Legal

Privacy Policy

How Agentus collects, uses, and protects personal data, provided by Xeminal Ltd.

Last updated: April 2026

Data Controller: Xeminal Ltd T/A Agentus — Company No. 14952973

Registered Office: 86-90 Paul Street, London, EC2A 4NE, United Kingdom

Contact: hello@agentus.online

1. Who We Are

Xeminal Ltd, trading as Agentus (“Agentus”, “we”, “us”), is a company registered in England and Wales (Company No. 14952973). We design, deploy, and operate AI voice agent services for professional services firms, primarily in the United States.

This Privacy Policy explains how we collect and use personal data in connection with our website at agentus.online, our AI voice demonstration service, and our commercial relationships with clients and prospects. It applies to individuals whose data we process as a data controller. Where we process personal data on behalf of our clients (such as callers to a client’s AI agent), we act as a data processor — see Section 10.

2. Data We Collect and Why

2.1 Website Visitors

When you visit agentus.online, we may collect:

  • Standard server log data (IP address, browser type, pages visited, referring URL) — collected automatically by our hosting infrastructure (Netlify / Cloudflare)
  • Preferences stored in your browser (e.g. light/dark mode, cookie consent) — these are session-level and do not identify you

We do not use Google Analytics or any third-party tracking or advertising scripts. We do not serve advertising.

2.2 Website Chat (Jessica — Website Assistant)

Our website includes a chat widget powered by Jessica, our AI assistant. If you use this widget:

  • The text of your messages is sent to Anthropic’s API for AI processing. We do not store the content of chat sessions on our servers.
  • We collect no personal information from chat sessions unless you voluntarily provide it (e.g. your name or contact details). If you do, we may use this to follow up with you about our services.

Legal basis: Legitimate interests (providing a functional website service and responding to enquiries).

2.3 Demo Callers

When you call our AI voice demonstration number (+1 850 662 6808 or any Agentus demonstration number), we collect:

  • Your phone number (via telephony metadata)
  • A full call transcript (generated automatically by AI speech-to-text processing)
  • An audio recording of the call
  • Any personal details you voluntarily provide during the call (e.g. name, injury details, appointment preferences)
  • Call duration and technical metadata

All callers are informed at the start of every call that the call may be recorded. This disclosure is mandatory and non-negotiable under Florida two-party consent law and our own compliance policy.

If you provide your mobile number during the call and consent to a follow-up SMS, we will send a single follow-up text message to that number. You may opt out at any time by replying STOP.

Legal basis: Legitimate interests (demonstrating and operating our service); consent (for follow-up SMS).

2.4 Prospective Business Clients (Cold Outreach)

We conduct B2B outreach to professional services firms, primarily law firms in the United States, using business contact information sourced from publicly available sources. If you receive an email from us:

  • We hold your business name, firm name, and business email address
  • We do not purchase personal data lists — we identify contacts from publicly available professional directories and firm websites
  • You may opt out of all further communications at any time by replying to the email with “unsubscribe” or by emailing hello@agentus.online

Legal basis: Legitimate interests (B2B commercial outreach to decision-makers at relevant businesses, proportionate to the commercial nature of the communication).

2.5 Discovery Call Bookings

If you book a discovery call via our Cal.com booking page, we collect your name, email address, and any information you provide in the booking form. This is used solely to manage your appointment and follow up regarding our services.

Legal basis: Contractual necessity / pre-contractual steps; legitimate interests.

2.6 Clients

If you become a client of Agentus, we collect and process:

  • Business and billing contact details (name, firm name, email, address)
  • Payment information (processed by Stripe — we do not store card details)
  • Service configuration data (firm name, practice areas, attorney details, calendar access)
  • Call logs and usage data relating to your deployed agent

Legal basis: Performance of contract; legal obligations (invoicing, tax records).

3. How We Use Your Data

We use personal data for the following purposes:

  • Delivering and operating our AI voice agent services
  • Responding to enquiries and managing bookings
  • Billing and account management
  • Improving our services and AI agent performance (using anonymised or aggregated data where possible)
  • Complying with legal obligations (call recording disclosure, TCPA, tax records)
  • Conducting B2B outreach to prospective clients
  • Sending follow-up SMS messages where explicit consent has been given

We do not sell personal data to third parties. We do not use personal data for automated profiling that produces legal or similarly significant effects.

