privacy policy

Last updated: 04/18/2026

Introduction Welcome to LIAK Consulting (“we”, “us”, “our”). We provide AI voice agents, chatbots, and marketing automation for local businesses. This Privacy Policy explains how we collect, use, disclose, and protect personal data for visitors to www.liak-consulting.com and for clients and their customers. It also explains rights you have under applicable laws (including the UK GDPR, EU GDPR, and CCPA where applicable).

Data controller Sophia Liakos trading as: LIAK Consulting

Address:

96 Farren Road,
Birmingham
B31 5HW
United Kingdom

Email: hello@liak-consulting.com

1. Scope This Policy covers:

  • Personal data we collect directly from users of our website and services;

  • Personal data our clients provide about their customers (call recordings, chat transcripts, contact details);

  • Data collected by tools we use (cookies, analytics, third-party services).

2. Categories of personal data we collect

We collect and process the following categories of personal data:

  • Identity & contact: names, job title, email addresses, phone numbers, postal addresses, business names and addresses.

  • Business details: company size, role, billing details, service requirements.

  • Communications: emails, messages, chat transcripts, notes from conversations.

  • Call recordings and transcripts: recordings and transcriptions of voice calls handled by our systems (when recorded with lawful basis/consent).

  • Usage & analytics: IP address, device identifiers, browser type, pages visited, duration, referring site, cookie identifiers.

  • Payment data: partial billing information used to process payments via Stripe (we do not store full card data—see Payments).

  • Other information you give us directly (support requests, onboarding forms, questionnaire responses).

3. Sources of data

  • Directly from you (contact forms, email, phone, onboarding forms).

  • From our clients (when they upload contact lists, customer recordings, or feed their customer interactions into our systems).

  • Automatically via the website and service integrations (cookies, analytics, GoHighLevel, Twilio, OpenAI, Google Analytics).

  • From third-party public sources when relevant (business directories).

4. Lawful bases for processing Under GDPR, we rely on:

  • Performance of a contract: to deliver services you requested (e.g., provide AI agents, fulfill paid services).

  • Legitimate interests: to operate, secure, and improve our services, and to communicate marketing where allowed (we balance these interests against your rights).

  • Consent: for cookies and direct marketing when required under law (e.g., PECR/UK cookie rules).

  • Legal obligation: where applicable (e.g., tax, legal compliance).

5. Data used for AI and model training

  • Our services may use automated systems (AI/ML) to process call recordings, text, and structured inputs to provide the features clients contract for (call routing, qualification, automated replies).

  • We do not use client or customer data to train third-party general-purpose models unless explicitly agreed in writing or anonymized. Where data may be used for model improvement, we will obtain contractual permission from the client and, where required by law, inform affected data subjects.

  • Transcripts and recordings are processed to generate responses, improve conversation flows, and tune your AI assistant. We take steps to minimize exposure of sensitive data and only use data necessary for the specific task.

6. Call recordings & transcripts

  • We record and transcribe calls only where: (a) the client has authorized recording; (b) notice/consent requirements are met under applicable law; or (c) another lawful basis exists.

  • We will inform clients how to present recording notices to their customers (e.g., an automated announcement “This call may be recorded for quality and training purposes”).

  • Recordings and transcripts are retained only as needed for the service, for troubleshooting, quality, and invoicing, and then subject to our retention schedule (see Retention).

  • If a data subject requests deletion and no legal requirement to retain exists, we will remove recordings/transcripts from active systems and any non-exempt backups as practical.

7. Cookies and tracking

  • We use cookies and similar technologies to operate the site and analyse performance. Cookies types include:

    • Strictly necessary cookies (always active) for site operation.

    • Performance and analytics cookies (Google Analytics, etc.) to measure and improve site usage.

    • Functional cookies for user preferences.

    • Marketing cookies for advertising and remarketing when you consent.

  • On first visit we present a cookie banner and obtain consent where required (PECR/UK). You can manage cookie preferences via the banner or your browser settings.

8. Third-party integrations and processors

We use third-party processors to deliver our services. Main processors include:

  • GoHighLevel (CRM, campaign automation, hosting of client data) — GoHighLevel acts as a processor for many of our client workloads. Please consult GoHighLevel documentation for details on their hosting locations and security.

  • Twilio (telephony, SMS and call handling).

  • OpenAI (where used for generative tasks).

  • Google Analytics (site analytics).

  • Stripe (payment processing). We enter written Data Processing Agreements (DPAs) with processors and only permit them to process data according to our instructions. Customers should review each processor’s privacy/security documentation for details on storage locations and safeguards.

