Privacy Policy

1. Introduction

Business Cheetah (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered business advisory platform and related services.

We are a company registered in the United Kingdom and operate in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international data protection laws including the California Consumer Privacy Act (CCPA) for our US users.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, business name, and role
• Business Information: Company details, industry, revenue figures, team size, and business goals
• Communication Data: Voice call recordings, transcripts, chat messages, and WhatsApp conversations with our AI agents
• Payment Information: Billing details processed securely through Stripe (we do not store full card numbers)
• User Content: Documents, pitch decks, and other materials you upload or create

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on platform
• Log Data: IP address, access times, referring URLs
• Cookies: Essential and analytics cookies (see Section 8)

2.3 Voice & Call Data

When you call our AI phone system, we record and transcribe these conversations to provide our service. This includes the phone number you call from, call duration, and the content of your conversation. You consent to this recording when you engage with our phone service.

3. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide AI-powered business advice, generate deliverables, and support your business goals
• Personalisation: To tailor our AI agents' responses and recommendations to your specific business context
• Communication: To send you updates, reminders, and support messages via email, SMS, or WhatsApp
• Payment Processing: To process subscriptions and one-time payments
• Improvement: To analyse usage patterns and improve our AI models and user experience
• Legal Compliance: To comply with applicable laws and respond to lawful requests
• Security: To detect, prevent, and address technical issues and fraudulent activity

4. Legal Basis for Processing (UK/EU Users)

Under UK GDPR, we process your data based on:

• Contract: Processing necessary to provide our services to you
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legitimate Interest: For business operations, security, and service improvement
• Legal Obligation: Where we must comply with legal requirements

5. How We Share Your Information

We share your information with:

• Service Providers: Third parties that help us deliver our services:
  • VAPI (voice AI processing)
  • OpenAI & Anthropic (AI language models)
  • Firebase/Google Cloud (data storage)
  • Stripe (payment processing)
  • Twilio (SMS and WhatsApp messaging)
  • Resend (email delivery)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with any merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

6. International Data Transfers

As a UK company serving customers worldwide, your data may be transferred to and processed in countries outside the UK, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Transfers to countries with adequate data protection laws
• Additional technical and organisational measures to protect your data

7. Data Retention

We retain your personal data for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

• Account Data: Retained while your account is active and for 2 years after closure
• Call Recordings: Retained for 12 months, then automatically deleted
• Transaction Data: Retained for 7 years for legal and tax compliance
• Analytics Data: Aggregated and anonymised after 24 months

You may request earlier deletion of your data (see Section 9).

8. Cookies & Tracking

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for the platform to function (authentication, security)
• Analytics Cookies: Help us understand how you use our platform
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

9. Your Rights

Depending on your location, you have the following rights:

UK/EU Users (UK GDPR)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Where processing is based on consent

US Users (California - CCPA)

• Right to know what personal information we collect and how it's used
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your rights

To exercise any of these rights, contact us at hello@cheetah.business.

10. Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication systems
• Regular security assessments and monitoring
• Access controls limiting who can view your data
• Secure cloud infrastructure (Google Cloud, Firebase)

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

11. Children's Privacy

Our services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. For significant changes, we may also notify you by email.