4. Third-Party Data Processors

We use the following third-party services to operate our business. Each acts as a data processor under our instruction:

ProcessorPurposeLocation
AnthropicAI language model processing (website chat, voice agent cognition)USA
ElevenLabsAI text-to-speech (voice agent audio generation)USA
DeepgramAI speech-to-text transcription (voice agent call transcripts)USA
Vapi.aiVoice call orchestration and routingUSA
TwilioTelephony infrastructure and SMS deliveryUSA
CloudflareWebsite hosting, Workers, D1 database, data storageUSA / Global
NetlifyWebsite hosting and deploymentUSA
HubSpotCRM — contact and pipeline managementUSA
StripePayment processingUSA
Cal.comAppointment schedulingUSA
InstantlyB2B cold email sending and managementUSA
Google FontsWeb font delivery (website typography)USA

Where processors are located outside the UK/EEA, transfers are made under the UK International Data Transfer Agreement (UK IDTA) or equivalent safeguards, or to countries with an adequacy decision.

5. Call Recording and AI Processing

All calls to Agentus demonstration numbers are recorded and transcribed by AI. Callers are informed of this at the start of every call. Recordings and transcripts are used to:

  • Operate and demonstrate the service
  • Review and improve agent performance
  • Fulfil booking requests made during calls
  • Provide call logs to clients (in client-deployed configurations)

Call recordings are stored on Cloudflare infrastructure. Transcripts are written to our D1 database. Both are retained for up to 12 months from the date of the call, after which they are deleted unless retention is required by law or contract.

6. SMS Communications

We only send SMS messages to individuals who have explicitly consented during a call. Every SMS includes an opt-out instruction (reply STOP). We do not send unsolicited marketing SMS. Opt-out requests are actioned immediately and permanently.

Our SMS use case is registered with US carriers via Twilio’s A2P 10DLC programme. Our campaign covers: appointment confirmations, service information, and payment links sent following inbound-initiated calls where consent was obtained.

7. Cookies

We use only essential cookies — no advertising or tracking cookies. Specifically:

  • Cookie consent preference — stored locally in your browser to remember your choice
  • Theme preference (light/dark mode) — stored locally, no server transmission

We use Google Fonts for typography. Google Fonts may log your IP address as part of the font delivery request. We have no control over Google’s logging practices for this service. For our full cookie information, see our Cookie Policy.

8. Data Retention

  • Call recordings and transcripts: 12 months from call date
  • Client billing and contract records: 7 years (UK legal requirement)
  • Prospect and enquiry data: Up to 2 years from last contact, or until opt-out
  • Booking data: 12 months from appointment date
  • Website log data: 30 days (Cloudflare / Netlify standard retention)

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to request correction of inaccurate data
  • Right to erasure — to request deletion of your data in certain circumstances
  • Right to restriction — to request that we limit processing of your data
  • Right to object — to object to processing based on legitimate interests
  • Right to data portability — to receive your data in a portable format
  • Right to withdraw consent — where processing is based on consent (e.g. SMS), you may withdraw at any time without affecting prior processing

To exercise any of these rights, please contact us at hello@agentus.online. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe we have mishandled your data.

10. Where We Act as a Data Processor

When Agentus deploys AI voice agents for our clients (e.g. a law firm), we process personal data on behalf of that client (the data controller). In this capacity:

  • The client is responsible for ensuring they have appropriate legal bases for processing caller data
  • We process data only as instructed by the client and as necessary to deliver the service
  • Data processing obligations between Agentus and its clients are governed by the relevant Data Processing Agreement included in or appended to the client’s Service Agreement

Callers to a client-deployed agent who wish to exercise data rights should contact the relevant law firm (data controller) directly. Agentus will cooperate with client requests to action data subject rights.

11. Children’s Data

Our services are directed at professional services businesses, not individuals under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently received data relating to a child, please contact us immediately.

12. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (TLS), access controls, and use of reputable cloud infrastructure providers. No internet transmission is entirely secure — we cannot guarantee absolute security, but we will notify affected individuals and the ICO promptly in the event of a personal data breach where required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or by posting notice on this page, with at least 14 days’ notice where possible. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact

For any privacy-related queries, requests to exercise data rights, or concerns:

Xeminal Ltd T/A Agentus

86-90 Paul Street, London, EC2A 4NE, United Kingdom

Email: hello@agentus.online

ICO registration: pending (ico.org.uk)

This site uses essential cookies only — no tracking or advertising. Google Fonts and an AI service power the chat widget. Cookie Policy