Privacy Policy - Fortress Privacy Ltd

Last updated: September 2025

1. Who We Are

Fortress Privacy Ltd (“we”, “us”, “our”) is the operator of Andrew AI ("the Service"), a privacy-first AI receptionist built for UK businesses. Your privacy matters to us. We commit to handling data responsibly, securely, and in full compliance with the UK GDPR and Data Protection Act 2018.

2. Data Processor

  • Company: Fortress Privacy

  • Service name: Andrew AI

  • Email: andrewai.fortressprivacy@gmail.com

  • Data Protection Officer: Ekene Emmanuel

3. Information We Collect

3.1 Website Visitors

  • Contact Information: Name, email address, phone number, company name

  • Technical Data: IP address, browser type, device information, website usage analytics

  • Communication data: Messages sent through contact forms, chat widgets, or email

3.2 Andrew AI Service Users

  • Account Data: Business name, contact details, billing information

  • Call Data: Voice recordings, call transcripts, caller information (name, phone number, appointment details)

  • Integration Data: Calendar information, booking system data, customer management system data

  • Usage Data: Call volume, response times, system performance metrics

3.3 End-User Callers (Your Customers)

  • Call Information: Voice recordings, phone numbers, names provided during calls

  • Appointment Data: Booking details

  • Communication Records: SMS confirmations, follow-up messages

4. Legal Basis For Processing

We process personal data under the following legal bases:

  • Legitimate Interest: Website analytics, service improvement, fraud prevention

  • Contract Performance: Providing Andrew AI services, processing payments

  • Consent: Marketing communications (where required)

  • Legal Obligation: Tax records, regulatory compliance

5. How We Use Your Data

5.1 Service Delivery

  • Operate Andrew AI receptionist services

  • Process and route calls appropriately

  • Book appointments and send confirmations

  • Generate call summaries and reports

  • Provide customer support

5.2 Business Operations

  • Process payments and manage accounts

  • Improve our AI models and service quality

  • Comply with legal and regulatory requirements

  • Prevent fraud and ensure security

5.3 Marketing (with consent)

  • Send service updates and newsletters

  • Provide relevant product information

  • Conduct market research

6. AI Processing and Voice Data

6.1 Voice Recognition and Processing

  • Voice calls are processed by our AI system to understand and respond to callers

  • Speech-to-text conversion occurs in real-time for service delivery

  • AI models may learn from aggregated, anonymized data to improve performance

  • Individual voice recordings are not used to train AI models without explicit consent

6.2 Data Retention for AI Services

  • Active Call Recordings: Retained for 12 months for quality assurance

  • Call Transcripts: Retained for 24 months for service improvement

  • Anonymized Analytics: Retained indefinitely for system enhancement

7. International Data Transfers

Some of our service providers may be located outside the UK/EU. We ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate data protection

  • Standard Contractual Clauses: For transfers to other countries

  • Specific Safeguards: Additional security measures where required.

8. Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data encrypted in transit and at rest

  • Access Controls: Limited access on a need-to-know basis

  • Regular Reviews: Security measures reviewed and updated regularly

  • Incident Response: Procedures in place for potential data breaches

9. Your Rights Under GDPR

You have the right to:

9.1 Access and Portability

  • Request copies of your personal data

  • Receive data in a portable format

9.2 Correction and Deletion

  • Correct inaccurate personal data

  • Request deletion of your data (right to be forgotten)

9.3 Processing Restrictions

  • Restrict how we process your data

  • Object to processing based on legitimate interests

  • Object to marketing communications

9.4 Automated Decision Making

  • Not be subject to purely automated decision-making

  • Request human review of automated decisions

10. Exercising Your Rights

To exercise your rights:

  • Email: andrewai.fortressprivacy@gmail.com

We will respond within 30 days of receiving your request.

11. Security Measures

We implement appropriate technical and organizational measures:

  • Encryption: Data encrypted in transit and at rest

  • Access Controls: Role-based access to personal data

  • Staff Training: Regular privacy and security training

  • Incident Response: Procedures for data breach management

12. Complaints

If you're unhappy with how we handle your data:

  1. Contact us directly at privacy@andrewai.co.uk

  2. Complain to the Information Commissioner's Office (ICO)

    • Website: ico.org.uk

    • Helpline: 0303 123 1113

13. Changes to This Policy

We may update this privacy policy to reflect:

  • Changes in our services

  • Legal or regulatory requirements

  • Best practice improvements

We will notify you of significant changes via email or website notice..