ISLTech

Legal

Privacy Policy

Last updated: 22 June 2026

This policy explains how ISLTech ("ISLTech", "we", "us") handles personal data collected through isltech.ai and in the course of delivering our AI voice receptionist services. We take a privacy-by-design approach and keep our data storage and transfer arrangements transparent — see "Where your data is stored" below.

1. Who we are

ISLTech is a voice AI company based in Belgrade, Serbia. For personal data you submit through this website — for example when you contact us or book a call — we act as the data controller. For personal data processed inside the voice agents we run for clients (such as caller details, recordings, and transcripts), we act as a data processor on behalf of the client, under the terms of our Data Processing Agreement.

2. What we collect

When you contact us, request a demo, or book a call, we collect the information you provide — typically your name, email address, company, industry, phone number, and the content of your message. When you visit the site, and with your consent, we use Google Analytics 4 (via Google Tag Manager) to collect anonymised usage statistics; if you decline in our consent banner, these analytics cookies are not set. See our Cookie Policy for detail.

3. How we use it

We use the data you provide to respond to your enquiry, schedule and run meetings, prepare proposals, and operate our services. Where you have given separate, explicit consent, we use your email to send our Field Notes newsletter — you can unsubscribe at any time.

4. Legal basis

We process personal data under the EU General Data Protection Regulation (GDPR) and Serbia's Law on Personal Data Protection. Our legal bases are: Article 6(1)(b) for steps taken at your request before entering a contract; Article 6(1)(f) for our legitimate interest in business correspondence and running our services; and Article 6(1)(a) where you have consented, such as for marketing.

5. Sharing and sub-processors

We do not sell personal data. We share it only with vetted service providers who help us operate — for example our scheduling tool, transactional email provider, hosting infrastructure, and the voice and language-model platforms that power our agents. Each is bound by a data processing agreement. A current list of sub-processors used for a given engagement is provided in that engagement's addendum.

6. Where your data is stored

Our core website and booking infrastructure is hosted within the European Union. Some processing — including elements of our voice and AI platforms and the call recordings and transcripts they generate — may be carried out by sub-processors located outside the European Economic Area, including in the United States. Any such transfer is covered by an adequacy decision or the European Commission's Standard Contractual Clauses. The specific processing locations for a given engagement are set out in that engagement's Data Processing Agreement.

7. Retention

Enquiry and correspondence data is kept for 24 months after our last contact, unless you ask us to delete it sooner or we are required to retain it longer. Data we process on behalf of clients is retained and deleted according to the Data Processing Agreement.

8. Your rights

You have the right to access, correct, delete, restrict, or port your personal data, and to object to processing or withdraw consent at any time. To exercise any of these rights, email privacy@isltech.ai. We respond within 30 days.

9. Security

We protect personal data with encryption in transit and at rest, strict access controls, and audit logging, and we review our security measures regularly.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date above reflects the current version, and material changes will be posted on this page.

11. Contact

Questions about this policy or your data: privacy@isltech.ai. If you believe we have not handled your data properly, you may complain to Serbia's Commissioner for Information of Public Importance and Personal Data Protection, or to the data protection authority in your EU country of residence.