Privacy Policy

Last Updated: 8 March 2026 ยท Version 3.0

Your privacy matters to us. This Privacy Policy explains in detail how Lambie AI ("we", "us", "our", "the Company") collects, uses, discloses, retains, and protects your personal information when you access or use our website at lambie-ai.com, our AI agent services, APIs, integrations, and any related products or services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must discontinue use of our Services immediately.

This Privacy Policy is designed to comply with applicable data protection laws, including but not limited to South Africa's Protection of Personal Information Act (POPIA), the European Union General Data Protection Regulation (GDPR), the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable international privacy regulations.

1. Definitions

In this Privacy Policy, the following terms have the meanings set out below:

2. Information We Collect

We collect information through various means depending on how you interact with our Services. The categories of information we collect include the following:

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information from Third Parties

2.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information (also known as "special categories of data"), including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. If you believe you have inadvertently provided sensitive information, please contact us immediately at info@lambie-ai.com.

3. Legal Basis for Processing

We process your Personal Data only when we have a valid legal basis to do so. The legal bases on which we rely include:

Legal BasisDescription
ConsentYou have given clear consent for us to process your Personal Data for a specific purpose, such as receiving marketing communications.
Contract PerformanceProcessing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
Legitimate InterestProcessing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving our Services, preventing fraud, ensuring security, and direct marketing to existing clients.
Legal ObligationProcessing is necessary for compliance with a legal obligation to which we are subject, including tax reporting, anti-money laundering, and regulatory requirements.
Vital InterestsProcessing is necessary to protect the vital interests of you or another natural person.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Operations

4.2 Analytics and Improvement

4.3 Marketing and Communications

4.4 Security and Compliance

5. How We Share Your Information

We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes.

We may share your information in the following circumstances:

5.1 Service Providers and Processors

We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your Personal Data only to perform specific tasks and are contractually obligated to protect it. Our service providers include:

5.2 Business Transfers

If Lambie AI is involved in a merger, acquisition, reorganisation, bankruptcy, dissolution, sale of assets, or similar transaction, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities, including courts, law enforcement agencies, regulatory bodies, or other governmental entities.

5.4 Protection of Rights

We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms and Conditions, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. International Data Transfers

Your Personal Data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. Specifically, our servers and service providers may be located in the United States, European Union, and other jurisdictions.

When we transfer Personal Data internationally, we take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy and applicable law, including:

7. Data Retention

We retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

Data CategoryRetention PeriodBasis
Client account dataDuration of relationship plus 5 yearsLegal and contractual obligations
AI agent training dataDuration of service agreement plus 90 daysService delivery and recovery
Communication records3 years from last interactionLegitimate interest and dispute resolution
Marketing contactsUntil consent is withdrawn or unsubscribeConsent
Financial and billing records7 yearsTax and regulatory compliance
Website analytics26 months (anonymised)Legitimate interest
Server logs90 daysSecurity and troubleshooting
Cookie dataSee Section 8Consent or legitimate interest

When your Personal Data is no longer needed, we will securely delete or anonymise it. If deletion is not immediately possible (for example, because data has been stored in backup archives), we will securely isolate your Personal Data from any further processing until deletion is possible.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and use information about you and your interaction with our Services. A cookie is a small data file stored on your device that helps us improve our Services and your experience.

8.1 Types of Cookies We Use

TypePurposeDuration
Strictly NecessaryEssential for the website to function. Cannot be disabled. Includes session management, security tokens, and load balancing.Session to 1 year
Performance / AnalyticsHelp us understand how visitors use our website by collecting anonymous usage statistics (Google Analytics).Up to 26 months
FunctionalRemember your preferences and settings to provide a more personalised experience.Up to 1 year
Advertising / MarketingUsed to deliver relevant advertisements and measure ad campaign effectiveness (Meta Pixel, Google Ads).Up to 13 months

8.2 Managing Cookies

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse cookies, delete cookies, or alert you when a cookie is being sent. For more information, visit www.allaboutcookies.org.

8.3 Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our website currently does not respond to DNT signals due to the lack of a uniform industry standard. We will continue to review developments in DNT technology and may update this policy if a standard is established.

