totally called.

Privacy Policy

Última atualização 12 July 2026

Language notice: This Policy is provided in English and applies to the Service in every market. Please contact us if you need help understanding it.

This Policy explains how Totally Comms, trading as Totally Called (we, us), handles personal data when you visit our website, contact us, or use Totally Called (the Service). For privacy questions or requests, email privacy@totallycomms.com.

1. Our role

We are a controller for account administration, billing, security, support, regulatory onboarding, and our own website and business communications. A Customer is normally the controller for its contacts, calls, messages, recordings and CRM information, and we process that data on the Customer's instructions. If your data appears in a Customer's communications, contact that Customer first where practical; we will assist it with valid requests.

2. Personal data we collect

We receive data from you, your account administrator and users, communications participants, Pipedrive, PropelAuth, Twilio, Stripe, AWS, devices and browsers, and public or official sources used for business and regulatory checks. Some information is required to provide the Service or obtain a phone number; without it, we may be unable to open or operate the account.

3. How and why we use personal data

PurposeTypical UK lawful basis when we are controller
Open and administer accounts; provide calling, messaging, recording, CRM logging, support and billingPerformance of a contract; legitimate interests in providing a business service
Provision numbers and meet carrier, tax, accounting, fraud-prevention, telecoms and lawful-request obligationsLegal obligation; contract; legitimate interests
Authenticate users, secure the Service, prevent abuse, investigate incidents, enforce terms and maintain audit recordsLegitimate interests in security and protecting customers and networks; legal obligation where applicable
Monitor reliability, diagnose faults, reconcile carrier events and improve existing Service featuresLegitimate interests in operating and improving the Service
Respond to enquiries and send essential account, service, security and legal noticesContract; legitimate interests; legal obligation

Where we act as processor, the Customer determines the lawful basis. We do not sell personal data, use Customer call or message content for advertising, or use it to train general-purpose AI models. We do not make decisions producing legal or similarly significant effects about individuals solely by automated means.

4. Call recording and sensitive information

Customers choose whether to record calls and are responsible for notices, consent, lawful basis and industry requirements. The Service can play a recording announcement, but the Customer must configure and use it lawfully. Calls and messages may reveal sensitive or special-category information even though the Service is not designed to request it. Do not use the Service to collect payment-card, health or other sensitive information unless the Customer has established an appropriate lawful and secure process.

5. Who receives personal data

We disclose data only as needed to operate the Service, follow Customer instructions, complete a transaction, protect rights and safety, or comply with law. Recipients include:

Provider or recipientPurpose and data involved
Amazon Web Services (AWS)Hosting, databases, queues, encryption and object storage for Service data and recordings.
TwilioPhone numbers, identity and regulatory checks, call and SMS carriage, delivery metadata, and temporary recording handling.
PropelAuthUser authentication, identity, organisation membership and invitations.
StripePayments, invoicing, subscriptions, fraud prevention and related billing records.
PipedriveThe connected CRM chosen by the Customer; we read and write relevant data at the Customer's direction.
Sentry, if enabled for the ServiceError monitoring using scrubbed technical context. We do not intentionally send message bodies, recordings or authentication tokens.
Professional advisers, authorities and transaction partiesLegal, accounting, insurance, security, corporate transactions, and lawful requests, limited to what is necessary.

Providers may act as our processors, subprocessors, or independent controllers depending on the activity. Where required, we contractually require processors to protect personal data. We do not permit them to use Customer Data for their own advertising.

6. International transfers and storage locations

Primary Service storage is hosted by AWS in Ireland (eu-west-1). Recordings may be replicated to AWS in Frankfurt (eu-central-1) for resilience. Calls, messages, authentication and payments may be processed outside the UK and European Economic Area by global providers, including in the United States. Where restricted-transfer rules apply, we rely on an adequacy decision or approved contractual safeguards, such as the UK International Data Transfer Addendum or Agreement and EU Standard Contractual Clauses, together with supplementary measures where appropriate. You may request more information from privacy@totallycomms.com.

7. Retention

We use the following criteria rather than keeping every category for a single fixed period:

We consider the amount, sensitivity and purpose of the data, risk of harm, Customer instructions, technical dependencies, and legal requirements when applying these criteria. We may retain a minimal suppression or request record to honour an objection or demonstrate compliance.

8. Security

We use organisational and technical safeguards designed to protect personal data, including tenant isolation, role-based access, encryption in transit and at rest, restricted infrastructure access, masked logs, audit controls, backups, and verification before deleting archived recordings from the carrier. No system is completely secure. Customers are responsible for user access, devices, passwords, connected-account permissions and lawful configuration.

9. Your rights

Depending on where you live and the circumstances, you may have rights to access, correct, erase, restrict or object to processing; receive portable data; and withdraw consent where processing relies on consent. You may also object to direct marketing at any time. These rights can be limited by law and do not always apply where we act only on a Customer's instructions.

Email privacy@totallycomms.com with your request. We may need to verify your identity and locate the relevant Customer account. We will not discriminate against you for exercising a privacy right. UK individuals may complain to the Information Commissioner's Office; EEA individuals may contact their local supervisory authority, and individuals elsewhere may contact their local privacy regulator. We encourage you to contact us first so we can try to resolve the issue.

10. Website storage and cookies

Our public marketing website does not set analytics or advertising cookies and does not run advertising trackers. The Service and embedded applications may use strictly necessary browser storage to maintain authentication, security, organisation selection, user preferences such as theme, and application state. Connected providers, including PropelAuth, Pipedrive and Stripe, may set their own necessary cookies on their domains under their policies. If we add non-essential analytics or advertising technology, we will update this Policy and request consent where required.

11. Children

The Service is a business product and is not directed to children. You must be at least 18 and authorised by a business to create an account. We do not knowingly collect children's personal data as an account provider. Customer communications may incidentally involve minors; the Customer remains responsible for that processing.

12. Changes to this Policy

We may update this Policy as the Service, providers or law change. We will post the new version here and change the date above. Where a change materially affects how we use account data, we will give reasonable notice through the Service or by email where practicable.

13. Contact

Contact Totally Comms about privacy at privacy@totallycomms.com. For support or account closure, contact support@totallycalled.com.