Privacy Policy
Last updated: 20 April 2026 · Effective: 20 April 2026
This Privacy Policy explains how Movable Voice Ltd. handles personal data in connection with the Movable Voice website at www.movablevoice.com and the Movable Voice operational intelligence platform (together, the Services). It also explains your rights under UK and EEA data protection law and how to exercise them.
Movable Voice Ltd. is a company registered in England and Wales under company number 17073999, with its registered office at Fifth Floor, 167-169 Great Portland Street, London W1W 5PF, United Kingdom. In this policy, "Movable Voice," "we," "us," and "our" mean Movable Voice Ltd.
Movable Voice Ltd. is a subsidiary of Movable Voice Inc., a Delaware corporation with its registered office at 131 Continental Drive, Suite 305, Newark, Delaware 19713, United States. Movable Voice Inc. is a contracting and holding entity within our group and is a recipient of personal data as described below. Movable Voice Ltd. is the data controller of personal data processed under this policy.
1. About this policy
This policy covers personal data we hold as a controller. That includes personal data about:
- visitors to www.movablevoice.com;
- prospects we contact for sales and marketing;
- individuals who attend events, webinars, or request content from us;
- customer administrators and authorized users of the platform;
- people who contact us for support, partnerships, or any other reason.
This policy does not cover personal data we process on behalf of our customers.When customers use the Movable Voice platform to call their operators and capture operational context, the customer is the controller of that data and Movable Voice is a processor acting on the customer's documented instructions. That processing is governed by the agreement and Data Processing Agreement between the customer and Movable Voice, not by this Privacy Policy. If you are a customer's operator and have questions about how your voice, transcript, or related information is handled, contact your employer in the first instance.
2. Personal data we collect
We collect personal data in three ways: you give it to us, we collect it automatically, and we receive it from third parties.
2.1 Data you give us
- Contact and account details: name, business email, job title, employer, phone number where provided, and any information you choose to submit in a form or message.
- Account credentials: account identifier and authentication details for platform users. We do not store raw passwords; passwords are hashed.
- Correspondence: the content of emails, support tickets, chat messages, and call notes you send us.
- Billing contact: name, billing email, and billing address where you are a paying customer. We do not store full card numbers; payments are handled by our payment processor.
- Marketing preferences: the preferences you express when you subscribe or unsubscribe.
- Event attendance: registration details, dietary requirements if you share them, and sessions attended.
2.2 Data we collect automatically
When you visit our website or use the platform, we automatically collect:
- Device and connection data: IP address, browser type and version, operating system, device identifiers, time zone, and language.
- Usage data: pages viewed, referral URL, links clicked, time spent, errors encountered, and the approximate city-level location derived from IP.
- Cookies and similar technologies: see the Cookie Policy for full details.
2.3 Data we receive from third parties
- Business contact data from providers such as LinkedIn Sales Navigator, Apollo, Clearbit, ZoomInfo, or similar, when we build prospect lists.
- Enrichment data about companies you work for when you sign up or contact us.
- Identity and fraud checks where we need them, for example for enterprise vendor security reviews.
- Publicly available data such as posts on professional networks that you have chosen to make public.
- Authentication data from identity providers if you sign in via single sign-on (e.g., Google, Microsoft).
- Referrals from partners who introduce you to us, with your knowledge.
If you give us personal data about someone else (for example, a colleague's contact details), please make sure you have the authority to share that information and have told them about this policy.
3. Why we use personal data and our lawful bases
Under UK GDPR we need a lawful basis for every use of personal data. The table below summarizes our purposes, the personal data involved, and the lawful basis. Where we rely on legitimate interests, we have carried out a balancing assessment and are satisfied that our interests are not overridden by your rights.
| Purpose | Personal data used | Lawful basis |
|---|---|---|
| Operate and maintain the website | Device data, usage data, strictly necessary cookies | Legitimate interests (running a website and keeping it secure) |
| Provide the platform to customers | Account data, usage data, support content | Contract with our customer; legitimate interests for authorized users |
| Respond to enquiries, demos, and support requests | Contact data, correspondence | Legitimate interests (responding to people who contact us); contract where you are a customer |
| Send service and transactional emails | Contact data, account data | Contract; legal obligation |
| Send marketing emails to existing customers about similar services | Contact data, marketing preferences | Legitimate interests under the PECR soft opt-in |
| Send marketing emails to prospects | Contact data, marketing preferences | Consent (where required by PECR); legitimate interests (B2B marketing to corporate subscribers, where permitted) |
| Build prospect lists and conduct outbound sales | Business contact data, enrichment data | Legitimate interests (growing a B2B business) |
| Run events, webinars, and content programs | Registration data, attendance data | Consent; legitimate interests |
| Analyze and improve the website and platform | Usage data, device data, cookies | Consent for non-essential analytics; legitimate interests for aggregated server-side analysis |
| Secure our systems, prevent fraud, investigate abuse | Device data, usage data, logs | Legitimate interests; legal obligation |
| Comply with law, respond to legal requests, defend claims | As relevant | Legal obligation; legitimate interests |
| Corporate transactions (financing, M&A) | As relevant | Legitimate interests |
You can object to processing based on legitimate interests (see Section 8). If you object to direct marketing, we will stop.
