Privacy Policy

Last updated: 20 April 2026 · Effective: 20 April 2026

This Privacy Policy explains how Movable Voice Ltd. handles personal data in connection with the Movable Voice website at www.movablevoice.com and the Movable Voice operational intelligence platform (together, the Services). It also explains your rights under UK and EEA data protection law and how to exercise them.

Movable Voice Ltd. is a company registered in England and Wales under company number 17073999, with its registered office at Fifth Floor, 167-169 Great Portland Street, London W1W 5PF, United Kingdom. In this policy, "Movable Voice," "we," "us," and "our" mean Movable Voice Ltd.

Movable Voice Ltd. is a subsidiary of Movable Voice Inc., a Delaware corporation with its registered office at 131 Continental Drive, Suite 305, Newark, Delaware 19713, United States. Movable Voice Inc. is a contracting and holding entity within our group and is a recipient of personal data as described below. Movable Voice Ltd. is the data controller of personal data processed under this policy.

1. About this policy

This policy covers personal data we hold as a controller. That includes personal data about:

  • visitors to www.movablevoice.com;
  • prospects we contact for sales and marketing;
  • individuals who attend events, webinars, or request content from us;
  • customer administrators and authorized users of the platform;
  • people who contact us for support, partnerships, or any other reason.

This policy does not cover personal data we process on behalf of our customers.When customers use the Movable Voice platform to call their operators and capture operational context, the customer is the controller of that data and Movable Voice is a processor acting on the customer's documented instructions. That processing is governed by the agreement and Data Processing Agreement between the customer and Movable Voice, not by this Privacy Policy. If you are a customer's operator and have questions about how your voice, transcript, or related information is handled, contact your employer in the first instance.

2. Personal data we collect

We collect personal data in three ways: you give it to us, we collect it automatically, and we receive it from third parties.

2.1 Data you give us

  • Contact and account details: name, business email, job title, employer, phone number where provided, and any information you choose to submit in a form or message.
  • Account credentials: account identifier and authentication details for platform users. We do not store raw passwords; passwords are hashed.
  • Correspondence: the content of emails, support tickets, chat messages, and call notes you send us.
  • Billing contact: name, billing email, and billing address where you are a paying customer. We do not store full card numbers; payments are handled by our payment processor.
  • Marketing preferences: the preferences you express when you subscribe or unsubscribe.
  • Event attendance: registration details, dietary requirements if you share them, and sessions attended.

2.2 Data we collect automatically

When you visit our website or use the platform, we automatically collect:

  • Device and connection data: IP address, browser type and version, operating system, device identifiers, time zone, and language.
  • Usage data: pages viewed, referral URL, links clicked, time spent, errors encountered, and the approximate city-level location derived from IP.
  • Cookies and similar technologies: see the Cookie Policy for full details.

2.3 Data we receive from third parties

  • Business contact data from providers such as LinkedIn Sales Navigator, Apollo, Clearbit, ZoomInfo, or similar, when we build prospect lists.
  • Enrichment data about companies you work for when you sign up or contact us.
  • Identity and fraud checks where we need them, for example for enterprise vendor security reviews.
  • Publicly available data such as posts on professional networks that you have chosen to make public.
  • Authentication data from identity providers if you sign in via single sign-on (e.g., Google, Microsoft).
  • Referrals from partners who introduce you to us, with your knowledge.

If you give us personal data about someone else (for example, a colleague's contact details), please make sure you have the authority to share that information and have told them about this policy.

3. Why we use personal data and our lawful bases

Under UK GDPR we need a lawful basis for every use of personal data. The table below summarizes our purposes, the personal data involved, and the lawful basis. Where we rely on legitimate interests, we have carried out a balancing assessment and are satisfied that our interests are not overridden by your rights.

PurposePersonal data usedLawful basis
Operate and maintain the websiteDevice data, usage data, strictly necessary cookiesLegitimate interests (running a website and keeping it secure)
Provide the platform to customersAccount data, usage data, support contentContract with our customer; legitimate interests for authorized users
Respond to enquiries, demos, and support requestsContact data, correspondenceLegitimate interests (responding to people who contact us); contract where you are a customer
Send service and transactional emailsContact data, account dataContract; legal obligation
Send marketing emails to existing customers about similar servicesContact data, marketing preferencesLegitimate interests under the PECR soft opt-in
Send marketing emails to prospectsContact data, marketing preferencesConsent (where required by PECR); legitimate interests (B2B marketing to corporate subscribers, where permitted)
Build prospect lists and conduct outbound salesBusiness contact data, enrichment dataLegitimate interests (growing a B2B business)
Run events, webinars, and content programsRegistration data, attendance dataConsent; legitimate interests
Analyze and improve the website and platformUsage data, device data, cookiesConsent for non-essential analytics; legitimate interests for aggregated server-side analysis
Secure our systems, prevent fraud, investigate abuseDevice data, usage data, logsLegitimate interests; legal obligation
Comply with law, respond to legal requests, defend claimsAs relevantLegal obligation; legitimate interests
Corporate transactions (financing, M&A)As relevantLegitimate interests

You can object to processing based on legitimate interests (see Section 8). If you object to direct marketing, we will stop.

