data. Sub-processors we use:

  • Supabase - database (Frankfurt, EU)
  • Telnyx - voice AI and telephony (US; SCCs in place)
  • Stripe - payments (US; SCCs in place)
  • Google - Calendar integration (US; SCCs in place)
  • Vercel - hosting (Frankfurt, EU)
  • Resend - transactional email (US; SCCs in place)
  • Backblaze B2 - call recording storage (US; SCCs in place)
  • Sentry - error monitoring (US; SCCs in place)

All sub-processors are bound by Art. 28 GDPR data processing agreements.

8. Retention

  • Call recordings: 30 days (Starter), 90 days (Pro), 365 days (Business)
  • Account data: while account is active
  • Booking records: 7 years (accounting obligations)
  • After account deletion: personal data deleted within 30 days

9. International transfers

Data is stored in EU data centres (Frankfurt). Where transfers outside the EEA occur (Telnyx, Stripe, Google, Resend, Backblaze, Sentry), appropriate Standard Contractual Clauses (Art. 46 GDPR) are in place.

10. Your rights (Arts. 15–22 GDPR)

  • Access - request a copy of your data
  • Rectification - correct inaccurate data
  • Erasure - delete your data (“right to be forgotten”)
  • Restriction - limit how we process your data
  • Portability - receive your data in JSON/CSV (available in dashboard)
  • Object - object to legitimate interest processing
  • Withdraw consent - for marketing emails, unsubscribe at any time

Minimum age: 14 years for Italy and Spain (LOPDGDD Art. 7; D.Lgs. 196/2003). 16 years for other markets. If we learn a child below these thresholds has used the service, we will delete their data promptly.

To exercise rights, email hello@parrotb.com. We respond within 30 days.

11. Supervisory authorities

You may lodge a complaint with your national supervisory authority:

  • Italy: Garante per la Protezione dei Dati Personali - garante.privacy.it
  • Spain: Agencia Española de Protección de Datos (AEPD) - aepd.es

12. Changes to this policy

We will notify you of material changes by posting the updated policy here and, where required, by email.

13. Contact

For privacy questions or to exercise your rights: hello@parrotb.com