Privacy Policy

Last updated: 13 April 2026

This policy explains how Semper Agent Limited (Company No. 17165431) ("we", "us", "our") collects, uses, and protects personal data when you use the Semper platform ("Service").

1. Who we are

Semper Agent Limited (Company No. 17165431) is a company registered in England and Wales. We are the data controller for personal data processed through our platform. Contact: [email protected].

2. What data we collect

From business owners (our clients)

• Business name, address, and contact details
• Owner name, phone number, and email address
• Business hours, services, and pricing
• Dashboard login credentials
• Payment information (processed by Stripe — we do not store card details)

From end customers (people who message the AI)

• Phone number (provided by WhatsApp/SMS)
• Name, address, and other details shared during conversation
• Message content (text, photos, voice notes)
• Booking details (service, date, time)

Automatically collected

• IP addresses when visiting our website
• Browser type and device information
• Pages visited and interactions (if analytics is enabled)

3. How we use the data

• To provide the AI assistant service (processing messages, making bookings)
• To send booking confirmations, reminders, and notifications
• To display information in the business owner's dashboard
• To process payments and manage subscriptions
• To send onboarding emails and service communications
• To monitor and improve the quality of AI responses
• To detect and prevent abuse or fraud

4. Legal basis for processing

• Contract performance — processing data to provide the Service you signed up for
• Legitimate interests — improving our service, preventing fraud, and sending service communications
• Consent — where end customers initiate a conversation with the AI via WhatsApp

5. How we share data

We share personal data only with:

• Twilio — to send and receive WhatsApp/SMS messages
• Anthropic — to process messages through the Claude AI (message content is sent to their API)
• OpenAI — to transcribe voice notes (audio content only)
• Stripe — to process payments
• SendGrid — to send emails
• Railway — to host the platform (data is stored on their servers)

We do not sell personal data to third parties. We do not use personal data for advertising.

6. Data retention

• Active accounts — data is retained for the duration of the subscription
• Cancelled accounts — data is retained for 30 days after cancellation, then permanently deleted
• Conversation logs — retained for the duration of the subscription for context continuity
• Backups — retained for up to 7 days (local) or as configured for cloud backups

7. Data security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• HMAC-signed session cookies for dashboard authentication
• Twilio webhook signature verification to prevent spoofing
• Rate limiting to prevent abuse
• Regular automated backups
• Access controls — only you can access your dashboard and data

8. Your rights (UK GDPR)

Under UK data protection law, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data (subject to legal obligations)
• Restriction — ask us to limit how we use your data
• Portability — request your data in a machine-readable format
• Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. End customer rights

End customers whose data is processed through our platform should contact the business owner in the first instance. The business owner is the data controller for their customer data; we act as a data processor on their behalf.

10. Cookies

Our website uses minimal cookies:

• Session cookie (agent_session) — required for dashboard login, httponly, 7-day expiry
• Theme cookie (theme) — stores dark/light mode preference
• Analytics cookies — only if Google Analytics or Plausible is configured (see our cookie banner)

We do not use tracking cookies or advertising cookies.

11. International transfers

Some of our service providers (Anthropic, OpenAI, Stripe) are based in the United States. Data transfers to the US are protected by Standard Contractual Clauses and these providers' data protection agreements.

12. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

13. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or WhatsApp. The "Last updated" date at the top indicates the most recent revision.

14. Contact and complaints

Semper Agent Limited (Company No. 17165431)
Email: [email protected]
Website: semperagent.com

If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.