.png)
Last updated: 23/2/2026
This Privacy Policy explains how Vlok Ltd (“Vlok”, “we”, “us”) processes personal data when providing the Vlok.ai voice booking service (“Service”).
This policy applies to:
● Restaurant and hospitality clients using the Service
● Individuals who interact with the Service by phone or SMS
Vlok Ltd is a company registered in England and Wales, with its registered office at The Oval, 57 New Walk, Leicester, England, LE1 7EA.
For the purposes of UK data protection law:
● Clients are the Data Controllers
● Vlok Ltd is the Data Processor
When providing the Service, we may process the following categories of personal data:
● Caller phone numbers
● Call metadata (timestamps, duration)
● Booking details (date, time, party size)
● SMS messages and confirmations
● Call transcripts and interaction logs
● Operational data supplied by the Client (menus, opening hours, booking rules)
Audio recordings of calls are not stored unless explicitly agreed in writing.
Personal data is processed solely to:
● Provide and operate the Service
● Answer calls and manage bookings
● Send booking confirmations and information
● Improve service quality and accuracy
● Monitor system performance and reliability
● Maintain audit logs
● Comply with legal and regulatory obligations
Processing is carried out on the following legal bases:
● Performance of a contract (providing the Service)
● Legitimate interests (service improvement, fraud prevention, system monitoring)
● Legal obligations (compliance with applicable laws)
We retain personal data only for as long as necessary.
● Call transcripts are typically retained for 30–180 days
● Booking and operational data is retained as required to deliver the Service and meet legal obligations
● After retention periods expire, data is deleted or anonymised
Anonymised or aggregated data may be retained indefinitely for service improvement and analytics.
We use trusted third-party service providers (“Sub-Processors”) to deliver the Service, including:
● Telecommunications providers (e.g. Twilio)
● Cloud hosting providers
● AI model providers
● Analytics, monitoring, and logging services
● SMS delivery services
Sub-Processors only process data under our instructions and are subject to appropriate contractual safeguards.
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
● UK-approved Standard Contractual Clauses (SCCs)
● Adequacy decisions where applicable
We implement appropriate technical and organisational measures to protect personal data, including:
● Encryption in transit and at rest
● Access controls and authentication
● Audit logging
● Secure hosting environments
Clients are responsible for:
● Informing callers that calls may be answered by an automated system
● Informing callers that interactions may be transcribed
● Ensuring lawful instructions are provided to Vlok
● Maintaining their own privacy notices and compliance obligations
As Vlok acts as a Data Processor, requests relating to personal data (such as access, deletion, or correction) should be directed to the relevant Client (the Data Controller).
Where required, Vlok will assist Clients in responding to data subject requests.
In the event of a personal data breach involving Client data, Vlok will notify the Client without undue delay and provide relevant information to support regulatory obligations.
We may update this Privacy Policy from time to time.
Any changes will be published on our website and take effect upon publication.
For privacy or data protection enquiries, contact:
support@vlok.ai
