PRIVACY

1. Who We Are

BeMe Limited (“BeMe”, “we”, “us”) is a company registered in the Isle of Man.

We comply with:
UK GDPR
EU GDPR
Isle of Man Data Protection Act 2018
California Consumer Privacy Act (CCPA), as amended by the CPRA, applied as the baseline for all U.S. users

Where multiple laws apply, we follow the strictest standard.

Contact: support@justbeme.ai

2. Scope of this Policy

This Privacy Policy applies to:
All visitors and users of BeMe websites, apps, and services (the “Service”)
All U.S. users, to whom we grant CPRA-level rights
Users worldwide
Data we process as Controller (your account and service data)
Data we process as Processor (data relating to your customers or contacts)

This Policy does not cover third-party services outside our control.

3. What We Collect

3.1 Account Data (Controller)

Name, email, authentication credentials
Subscription tier, renewal date, and billing status
Payment card details are handled exclusively by Stripe, Apple, or Google. BeMe never receives or stores payment information.

3.2 Service Data (Controller)

Messages, chats, and files you input
AI configuration, settings, and memory
Scheduling preferences, connected integrations
Diagnostics, logs, and usage data
Call audio, recordings, transcripts, and call metadata required for Service delivery

3.3 Customer/Contact Data (Processor)

When you use BeMe to manage your customers, we process under your instructions:
Names, phone numbers, email addresses
Booking information, job history
Notes or communication logs
Any data you choose to store in BeMe about your customers

You remain the Controller for this data. BeMe acts solely as your Processor.

3.4 Technical & Device Data

Device model, operating system, app version
Browser type and version
IP address and location metadata
Crash logs and performance metrics

3.5 Support Communications

Emails and conversations with support
Problem descriptions and attachments
Diagnostic logs with your permission

3.6 Cookies & Analytics

Necessary cookies for authentication and session security
Functional cookies for settings and performance
Analytics cookies to improve the Service

We do not use cross-site advertising trackers.

3.7 Voice & Media Processing

If you use BeMe for calls or voice interactions, we process:
Audio for speech-to-text
Text for text-to-speech
Call recordings
Transcripts
Metadata about call performance

We do not use audio for biometric identification.
We do not sell or share audio.
We do not provide audio or transcripts to external AI training systems.

Call recordings and transcripts are stored securely and accessed only when necessary to provide the Service, troubleshoot issues, or respond to support requests.

We may use aggregated, anonymized system performance metrics, excluding call content, to improve Service reliability and diagnostics.

4. Lawful Bases for Processing

We process data under:
Contractual necessity to deliver the Service
Legitimate interests in improving reliability, preventing abuse, and securing the Service
Legal obligations
Consent where legally required, such as marketing communications

5. Our “On/Off” Retention Model

BeMe retains your data only while your account is active.

When your subscription ends:
Your account terminates at the end of the billing period
Your Service data, including audio and transcripts, is deleted
Minimal security logs may be retained for up to 90 days
Legal and financial records, such as invoices, are retained for up to 6 years as required by UK tax regulations and accounting standards
Backups purge automatically between 30 and 90 days
Aggregated or anonymised analytics may be kept indefinitely

You may export your data at any time before cancellation.

6. Controller vs Processor

BeMe as Controller

We act as Controller for:
Your account data
Service data including settings, logs, and preferences
Technical and analytics data

BeMe as Processor

We act as Processor for:
Your customers’ or contacts’ data
Only on your instructions
Under our Data Processing Addendum available at www.justbeme.ai/dpa

We never use your customers’ data for our own purposes.

7. International Transfers

7.1 Region-Based Storage

BeMe provisions data storage in the geographic region associated with your account location.
When you create an account, your data is stored on AWS servers in your region and remains there.

We do not transfer your data outside your region except:
Where required to provide support or diagnostics
To sub-processors delivering specific service functions
To comply with legal obligations

All cross-border transfers use appropriate safeguards.

7.2 Transfer Safeguards

Where cross-border transfers occur, we rely on:
Adequacy decisions
Standard Contractual Clauses
UK Addendum
Additional safeguards and risk assessments

8. Suppliers & Sub-Processors

We use trusted third-party providers to deliver the Service.
A full list of current vendors can be provided upon request in writing.

All sub-processors operate under data protection agreements compliant with GDPR and UK GDPR standards.

We reserve the right to change vendors at any time.

9. Security

Current Controls

Encryption in transit using TLS 1.2 or higher
Secrets managed securely
Authentication via one-time passwords
Webhook signature validation
Logging and audit trails

We continuously enhance our security measures to protect your data.

Out of Scope

PCI DSS, as we do not process card data
HIPAA
Physical security, as the Service is fully cloud-hosted

10. Your Rights

Under GDPR, UK GDPR, and Isle of Man law, users