4. Cookies and similar technologies

We use cookies and similar technologies on www.movablevoice.com. Strictly necessary cookies are always on. All other cookies (functional, analytics, marketing) are only set with your consent.

You can manage your choices at any time from the Cookie Settings link in the footer. Full details are in the Cookie Policy.

5. Who we share personal data with

We share personal data with a small number of categories of recipients.

5.1 Within our group

We share personal data between Movable Voice Ltd. and Movable Voice Inc. for intragroup administration, including billing, corporate governance, and commercial contracting. Movable Voice Ltd. remains the controller for all personal data described in this policy.

5.2 Our service providers (sub-processors)

We use third-party providers to run our business. Each provider is bound by a written agreement (including UK GDPR Article 28 terms where they act as a processor) that requires them to process personal data only on our instructions and to keep it secure. Typical categories include:

  • cloud hosting and storage;
  • speech-to-text and natural language processing;
  • customer relationship management (CRM);
  • email delivery and marketing automation;
  • customer support and helpdesk tools;
  • analytics and product telemetry;
  • payments;
  • identity and single sign-on;
  • security monitoring and incident response;
  • corporate tools for finance, HR, and productivity.

5.3 Professional advisers

Lawyers, accountants, auditors, and other professional advisers, where needed and under professional confidentiality obligations.

5.4 Authorities and parties to legal proceedings

Where we are legally required to share information, or where disclosure is necessary to protect our rights or the safety of others.

5.5 Parties to corporate transactions

If we are involved in a merger, acquisition, financing, or sale of assets, personal data may be shared with the parties to the transaction and their advisers, under confidentiality obligations.

We do not sell your personal data. We do not share it for cross-context behavioral advertising.

6. International transfers

We are a UK company and most of our data stays within the UK and EEA. Some personal data is transferred outside the UK and EEA to operate our business, including:

  • to Movable Voice Inc. in the United States for the intragroup purposes described in Section 5.1;
  • to certain service providers hosted in the United States or other jurisdictions.

Where we transfer personal data outside the UK or EEA, we put in place one or more of the following safeguards:

  • the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, where appropriate, combined with a transfer impact assessment;
  • where the recipient in the US has self-certified under the UK Extension to the EU-US Data Privacy Framework, reliance on that framework as an approved transfer mechanism;
  • transfers to countries subject to a valid adequacy regulation made by the UK government or EU Commission.

You can request a copy of the relevant safeguards by contacting us at the address in Section 11.

7. How long we keep personal data

We keep personal data only as long as we need it for the purposes described in this policy and to meet our legal, tax, and accounting obligations. Indicative periods:

CategoryPeriod
Website contact forms and enquiries2 years from last contact
Prospect records2 years from last meaningful contact
Customer account dataFor the duration of the subscription, plus 2 years
Billing and tax records6 years, as required by UK law
Support tickets3 years from resolution
Marketing preferencesFor as long as we rely on the consent or opt-in
Server and security logsUp to 12 months
BackupsRotated on a 35-day cycle

When we no longer need personal data, we delete or anonymize it. Where deletion is impractical (for example, within a backup), we isolate it until deletion is possible.

8. Your rights

UK and EEA data subjects have the following rights, subject to conditions in UK GDPR and EU GDPR:

  • Access: ask what personal data we hold about you and receive a copy.
  • Rectification: ask us to correct inaccurate or incomplete data.
  • Erasure:ask us to delete your data (the "right to be forgotten"), in certain circumstances.
  • Restriction: ask us to limit how we use your data in certain circumstances.
  • Portability: receive data you gave us in a structured, machine-readable format and, where feasible, have us send it to another controller.
  • Objection: object to processing based on legitimate interests or to direct marketing. Objections to direct marketing are always honored.
  • Withdraw consent: where we rely on consent, you can withdraw it at any time. This does not affect earlier processing.
  • Automated decisions: we do not make solely automated decisions that produce legal or similarly significant effects about you.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. If we need more time or clarification, we will tell you.

If you are unhappy with how we handle your personal data, you can complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk or by phone on 0303 123 1113. EEA data subjects can complain to their local supervisory authority; a list is at https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would appreciate the chance to address your concerns first.

9. Security

We take appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit and at rest, logging, vendor due diligence, regular backups, and staff training. No system is perfect, but we take security seriously and will tell you and the ICO about material breaches as required by law.

10. Children

Our Services are for business use. They are not directed to anyone under 18, and we do not knowingly collect personal data from anyone under 18. If you believe we have, please contact us and we will delete it.

11. How to contact us

Email: [email protected]

Post: Movable Voice Ltd., Fifth Floor, 167-169 Great Portland Street, London W1W 5PF, United Kingdom

Privacy Contact: Yan Zhang

12. US residents

If and when we have significant US-resident individual interactions (outside normal B2B sales), we will add a US state privacy rights section here covering CCPA/CPRA, VCDPA, CPA, CTDPA, and similar laws. For now, US residents can exercise the rights described in Section 8 in the same way as UK/EEA residents.

13. Changes to this policy

We update this policy from time to time. The "Last updated" date at the top shows when. For material changes, we will notify you by email or through the Services.

14. Policy history

  • 20 April 2026: initial version.