top of page

Privacy Policy

BeMe – Privacy Policy

Last Updated: 16 November 2025

1. Who We Are

BeMe Limited ("BeMe", "we", "us") is a company registered in the Isle of Man.

We comply with:

  • UK GDPR

  • EU GDPR

  • Isle of Man Data Protection Act 2018

  • California Consumer Privacy Act (CCPA), as amended by the CPRA, applied as the baseline for all U.S. users

Where multiple laws apply, we follow the strictest standard.

Contact: support@justbeme.ai

2. Scope of this Policy

This Privacy Policy applies to:

  • All visitors and users of BeMe websites, apps, and services (the "Service")

  • All U.S. users, to whom we grant CPRA-level rights

  • Users worldwide

  • Data we process as Controller (your account and service data)

  • Data we process as Processor (data relating to your customers or contacts)

This Policy does not cover third-party services outside our control.

3. What We Collect

3.1 Account Data (Controller)

  • Name, email, authentication credentials

  • Subscription tier, renewal date, and billing status

(Note: Payment card details are handled exclusively by Stripe, Apple, or Google. BeMe never receives or stores payment information.)

3.2 Service Data (Controller)

  • Messages, chats, and files you input

  • AI configuration, settings, and memory

  • Scheduling preferences, connected integrations

  • Diagnostics, logs, and usage data

  • Call audio, recordings, transcripts, and call metadata (required for Service delivery)

3.3 Customer/Contact Data (Processor)

When you use BeMe to manage your customers, we process (under your instructions):

  • Names, phone numbers, email addresses

  • Booking information, job history

  • Notes or communication logs

  • Any data you choose to store in BeMe about your customers

You remain the Controller for this data. BeMe acts solely as your Processor.

3.4 Technical & Device Data

  • Device model, OS, app version

  • Browser type/version

  • IP address and location metadata

  • Crash logs and performance metrics

3.5 Support Communications

  • Emails and conversations with support

  • Problem descriptions and attachments

  • Diagnostic logs (with your permission)

3.6 Cookies & Analytics

We use:

  • Necessary cookies (authentication, session security)

  • Functional cookies (settings and performance)

  • Analytics cookies to improve the Service

We do not use cross-site advertising trackers.

3.7 Voice & Media Processing

If you use BeMe for calls or voice interactions, we process:

  • Audio for speech-to-text

  • Text for text-to-speech

  • Call recordings

  • Transcripts

  • Metadata about call performance

We do NOT:

  • Use audio for biometric identification

  • Sell or share audio

  • Provide audio/transcripts to external AI training systems

Call recordings and transcripts are stored securely and accessed only when necessary to provide the Service, troubleshoot issues, or respond to support requests.

We may use aggregated, anonymized system performance metrics (not including call content) to improve Service reliability and diagnostics.

4. Lawful Bases for Processing

We process data under:

  • Contractual necessity – to deliver the Service

  • Legitimate interests – improving reliability, preventing abuse, securing the Service

  • Legal obligations – compliance with regulations

  • Consent – where legally required (e.g., marketing communications)

5. Our "On/Off" Retention Model

BeMe retains your data only while your account is active.

When your subscription ends:

  • Your account terminates at the end of the billing period

  • Your Service data (including audio/transcripts) is deleted

  • Minimal security logs may be retained for up to 90 days

  • Legal/financial records (e.g., invoices) are retained for up to 6 years as required by UK tax regulations and accounting standards

  • Backups purge automatically between 30–90 days

  • Aggregated/anonymised analytics may be kept indefinitely

You may export your data at any time before cancellation.

6. Controller vs Processor

BeMe as Controller

We act as Controller for:

  • Your account data

  • Service data (your settings, logs, preferences, etc.)

  • Technical and analytics data

BeMe as Processor

We act as Processor for:

  • Your customers'/contacts' data

  • Only on your instructions

  • Under our Data Processing Addendum (DPA) available at www.justbeme.ai/dpa

We never use your customers' data for our own purposes.

7. International Transfers

7.1 Region-Based Storage

BeMe provisions data storage in the geographic region associated with your account location. When you create an account, your data is stored on AWS servers in your region and remains there.

We do not transfer your data outside your region except:

  • Where required to provide support or diagnostics

  • To sub-processors delivering specific service functions (see Section 8)

  • To comply with legal obligations

All cross-border transfers use appropriate safeguards as described in Section 7.2.

7.2 Transfer Safeguards

Where cross-border transfers occur, we rely on:

  • Adequacy decisions

  • Standard Contractual Clauses (SCCs)

  • UK Addendum

  • Additional safeguards and risk assessments

8. Suppliers & Sub-Processors

We use trusted third-party providers to deliver the Service. A full list of current vendors can be provided upon request in writing.

All sub-processors operate under data protection agreements compliant with GDPR/UK GDPR standards.

We reserve the right to change any of our vendors at any time.


9. Security

Current Controls

  • Encryption in transit (TLS 1.2+)

  • Secrets managed securely

  • Authentication via OTP

  • Webhook signature validation

  • Logging and audit trails

We continuously enhance our security measures to protect your data.

Out of Scope

  • PCI DSS (we do not process card data)

  • HIPAA

  • Physical security (fully cloud-hosted)

10. Your Rights

Under GDPR/UK GDPR/IoM users may:

  • Access data

  • Rectify inaccuracies

  • Delete data

  • Restrict processing

  • Receive a copy (portability)

  • Object to processing

  • Withdraw consent

Under CCPA/CPRA (for all U.S. users):

  • Know what data we collect

  • Access specific information

  • Correct data

  • Delete data

  • Opt-out of sale/sharing (BeMe never sells data)

  • Limit sensitive data use

  • Freedom from discrimination

  • Use an authorised agent

Requests: support@justbeme.ai

We aim to respond within 30 days (45 days for California residents as required by law).

11. Cookies & Tracking

We use:

  • Necessary cookies – Essential for authentication and security

  • Functional cookies – Settings and performance

  • Analytics cookies – Service improvement

We do not use cross-site advertising identifiers.

Users may manage cookies via browser settings.

12. Automated Decision-Making

We do not use automated decision-making with legal or significant effects.

If this changes, we will update this Policy and provide required rights.

13. Children's Privacy

The Service is not intended for children under 16.

We do not knowingly process children's data. If found, we delete it immediately.

14. Call Recording & Caller Consent

BeMe records calls for service delivery and support purposes.

You are responsible for ensuring callers are informed that:

  • They are speaking with an AI assistant

  • The call may be recorded

You must comply with applicable recording consent laws in your jurisdiction. For details on recording requirements, see our Terms & Conditions at www.justbeme.ai/terms-and-conditions

15. Policy Changes

We may update this Privacy Policy from time to time.

For material changes, we will provide at least 14 days' notice via email or in-app notification.

For recurring subscriptions, the version in effect at renewal applies.

If you disagree with changes, you may cancel before renewal.

16. Contact

BeMe Limited
support@justbeme.ai

This document is effective as of the date shown above and supersedes all prior versions.

Retry

Claude can make mistakes.
Please double-check responses.

bottom of page