Meet Corvai, your AI assistant.
Meet Corvai, your AI assistant.
Last updated: 26 March 2026, 00:00 UTC
Corvox Limited is committed to protecting the personal data of everyone who uses our services. This page explains our approach to data protection, your rights under the UK General Data Protection Regulation (UK GDPR) and how to exercise them. Our services are used by businesses worldwide and we apply the same high standards of data protection to all users regardless of location.
We take data protection seriously. We collect only the data we need, store it securely, process it lawfully and delete it when it is no longer required. We never sell personal data to any third party and we do not use your data for any purpose beyond what is described in our Privacy Policy.
Corvox Limited is registered as a company in England and Wales (company number 15101843) and is subject to the UK GDPR and the Data Protection Act 2018. Where our services are used by businesses in the European Union, we also comply with the EU GDPR. We monitor regulatory developments in all jurisdictions where our services are used and update our practices accordingly.
Corvox Limited acts in different capacities depending on the context in which personal data is processed.
When you create an account, subscribe to our services or contact us directly, Corvox Limited is the data controller. This means we determine why and how your personal data is used and we are responsible for ensuring that processing is lawful.
When you use the Corvai platform to handle conversations with your own customers and end users, Corvox Limited acts as a data processor on your behalf. In this case, you are the data controller for your customers' data and we process it solely according to your instructions. The terms governing this relationship are set out in our Data Processing Agreement.
We process personal data only where we have a lawful basis to do so under Article 6 of the UK GDPR. Depending on the context, we rely on performance of a contract where processing is necessary to provide the services you have signed up for, legitimate interests where processing is necessary for our legitimate business purposes and does not override your rights, consent where you have specifically agreed to processing such as receiving marketing communications, and legal obligation where we are required to process data to comply with applicable law. Full details of the lawful bases we rely on for each type of processing are set out in our Privacy Policy.
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at hi@corvox.co.uk. We will respond within 30 days and there is no charge for making a request.
Right of access — You have the right to request a copy of the personal data we hold about you and information about how we use it.
Right to rectification — You have the right to ask us to correct any personal data we hold about you that is inaccurate or incomplete.
Right to erasure — You have the right to ask us to delete your personal data in certain circumstances, for example where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where you object to processing and we have no overriding legitimate grounds.
Right to restriction — You have the right to ask us to restrict how we process your personal data in certain circumstances, for example while we verify the accuracy of data you have disputed.
Right to data portability — Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine-readable format.
Right to object — You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing your data for that purpose immediately.
Right to withdraw consent — Where processing is based on your consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.
Rights related to automated decision making — You have the right not to be subject to decisions based solely on automated processing, including profiling, where those decisions produce legal or similarly significant effects on you. We do not currently make such decisions about individuals using our services.
The Corvai platform uses artificial intelligence to process information and generate responses. We acknowledge that laws governing the use of AI in relation to personal data are evolving rapidly across all jurisdictions. We are committed to ensuring that our AI systems are used responsibly, transparently and in compliance with applicable law. Where AI is used to process personal data, we ensure that appropriate safeguards are in place and that individuals interacting with the platform are treated fairly. We keep our AI-related data protection practices under continuous review and will update our policies as the legal and regulatory landscape develops.
Our services are used by businesses worldwide and some of our data processing involves transfers of personal data outside the United Kingdom and the European Economic Area. We ensure that all international transfers are carried out in accordance with UK GDPR using appropriate safeguards such as standard contractual clauses approved by the UK Information Commissioner's Office. Full details of international transfers and the safeguards in place are set out in our Privacy Policy and Data Processing Agreement.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or destruction. All data is encrypted in transit using TLS and at rest using AES-256 encryption. Access to personal data is restricted to authorised personnel only. We conduct regular reviews of our security measures to ensure they remain appropriate to the risks involved. In the event of a personal data breach, we will notify the relevant supervisory authority and affected individuals in accordance with our legal obligations under UK GDPR.
If you have concerns about how we handle your personal data, please contact us first at hi@corvox.co.uk and we will do our best to resolve the matter promptly. If you remain unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office in the United Kingdom. The ICO can be contacted at ico.org.uk, by telephone on 0303 123 1113, or by post at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. If you are based in the European Union, you may also contact your local data protection supervisory authority.
For more detailed information about how we collect, use and protect your personal data, please refer to the following documents:
For any data protection queries, please contact us at hi@corvox.co.uk.
