Privacy Policy
Last updated: July 2026
This Privacy Policy explains how Double Seven collects, uses, discloses, and safeguards personal data when you use our websites, the Double Seven Agents Platform, and related applications (together, the “Services”). We are committed to protecting your privacy and handling your data transparently and in accordance with the EU General Data Protection Regulation (GDPR) and other applicable laws.
1. Who we are
The Services are provided by Double Seven B.V., a company registered in the Netherlands (“Double Seven”, “we”, “us”). Double Seven is the data controller for personal data we collect about visitors and account holders. For personal data we process on behalf of our business customers (for example, end-user call content), Double Seven acts as a data processor and each customer is the controller.
For any privacy question, or to exercise your rights, contact us at privacy@doubleseven.ai. Our data protection contact can be reached at the same address.
2. The data we collect
Depending on how you interact with us, we may collect:
- Account & profile data. When you sign in with Google or Microsoft, we receive your name, email address, profile photo, and a provider account identifier. We do not receive or store your Google or Microsoft password.
- Authentication data. Sign-in events, multi-factor authentication (MFA) enrolment, and the phone number you register for MFA.
- Usage & technical data. IP address, device and browser information, log data, and product usage needed to operate and secure the Services.
- Communications. Information you provide when you contact us (for example, via our contact form or sales enquiries).
- Customer content. Data processed on behalf of our customers through the platform — such as voice-call audio, transcripts, tickets, and conversation records — which we handle only as a processor under our customer agreements.
3. How we use data and our legal bases
We process personal data on the following GDPR Article 6 legal bases:
- Performance of a contract — to create and manage your account, provide the Services, and deliver support.
- Legitimate interests — to secure the Services, prevent abuse, and improve and develop our products, balanced against your rights.
- Consent — where required, for example certain communications; you may withdraw consent at any time.
- Legal obligation — to comply with applicable laws and lawful requests.
4. Sign-in providers
We use Google and Microsoft as identity providers for “Sign in with Google” and “Sign in with Microsoft”. When you authenticate, the provider shares a limited set of profile information with us as described above and confirms your email is verified. Your use of those providers is also governed by their own privacy policies.
5. Service providers and sub-processors
We share personal data with vetted service providers that help us run the Services, under contracts that require them to protect it. These include cloud infrastructure and platform providers (Google Cloud / Firebase), our identity providers (Google, Microsoft), and providers for real-time voice, telephony, and email delivery used to operate the platform. A current list of sub-processors is available on request at privacy@doubleseven.ai.
We do not sell personal data. We disclose it only as described here, or where required by law.
6. International transfers
We aim to store and process personal data within the European Union where feasible. Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.
7. Data retention
We retain personal data only for as long as necessary for the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce our agreements. Account data is retained for the life of the account and deleted or anonymised within 24 months after account closure, unless a longer period is required by law. Customer content is retained and deleted per the relevant customer agreement.
8. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, multi-factor authentication, and least-privilege service accounts. No method of transmission or storage is completely secure, but we work continuously to protect your information.
9. Your rights
Subject to applicable law, you have the right to access, rectify, or erase your personal data; to restrict or object to processing; to data portability; and to withdraw consent. You also have the right to lodge a complaint with a supervisory authority. To exercise any right, contact privacy@doubleseven.ai. If we process your data on behalf of a customer, we will refer your request to that customer.
10. Cookies
Our public website uses only the cookies and similar technologies necessary to operate the site and, where applicable, to understand aggregate usage. You can control cookies through your browser settings.
11. Children
The Services are intended for business use and are not directed to children. We do not knowingly collect personal data from children.
12. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice.
13. Contact us
Questions about this Policy or our data practices? Email privacy@doubleseven.ai.