Privacy Policy

Last Updated: June 2026

1. Introduction and Scope

MeltFlex s.r.o. (“MeltFlex”, “We”, “Us”, “Our”) is committed to protecting your privacy. This Privacy Policy explains how We collect, use, store, and protect personal information in connection with our AI phone receptionist service available at aireceptionistnow.com (the “Service”).

This policy applies to two distinct groups:

  • Business customers — companies and individuals who sign up to use our Service to manage their incoming calls.
  • Callers — third parties who call a business that uses our AI receptionist. If you are a caller, please read Section 6 which specifically covers your data.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

2. Data Controller

The data controller responsible for your personal data is:

MeltFlex s.r.o.

Bratislava, Slovak Republic

Email: info@meltflexai.com

MeltFlex s.r.o. is established within the European Union and is subject to the General Data Protection Regulation (GDPR) (EU) 2016/679.

Note for business customers: When your customers call your AI receptionist, you act as the data controller for their personal data. MeltFlex acts as your data processor in that context, processing caller data only on your behalf and according to your instructions. A Data Processing Agreement (DPA) is available upon request at info@meltflexai.com.

3. Information We Collect — Business Customers

3.1 Information You Provide Directly:

  • Email address (when creating an account)
  • Name and business name (during account setup)
  • Phone number(s) you register with the Service
  • Payment information (processed securely by Stripe; We do not store card details)
  • Call routing rules, scripts, and preferences you configure
  • Communications you send to us (support requests, feedback)

3.2 Information Collected Automatically:

  • Call metadata (call duration, timestamps, originating and destination numbers)
  • Call recordings and transcripts (only if you enable this in your account settings)
  • Device information (browser type, operating system)
  • IP address and approximate geographic location
  • Pages visited and actions taken on our website
  • Referral source (how you found our Service)
  • Cookies and similar technologies (see Section 12)

4. How We Use Business Customer Data

We use your personal data for the following purposes:

  • Providing the Service — account management, call routing, AI receptionist operation, appointment booking. Legal basis: Contract performance.
  • Subscription & Billing — processing payments, managing billing cycles, invoicing. Legal basis: Contract performance, legal obligation.
  • Service Improvement — understanding how users interact with our platform, identifying bugs, improving call quality and AI accuracy. Legal basis: Legitimate interest.
  • Support & Communication — responding to support requests, sending essential service notifications (subscription confirmations, outages, policy updates). Legal basis: Contract performance, legitimate interest.
  • Marketing — sending product updates or promotional communications. Legal basis: Consent (you may unsubscribe at any time via the link in any email or by contacting us).
  • Fraud Prevention & Security — detecting and preventing abuse, unauthorized access, and fraudulent activity. Legal basis: Legitimate interest.
  • Legal Compliance — complying with applicable laws and regulations. Legal basis: Legal obligation.

We do not use your personal data for automated decision-making or profiling that produces legal effects.

5. Legal Basis for Processing (GDPR Summary)

  • Contract Performance (Art. 6(1)(b)) — processing necessary to provide the Service
  • Legitimate Interest (Art. 6(1)(f)) — analytics, security, fraud prevention, service improvement
  • Consent (Art. 6(1)(a)) — marketing emails, call recording features, non-essential cookies
  • Legal Obligation (Art. 6(1)(c)) — retaining financial records as required by Slovak and EU law

6. Caller Data — Third-Party Data Subjects

When a caller contacts a business that uses our AI receptionist, their call is handled by our AI system. In this context, the business (our customer) is the data controller for the caller's personal data. MeltFlex processes caller data solely as a data processor acting on the business's instructions.

What data is processed from callers:

  • Phone number (caller ID)
  • Call duration and timestamp
  • Spoken content processed in real-time by our AI to generate a response
  • Call recording and transcript (only if the business customer has enabled this feature)

Caller consent and transparency:

Businesses using our Service are required by our Terms of Service to inform their callers that they may be interacting with an AI system, and to obtain any necessary consents (including for call recording) in accordance with applicable law. MeltFlex includes an automated disclosure at the start of each call where technically feasible.

If you are a caller and wish to exercise your GDPR rights (access, erasure, etc.) in relation to a call you made to a business using our Service, you should contact that business directly. If you are unable to do so, contact us at info@meltflexai.com and We will assist in directing your request appropriately.

