Privacy Policy

Last updated: 9 March 2026

1. Introduction

Cordiul, Inc. ("we", "us", or "our") operates the Cordiul platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, and billing information
  • Contact Data: Contact lists, phone numbers, names, email addresses, and notes you upload or create
  • Call Data: Call recordings, transcripts, call logs, and call analytics
  • Payment Information: Processed securely through Stripe (we do not store full payment card details)
  • Communication Data: Messages, support requests, and feedback you send to us

2.2 Information Automatically Collected

  • Usage Data: How you interact with our Service, features used, and time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Analytics Data: Website usage statistics (only with your consent via cookie preferences)
  • Log Data: Server logs, error reports, and performance metrics

2.3 Information from Third Parties

  • Authentication: User profile data from Clerk (our authentication provider)
  • Payment Processing: Transaction data from Stripe
  • Telephony Services: Call metadata from Twilio
  • CRM Integrations: Data synced from connected CRM systems (with your authorization)

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our dialing platform and features
  • Call Management: To initiate, manage, and record calls as requested
  • Account Management: To process subscriptions, manage billing, and provide customer support
  • Compliance: To maintain DNC (Do Not Call) lists, consent records, and comply with telecommunications regulations
  • Analytics: To analyze usage patterns, improve our Service, and develop new features (with consent)
  • Security: To detect, prevent, and address security issues and fraudulent activity
  • Legal Obligations: To comply with legal requirements, respond to legal requests, and protect our rights
  • Communication: To send service updates, respond to inquiries, and provide support

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: To fulfill our contract with you and provide the Service
  • Legitimate Interests: To improve our Service, ensure security, and prevent fraud
  • Consent: For analytics cookies and marketing communications (you can withdraw consent at any time)
  • Legal Obligation: To comply with applicable laws, including telecommunications and data protection regulations
  • Vital Interests: To protect the safety and security of our users and the public

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

Third-party service providers who assist us in operating our Service:

  • Clerk: Authentication and user management
  • Stripe: Payment processing
  • Twilio: Telephony services and call routing
  • Supabase: Database and storage services
  • Vercel: Hosting and infrastructure
  • OpenAI: AI-powered features (call summaries, lead scoring) - with data redaction where applicable

All service providers are bound by data processing agreements and are required to protect your information in accordance with UK GDPR.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Call Recordings: Retained according to your retention settings (default 90 days), with options to archive or delete
  • Call Logs: Retained for 2 years for compliance and analytics purposes
  • Contact Data: Retained while your account is active, deleted upon account deletion
  • Billing Records: Retained for 7 years as required by UK tax law
  • Consent Records: Retained for 2 years after consent is revoked or expires

7. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
  • Right to Lodge a Complaint: File a complaint with the UK Information Commissioner's Office (ICO)

To exercise any of these rights, please contact us at privacy@cordiul.com. We will respond within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about our cookie usage, please see our cookie consent banner. You can manage your cookie preferences at any time through your browser settings or our cookie consent interface.

Essential Cookies: Required for the Service to function (authentication, security)

Analytics Cookies: Used to analyze website usage (only with your consent)

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security and access controls
  • Regular security audits and vulnerability assessments
  • Secure authentication and authorization systems
  • Data backup and disaster recovery procedures
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions, to protect your data in accordance with UK GDPR requirements.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@cordiul.com

Data Protection Officer: dpo@cordiul.com

General Inquiries: Contact Form

UK Information Commissioner's Office (ICO):
If you are not satisfied with our response, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint