Privacy Policy
Last updated: April 2026
Nero Flow (operated by Nero Engine Group Ltd) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Company Details
1. Information We Collect
Business Information
When you sign up for Nero Flow, we collect:
- Your name and business name
- Email address and phone number
- Business address and postcode
- Payment information (processed via Stripe; we do not store card details)
Customer Call and Inquiry Data
Our system automatically captures:
- Incoming phone numbers (caller ID)
- Call duration and timestamp
- Voicemail transcripts (if applicable)
- Text message content and metadata
- Chat and form submission data
- Customer names, phone numbers, and email addresses (as provided by your customers)
- Job descriptions and inquiry details
System and Usage Data
We collect:
- IP address and browser type
- Pages visited and interactions on our platform
- Device type and operating system
- Login timestamps and activity logs
2. How We Use Your Information
We use the information collected to:
- Deliver the service - Configure and maintain your AI receptionist system, capture missed calls, send SMS responses, and store inquiry data.
- Provide support - Respond to technical issues, answer questions, and optimise system performance.
- Process payments - Collect subscription fees via Stripe.
- Communication - Send service updates, security alerts, and feature announcements.
- Improve the product - Analyse system performance, identify bugs, and develop new features.
- Legal compliance - Meet regulatory obligations under UK GDPR and the Data Protection Act 2018.
3. Legal Basis for Processing
We process your data based on:
- Contract - Your agreement with us to provide Nero Flow services.
- Legitimate interests - To improve our service, prevent fraud, and operate our business securely.
- Legal obligation - To comply with tax, accounting, and regulatory requirements.
- Consent - For marketing communications (which you can unsubscribe from at any time).
4. Data Sharing
We do NOT sell your data. We share information only with:
- GoHighLevel (GHL) - Our platform partner who provides the technical infrastructure for voice AI, SMS, and messaging.
- Stripe - Payment processor (PCI-DSS compliant; we do not store card details).
- Twilio - Our telephone provider for UK phone number allocation and call routing.
- Legal authorities - If required by law or court order.
All processors are bound by data protection agreements and are GDPR-compliant.
5. Data Retention
- Account and business data - Retained for the duration of your subscription and 12 months after cancellation (for tax and legal compliance).
- Call and inquiry records - Retained for 24 months to provide access to historical conversations and maintain service continuity.
- Payment records - Retained for 7 years (UK tax requirement).
- Support logs and activity data - Retained for 12 months.
You may request data deletion at any time, subject to legal retention obligations.
6. Your Rights
Under UK GDPR, you have the right to:
- Access - Request a copy of your data.
- Rectification - Correct inaccurate information.
- Erasure - Request deletion of your data (subject to legal holds).
- Restriction - Ask us to limit how we use your data.
- Data portability - Receive your data in a portable format.
- Object - Opt out of marketing and certain processing activities.
To exercise these rights, contact us at hello@neroflow.co.uk. We will respond within 30 days.
7. Cookies and Tracking
Our website and platform use:
- Essential cookies - For authentication and session management (required to use the service).
- Functional cookies - To remember your preferences and login state.
- Analytical cookies - To understand how the site is used (via anonymised data).
We do not use third-party advertising cookies or tracking pixels. You can disable cookies in your browser settings, though this may limit functionality.
8. International Data Transfers
Your data is processed in the UK and Europe. If data is transferred outside the UK/EEA, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses).
9. Security
We use industry-standard security measures:
- TLS/SSL encryption for all data in transit
- Encrypted data storage at rest
- Regular security audits and vulnerability assessments
- Access controls and role-based permissions
- Secure password policies and multi-factor authentication (available on request)
However, no system is 100% secure. If a breach occurs, we will notify affected users and relevant authorities within 72 hours as required by law.
10. Third-Party Links
Our website may contain links to third-party sites (e.g., Stripe, GoHighLevel). We are not responsible for their privacy practices. Please review their privacy policies independently.
11. Children's Privacy
Nero Flow is designed for business users aged 18+. We do not knowingly collect data from children. If we become aware of such collection, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy as our service evolves. We will notify you of material changes via email. Continued use of Nero Flow constitutes acceptance of changes.
13. GDPR and UK Data Protection Act Compliance
Your rights under GDPR and the Data Protection Act 2018:
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data. Our ICO registration number is ZB914271.
14. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