7. Data Sharing and Third-Party Processors

We do not sell your personal data. We share data only with the following third-party service providers who process data strictly on our behalf:

  • Twilio Inc. (USA) — telephony infrastructure, call routing, and voice AI processing. Privacy Policy
  • Stripe Inc. (USA) — subscription payment processing. Privacy Policy
  • Vercel Inc. (USA) — website and application hosting. Privacy Policy
  • Supabase Inc. (USA) — database hosting and authentication. Privacy Policy
  • Google LLC (USA) — analytics (Google Analytics), font delivery (Google Fonts). Privacy Policy
  • PostHog Inc. (USA) — product analytics and session recording. Privacy Policy

Each processor is bound by a data processing agreement (DPA) and processes data only as instructed by Us. We verify that all processors provide adequate data protection guarantees.

We may also disclose your data if required by law, court order, or to protect the rights, property, or safety of MeltFlex, our customers, or the public.

8. International Data Transfers

Several of our third-party processors (Twilio, Stripe, Vercel, Supabase, Google, PostHog) are based in the United States. Transfers of personal data from the EEA to the US are carried out using one or more of the following safeguards:

  • EU-US Data Privacy Framework (DPF) — for processors certified under the DPF as recognised by the European Commission's adequacy decision of July 2023
  • Standard Contractual Clauses (SCCs) — approved by the European Commission under Decision 2021/914, applied where DPF certification does not cover the specific transfer

You may request a copy of the applicable transfer safeguards by contacting us at info@meltflexai.com.

9. Google Fonts

Our website uses Google Fonts, loaded via Next.js's built-in font optimization. Fonts are downloaded and self-hosted at build time by our hosting provider (Vercel), meaning your browser does not make direct requests to Google servers when visiting our website. No IP address or personal data is transmitted to Google as a result of font loading.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication and session management
  • Role-based access controls limiting data access to authorized personnel only
  • Regular security reviews, vulnerability assessments, and monitoring
  • Incident response procedures for data breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, We will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

While We strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
  • Call metadata: Retained for up to 12 months, then deleted or anonymized.
  • Call recordings & transcripts: Retained for the period configured in your account settings (if enabled). Deleted on account closure.
  • Payment records: Retained for up to 10 years as required by Slovak tax and accounting law.
  • Analytics data: Retained for up to 24 months, then anonymized or deleted.
  • Support communications: Retained for up to 24 months after resolution.
  • Marketing consent records: Retained for the duration of the relationship plus 3 years to demonstrate compliance.

12. Cookies and Local Storage

We use the following categories of cookies and similar technologies:

  • Essential cookies — required for the Service to function (session management, authentication). Cannot be disabled. Legal basis: Legitimate interest / contract performance.
  • Analytics cookies — Google Analytics and PostHog to understand website usage, measure performance, and improve the Service. Legal basis: Consent.
  • Preference cookies — storing your settings and preferences (e.g., selected country code). Legal basis: Legitimate interest.

Non-essential cookies are only placed with your consent, which you can give or withdraw at any time via your browser settings or by contacting us. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

13. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of Access (Art. 15) — request a copy of the personal data We hold about you
  • Right to Rectification (Art. 16) — request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17) — request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations
  • Right to Restrict Processing (Art. 18) — request that We limit how We use your data
  • Right to Data Portability (Art. 20) — receive your data in a structured, machine-readable format (JSON or CSV)
  • Right to Object (Art. 21) — object to processing based on legitimate interest, including direct marketing
  • Right to Withdraw Consent (Art. 7(3)) — withdraw consent at any time where processing is based on consent, without affecting prior processing
  • Rights related to automated decision-making (Art. 22) — We do not carry out solely automated decision-making with legal or similarly significant effects

To exercise any of these rights, contact us at info@meltflexai.com. We will respond within 30 days (extendable by a further 60 days for complex requests, with notice).

You also have the right to lodge a complaint with a supervisory authority. In Slovakia, this is the Office for Personal Data Protection of the Slovak Republic:
Website: dataprotection.gov.sk
Address: Hraničná 12, 820 07 Bratislava, Slovak Republic

14. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If We become aware that We have collected data from a child under 16 without verifiable parental consent, We will delete it promptly. If you believe We may have inadvertently collected such data, please contact us at info@meltflexai.com.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Changes will be posted on this page with an updated “Last Updated” date. For material changes, We will notify active account holders by email at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

16. Contact Us

If you have any questions about this Privacy Policy, how We handle your data, or wish to exercise your rights, please contact us:

Email: info@meltflexai.com

MeltFlex s.r.o.

Bratislava, Slovak Republic

We aim to respond to all privacy-related enquiries within 5 business days and to resolve them within 30 days.