Your Privacy Matters

Privacy Policy

Last updated: March 11, 2026

1. Introduction

Business Cheetah (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business advisory platform and related services.

We are a company registered in the United Kingdom and operate in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws including the California Consumer Privacy Act (CCPA) for our US users.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, and role
  • Business Information: Company details, industry, revenue figures, team size, and business goals
  • Communication Data: Voice call recordings, transcripts, chat messages, and WhatsApp conversations with our AI agents
  • Payment Information: Billing details processed securely through Stripe (we do not store full card numbers)
  • User Content: Documents, pitch decks, and other materials you upload or create

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on platform
  • Log Data: IP address, access times, referring URLs
  • Cookies: Essential and analytics cookies (see Section 8)

2.3 Voice & Call Data

When you call our AI phone system, we record and transcribe these conversations to provide our service. This includes the phone number you call from, call duration, and the content of your conversation. You consent to this recording when you engage with our phone service.

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide AI-powered business advice, generate deliverables, and support your business goals
  • Personalisation: To tailor our AI agents' responses and recommendations to your specific business context
  • Communication: To send you updates, reminders, and support messages via email, SMS, or WhatsApp
  • Payment Processing: To process subscriptions, Ops Unit purchases, and seat management
  • Improvement: To analyse usage patterns and improve our AI models and user experience
  • Legal Compliance: To comply with applicable laws and respond to lawful requests
  • Security: To detect, prevent, and address technical issues and fraudulent activity

3A. Third-Party AI Services & Your Data

Business Cheetah is an AI-powered business advisory platform. Core features of the app — including AI chat, voice calls, document generation, and personalised advice — require your data to be processed by third-party AI service providers. This section explains exactly what data is shared, who it is shared with, and how we obtain your permission.

What Data Is Sent to AI Services

  • Conversation content: Messages, prompts, and queries you send to AI advisors within the app
  • Business context: Company name, industry, goals, and other business details you provide, used to personalise AI responses
  • Voice and call data: Audio from AI voice calls and meetings, which is transmitted for real-time transcription and response generation
  • Documents and uploads: Files or content you share with AI advisors for analysis or generation

We do not send passwords, payment card numbers, or authentication tokens to AI service providers.

Who Receives Your Data

Your data is processed by the following categories of third-party AI service providers:

Language ModelsOpenAI and Anthropic — process text-based conversations, generate advice, create documents, and analyse your business data
Voice AIVAPI — processes voice call audio for real-time AI conversations, transcription, and voice-based advisory sessions
Cloud InfrastructureGoogle Cloud / Firebase — stores your account data, business information, and conversation history
MessagingTwilio and Resend — deliver SMS, WhatsApp messages, and emails on behalf of the platform

All third-party providers are contractually required to protect your data and may not use it for their own purposes, including training their models on your data, unless separately disclosed by those providers in their own privacy policies.

How We Obtain Your Permission

Before your data is shared with any third-party AI service, the app presents a clear data consent screen that explains what data is sent, identifies the service providers, and requires your explicit agreement before proceeding. This consent is collected in-app prior to your first use of AI-powered features. You may also review and manage your data preferences at any time through the app settings or by contacting us at hello@cheetah.business.

Data Protection Measures

  • All data transmitted to third-party AI services is encrypted in transit using TLS
  • We minimise the data sent — only information relevant to the specific AI request is transmitted
  • Your data is not used to train third-party AI models
  • We do not sell your personal information to any third party
  • You may request deletion of your data at any time (see Section 9)

4. Legal Basis for Processing (UK/EU Users)

Under UK GDPR, we process your data based on:

  • Contract: Processing necessary to provide our services to you
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate Interest: For business operations, security, and service improvement
  • Legal Obligation: Where we must comply with legal requirements

5. How We Share Your Information

We share your information with:

  • Service Providers: Third parties that help us deliver our services:
    • VAPI (voice AI processing)
    • OpenAI & Anthropic (AI language models)
    • Firebase/Google Cloud (data storage)
    • Stripe (payment processing)
    • Twilio (SMS and WhatsApp messaging)
    • Resend (email delivery)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with any merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

6. International Data Transfers

As a UK company serving customers worldwide, your data may be transferred to and processed in countries outside the UK, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK ICO
  • Transfers to countries with adequate data protection laws
  • Additional technical and organisational measures to protect your data

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active and for 2 years after closure
  • Call Recordings: Retained for 12 months, then automatically deleted
  • Transaction Data: Retained for 7 years for legal and tax compliance
  • Analytics Data: Aggregated and anonymised after 24 months

You may request earlier deletion of your data (see Section 9).

8. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for the platform to function (authentication, security)
  • Analytics Cookies: Help us understand how you use our platform
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

9. Your Rights

Depending on your location, you have the following rights:

UK/EU Users (UK GDPR)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your data
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent

US Users (California - CCPA)

  • Right to know what personal information we collect and how it's used
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at hello@cheetah.business.

10. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication systems
  • Regular security assessments and monitoring
  • Access controls limiting who can view your data
  • Secure cloud infrastructure (Google Cloud, Firebase)

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

11. Mobile Application

Our iOS and Android mobile applications collect and process the following additional data:

11.1 Device Permissions

  • Microphone: Used for voice calls and voice messages with AI team members. Audio is processed in real-time and may be recorded for service delivery.
  • Camera: Used for video calls and sharing images with AI agents for analysis. Images are transmitted securely and not stored beyond the conversation context.
  • Photo Library: Used to share existing images with AI agents and to save generated content. We only access photos you explicitly select.
  • Push Notifications: Used to deliver meeting reminders, agent responses, and important updates. You can disable these in your device settings at any time.

11.2 AI-Generated Content

Our mobile application features AI-powered chat and voice interactions with virtual business advisors. All responses are generated by artificial intelligence and are clearly identified as such within the app. AI-generated advice, documents, strategies, and other content:

  • Are produced by large language models (LLMs) and may contain inaccuracies
  • Should not be relied upon as professional legal, financial, tax, or investment advice
  • Are personalised based on information you provide but are not a substitute for qualified human professionals
  • May be stored to improve your experience and maintain conversation continuity

11.3 Offline Data

The app may cache data locally on your device for offline access. This cached data is encrypted and is cleared when you sign out or delete the app. No sensitive personal data is stored in unencrypted local storage.

11.4 Third-Party SDKs

Our mobile application uses the following third-party services which may collect data as described in their respective privacy policies:

  • Firebase (Google) — authentication, analytics, cloud messaging, and data storage
  • Google Sign-In — for optional calendar and email integrations only (not used for account creation)

12. Children's Privacy

Our services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we may also notify you by email.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

hello@cheetah.business
+44 7367 167528

For UK/EU users: You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.