Privacy Policy — BACK2YOU AI Ltd

This policy applies to:

Businesses using our services (“Clients”)

Individuals whose data is processed through those services (“End Users”)

This includes individuals interacting with AI assistants, submitting lost property enquiries, or otherwise engaging with systems powered by BACK2YOU AI Ltd.

BACK2YOU AI Ltd primarily acts as a data processor, processing personal data on behalf of our Clients, who act as data controllers.

Clients are responsible for:

determining the purpose of data collection

ensuring lawful use of personal data

complying with applicable data protection laws

In limited cases (such as internal analytics or service improvement using anonymised data), BACK2YOU AI Ltd may act as a data controller.

Business Data

Name, work email, phone number

End-User Data

First name, last name

Phone number

Description of lost items

Location and time of loss

Limited identifying details (e.g. last 4 digits of a card or ID where voluntarily provided)

Media & Communications

Call audio recordings (where enabled by the Client)

Call transcripts

Uploaded images (e.g. photos of lost property items such as clothing or phones)

We do not intentionally collect full ID documents, bank cards, or sensitive personal data.

We process data to:

operate AI assistants and handle enquiries

match lost and found items

facilitate communication between users and venues

provide dashboards and reporting to Clients

maintain system security and performance

We do not sell, rent, or trade personal data.

Our system uses a combination of rule-based logic and AI models to identify potential matches between lost and found items.

Matches are generated automatically

Matches are suggestions only

Final decisions are made by Clients or users

We do not guarantee accuracy, and human verification is expected before action is taken.

We apply structured retention rules:

Call recordings & transcripts: deleted after 60 days

Lost property records:

anonymised after 30 days (personal identifiers removed or set to NULL)

permanently deleted after 180 days

Backups: retained on a rolling 7-day basis and subject to the same anonymisation logic

Clients can only access their own data (tenant-level isolation enforced)

Access is restricted using row-level security, API controls, and IP restrictions

Clients may:

view records

mark items as claimed/unclaimed

Clients cannot freely edit or manipulate stored personal data.

Where call recording is enabled:

Callers are informed via a pre-recorded message at the start of the call

Continuing the call constitutes acknowledgment of this notice

If a caller does not wish to be recorded, they should not proceed with the call.

We implement technical and organisational safeguards including:

encryption in transit

secure cloud storage

row-level security (RLS)

API key restrictions

IP allowlisting

restricted internal access

Some service providers process data outside the UK/EEA.

To safeguard data:

Data Processing Agreements (DPAs) are in place

Standard Contractual Clauses (SCCs) are used

UK International Data Transfer Addendum is applied where required

We use Google Analytics to understand website usage.

Data is aggregated and used for performance insights

No direct identification of users is intended

Further details are provided in our Cookie Policy.

Individuals have the right to:

access their data

correct inaccurate data

request deletion

restrict or object to processing

request data portability

Requests: info@back2youai.com

Response time: within one calendar month

We maintain internal incident response procedures.

Where required, we will notify relevant authorities and affected individuals in accordance with legal obligations.

Our services are intended for use by businesses and their staff.

We do not knowingly target or provide services directly to children.

BACK2YOU AI Ltd provides infrastructure and automation tools.

We are not responsible for:

how Clients use personal data

decisions made based on system outputs

inaccurate or misleading information provided by users

verification of lost property ownership

AI-generated matches are suggestions only and must be independently verified.

For questions or requests:

info@back2youai.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).