Privacy Policy
Last updated: 2026-06-07 · Valen AI Solutions, Marbella, Spain
This Privacy Policy describes how Valen AI Solutions ("we", "us") collects, uses and protects personal data when you (a) visit valenaisolutions.com, (b) call a phone number we operate on behalf of a client, or (c) use our client dashboard.
1. Who is the data controller?
When you visit our website or contact us directly, Valen AI Solutions is the data controller. When you phone, text or email a business that uses Valen AI as its receptionist, that business is the data controller and Valen AI Solutions acts as their data processor under a written Data Processing Agreement (DPA).
2. What data we collect
From website visitors: form submissions (name, email, phone, company, message), basic technical logs (IP, browser), and analytics events. From callers: phone number, the audio recording of the call, an automated transcript, an AI-generated summary, and metadata (timestamp, duration, language). From clients of Valen AI: account email, name, business details, billing information, calendar feed URLs (if linked).
3. Legal basis (GDPR Art. 6)
Contract — to provide the service you requested. Legitimate interest — to operate, secure and improve our service, and to respond to enquiries. Consent — for non-essential cookies and analytics. Legal obligation — for tax, accounting and security records.
4. Call recording, transcription and AI
Every call answered by Valen AI is announced as an automated/AI assistant within the first seconds, and where the client requires it, the caller is told the call is being recorded. The caller may at any moment say "transfer to a human" or "stop recording" — Valen AI will respect that request (subject to the client's configuration). Recordings, transcripts and summaries are encrypted at rest in the European Union.
5. Data retention
Call recordings, transcripts and AI-generated summaries: 90 days by default, then deleted. Clients may shorten or extend this by written instruction. Contact-form submissions: 24 months. Account / billing records: 7 years (Spanish tax law). Anonymised analytics: 26 months.
6. Sub-processors
We rely on the following sub-processors. Each is contractually bound by GDPR-compliant terms.
- ·Retell AI (USA, with EU SCCs) — voice AI engine, call audio & transcript processing
- ·Emergent Cloud (EU region) — application hosting, MongoDB storage
- ·Twilio / WhatsApp Business (when enabled) — telephony & messaging transport
- ·Resend / SendGrid (when enabled) — transactional email
- ·Google / Microsoft / Apple (calendar feeds) — only when a client links them
7. Your rights
You have the right to access, rectify, erase, restrict or object to processing of your personal data, and the right to data portability. Send any request to hello@valenaisolutions.com — we will respond within 30 days. You also have the right to lodge a complaint with the AEPD (Spanish Data Protection Authority).
8. International transfers
Retell AI processes some data in the United States under Standard Contractual Clauses (SCCs) approved by the European Commission. No other transfers outside the EEA occur without an equivalent safeguard.
9. Security
TLS in transit, AES-256 at rest, hashed passwords (bcrypt), JWT-based auth, per-tenant data isolation, signature-verified webhooks, IP-based rate limiting and full audit logs.
10. Cookies
We use a single first-party cookie for session preferences (language and authentication token). We do not set marketing or third-party tracking cookies without your consent — see the banner shown on your first visit.
11. Changes & contact
We may update this policy. Material changes will be announced on this page. Questions: hello@valenaisolutions.com.