4. Cookies and similar technologies
We use cookies and similar technologies on www.movablevoice.com. Strictly necessary cookies are always on. All other cookies (functional, analytics, marketing) are only set with your consent.
You can manage your choices at any time from the Cookie Settings link in the footer. Full details are in the Cookie Policy.
5. Who we share personal data with
We share personal data with a small number of categories of recipients.
5.1 Within our group
We share personal data between Movable Voice Ltd. and Movable Voice Inc. for intragroup administration, including billing, corporate governance, and commercial contracting. Movable Voice Ltd. remains the controller for all personal data described in this policy.
5.2 Our service providers (sub-processors)
We use third-party providers to run our business. Each provider is bound by a written agreement (including UK GDPR Article 28 terms where they act as a processor) that requires them to process personal data only on our instructions and to keep it secure. Typical categories include:
- cloud hosting and storage;
- speech-to-text and natural language processing;
- customer relationship management (CRM);
- email delivery and marketing automation;
- customer support and helpdesk tools;
- analytics and product telemetry;
- payments;
- identity and single sign-on;
- security monitoring and incident response;
- corporate tools for finance, HR, and productivity.
5.3 Professional advisers
Lawyers, accountants, auditors, and other professional advisers, where needed and under professional confidentiality obligations.
5.4 Authorities and parties to legal proceedings
Where we are legally required to share information, or where disclosure is necessary to protect our rights or the safety of others.
5.5 Parties to corporate transactions
If we are involved in a merger, acquisition, financing, or sale of assets, personal data may be shared with the parties to the transaction and their advisers, under confidentiality obligations.
We do not sell your personal data. We do not share it for cross-context behavioral advertising.
6. International transfers
We are a UK company and most of our data stays within the UK and EEA. Some personal data is transferred outside the UK and EEA to operate our business, including:
- to Movable Voice Inc. in the United States for the intragroup purposes described in Section 5.1;
- to certain service providers hosted in the United States or other jurisdictions.
Where we transfer personal data outside the UK or EEA, we put in place one or more of the following safeguards:
- the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, where appropriate, combined with a transfer impact assessment;
- where the recipient in the US has self-certified under the UK Extension to the EU-US Data Privacy Framework, reliance on that framework as an approved transfer mechanism;
- transfers to countries subject to a valid adequacy regulation made by the UK government or EU Commission.
You can request a copy of the relevant safeguards by contacting us at the address in Section 11.
7. How long we keep personal data
We keep personal data only as long as we need it for the purposes described in this policy and to meet our legal, tax, and accounting obligations. Indicative periods:
| Category | Period |
|---|---|
| Website contact forms and enquiries | 2 years from last contact |
| Prospect records | 2 years from last meaningful contact |
| Customer account data | For the duration of the subscription, plus 2 years |
| Billing and tax records | 6 years, as required by UK law |
| Support tickets | 3 years from resolution |
| Marketing preferences | For as long as we rely on the consent or opt-in |
| Server and security logs | Up to 12 months |
| Backups | Rotated on a 35-day cycle |
When we no longer need personal data, we delete or anonymize it. Where deletion is impractical (for example, within a backup), we isolate it until deletion is possible.
8. Your rights
UK and EEA data subjects have the following rights, subject to conditions in UK GDPR and EU GDPR:
- Access: ask what personal data we hold about you and receive a copy.
- Rectification: ask us to correct inaccurate or incomplete data.
- Erasure:ask us to delete your data (the "right to be forgotten"), in certain circumstances.
- Restriction: ask us to limit how we use your data in certain circumstances.
- Portability: receive data you gave us in a structured, machine-readable format and, where feasible, have us send it to another controller.
- Objection: object to processing based on legitimate interests or to direct marketing. Objections to direct marketing are always honored.
- Withdraw consent: where we rely on consent, you can withdraw it at any time. This does not affect earlier processing.
- Automated decisions: we do not make solely automated decisions that produce legal or similarly significant effects about you.
To exercise any of these rights, contact us at [email protected]. We will respond within one month. If we need more time or clarification, we will tell you.
If you are unhappy with how we handle your personal data, you can complain to the UK Information Commissioner's Office (ICO) at https://ico.org.uk or by phone on 0303 123 1113. EEA data subjects can complain to their local supervisory authority; a list is at https://edpb.europa.eu/about-edpb/about-edpb/members_en. We would appreciate the chance to address your concerns first.
9. Security
We take appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit and at rest, logging, vendor due diligence, regular backups, and staff training. No system is perfect, but we take security seriously and will tell you and the ICO about material breaches as required by law.
10. Children
Our Services are for business use. They are not directed to anyone under 18, and we do not knowingly collect personal data from anyone under 18. If you believe we have, please contact us and we will delete it.
11. How to contact us
Email: [email protected]
Post: Movable Voice Ltd., Fifth Floor, 167-169 Great Portland Street, London W1W 5PF, United Kingdom
Privacy Contact: Yan Zhang
12. US residents
If and when we have significant US-resident individual interactions (outside normal B2B sales), we will add a US state privacy rights section here covering CCPA/CPRA, VCDPA, CPA, CTDPA, and similar laws. For now, US residents can exercise the rights described in Section 8 in the same way as UK/EEA residents.
13. Changes to this policy
We update this policy from time to time. The "Last updated" date at the top shows when. For material changes, we will notify you by email or through the Services.
14. Policy history
- 20 April 2026: initial version.