Note on storage locations: We store data using a combination of our systems and third-party cloud services used by processors above. Many providers (including GoHighLevel, Twilio, Stripe and OpenAI) use major cloud providers (e.g., AWS, Google Cloud). If you need exact geographic storage locations (e.g., EU-only), inform us; we will assess and document processor options or contractual restrictions where available.

9. International transfers

  • Data may be transferred and processed in countries outside the UK/EU (including the US) where our processors operate.

  • Where transfers occur, we use appropriate safeguards such as:

    • UK/EC adequacy (if applicable);

    • Standard Contractual Clauses (SCCs) or equivalent legal mechanisms;

    • Contractual commitments with processors requiring adequate protection.

  • For specific transfer questions, please contact hello@liak-consulting.com.

10. Data retention

  • We retain personal data only as long as necessary for the purposes described and to meet legal obligations. Typical retention periods:

  • Client onboarding files, contracts, invoices: 7 years (tax/accounting).

  • Active client data: for the duration of the client relationship plus a reasonable post-termination period for billing/support (typically 12 months unless otherwise agreed).

  • Call recordings/transcripts: retained per the client agreement. Default: up to 12 months after the recording unless a client requests shorter or longer retention.

  • Marketing lists & CRM contacts: retained until unsubscribed or upon deletion request.

  • Logs and analytics: aggregated/anonymised where possible; raw logs retained for up to 90 days for security and troubleshooting unless a longer retention is required. If you are a data subject and want a specific retention schedule for your data, contact us.

11. Data subject rights (UK/EU GDPR and similar). You have rights subject to legal limits:

  • Right of access: request a copy of personal data we hold about you.

  • Right to rectification: correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): ask deletion where no legal reason to retain exists.

  • Right to restriction: ask us to limit processing in certain circumstances.

  • Right to data portability: receive data in a commonly used, machine-readable format.

  • Right to object: object to processing based on legitimate interests or direct marketing.

  • Right to withdraw consent: where processing is based on consent.

  • Right to lodge a complaint: with relevant supervisory authority (ICO in the UK). To exercise rights: contact hello@liak-consulting.com. We will verify your identity and respond within statutory timeframes (generally one month; may extend where complex).

12. California & US residents (CCPA/CPRA)

If you are a California resident, you may have additional rights: to know, access, delete, and opt-out of the sale of personal information. We do not “sell” personal information for CCPA purposes without notice. To exercise rights under CCPA/CPRA, contact hello@liak-consulting.com and include “CCPA Request” in the subject. Verification steps are required.

13. Marketing communications & opt-out

  • We send marketing emails only with consent where required. For existing client-business relationships, we may send service-related messages even without marketing consent.

  • Every marketing email includes an unsubscribe link. You can also email hello@liak-consulting.com to opt-out of marketing.

  • For SMS marketing we obtain explicit consent where required and include opt-out instructions in each message (e.g., reply STOP).

  • Opting out of marketing does not prevent us from sending service, transactional, or billing communications.

14. Data security

We implement reasonable organisational, technical and operational measures to protect personal data, including:

  • Access controls and role-based permissions.

  • Encryption in transit (TLS) and encryption at rest where supported by processors.

  • Regular backups, patching, and security monitoring.

  • Secure credential management and MFA for staff accounts.

  • Processor contracts requiring security commitments. Despite these measures, no system is perfectly secure. We evaluate risks and update measures over time.

15. Data breach notification

If a personal data breach occurs and we are required to notify data subjects or supervisory authorities, we will:

  • Notify the ICO (or other applicable authority) where required by law without undue delay and within statutory timelines;

  • Notify affected data subjects when likely to result in high risk to their rights and freedoms, describing the nature of the breach and mitigation steps;

  • Provide practical guidance and support to affected parties. Contact hello@liak-consulting.com for breach inquiries.

16. Children’s privacy

We do not knowingly collect personal data from children under 16. Our services target businesses and adults. If we learn data from a child under 16 was collected, we will delete it unless we have verified parental consent or a legal basis to retain it.

17. Third-party websites & links

Our site may link to third-party websites. This Policy does not apply to third-party sites. We are not responsible for their privacy practices—please review their policies.

18. Changes to this policy

We may update this Policy to reflect changes in law, technology, or practices. We will post the updated Policy at www.liak-consulting.com and update the “Last updated” date. For material changes, we will notify clients via email where feasible.

19. How to contact us

Questions, requests, or complaints: hello@liak-consulting.com

Postal contact: Sophia Liakos trading as LIAK Consulting, 96 Farren Road, Birmingham, B31 5HW, United Kingdom

Supervisory authority: If you are in the UK you may contact Information Commissioner’s Office (ICO) — https://ico.org.uk/