9. Data Security

We implement and maintain appropriate technical and organisational security measures designed to protect the confidentiality, integrity, and availability of your Personal Data. Our security measures include, but are not limited to:

While we strive to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and continuously improving our security practices.

10. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your Personal Data:

10.1 Rights Under POPIA (South Africa)

10.2 Rights Under GDPR (European Union / United Kingdom)

10.3 Rights Under CCPA/CPRA (California, United States)

11. Exercising Your Rights

To exercise any of your rights, contact us at:

Email: info@lambie-ai.com

Subject line: "Data Privacy Request - [Your Right]"

We will acknowledge receipt of your request within 5 business days and respond substantively within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.

We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

12. Children's Privacy

Our Services are not directed at individuals under the age of 18 ("Minors"). We do not knowingly collect, solicit, or maintain Personal Data from Minors. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us immediately at info@lambie-ai.com. If we become aware that we have collected Personal Data from a Minor without verification of parental consent, we will take steps to delete that information as quickly as possible.

13. AI-Specific Data Practices

Given the nature of our AI agent services, we want to be transparent about how data is used in the context of artificial intelligence:

14. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Lambie AI. We are not responsible for the privacy practices of these third parties. We strongly encourage you to review the privacy policy of every website or service you visit or use. This Privacy Policy applies only to our Services.

15. Data Protection Officer

For any questions or concerns about this Privacy Policy or our data processing practices, you may contact our Data Protection Officer:

Email: info@lambie-ai.com

Phone: +27 79 418 9828

Address: Johannesburg, South Africa

16. Regulatory Authorities

If you believe that our processing of your Personal Data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority. In South Africa, the relevant authority is the Information Regulator (www.justice.gov.za/inforeg). For EU residents, you may contact your local Data Protection Authority.

17. Sub-Processors

We engage a defined set of trusted sub-processors to deliver the Services. Each sub-processor is bound by a written data processing agreement that imposes obligations no less protective than those set out in this Privacy Policy and applicable law. The current list of material sub-processors is set out below.

Sub-ProcessorFunctionProcessing Location
Cloudflare, Inc.Edge network, WAF, DDoS protection, DNSGlobal edge (US headquartered)
Amazon Web Services, Inc.Cloud hosting and storageEU, US, ZA regions
Google LLC (GCP, Workspace, Analytics, Tag Manager)Productivity, analytics, infrastructureEU and US
Supabase, Inc.Application database and authenticationEU and US regions
OpenAI, OpCo, LLCLarge language model inferenceUS (zero data retention API mode where supported)
Anthropic, PBCLarge language model inferenceUS
Google DeepMind (Gemini)Large language model inferenceUS and EU
ElevenLabs, Inc. / Deepgram, Inc.Voice synthesis and speech to textUS
Twilio Inc. / Meta Platforms (WhatsApp Business)Telephony, SMS, WhatsApp messagingUS, EU, global
Stripe, Inc. / PayPal, Inc. / Yoco / PayFastPayment processing (PCI DSS Level 1)US, EU, ZA
Resend / SendGrid / PostmarkTransactional and marketing emailUS and EU
n8n GmbH / Make.comWorkflow automation orchestrationEU
Cal.com, Inc.Scheduling and calendar bookingEU and US
Meta Platforms, Inc. / Google AdsAdvertising measurement and conversion trackingUS and EU

We will provide at least 30 days' prior written notice (by email or by updating this Privacy Policy) of any intended addition or replacement of a material sub-processor. Enterprise Clients may object on reasonable, documented data protection grounds, in which case we will work in good faith to provide an alternative or, failing that, the Client may terminate the affected Services without penalty.

18. International Data Transfer Mechanisms

Where Personal Data is transferred outside its country of origin, we rely on one or more of the following legally recognised transfer mechanisms:

A copy of the transfer mechanism applicable to your Personal Data is available on written request to info@lambie-ai.com.

19. Personal Data Breach Notification

We maintain a documented incident response programme. In the event of a Personal Data breach affecting your data:

20. Government and Law Enforcement Access Requests

We do not provide any government, law enforcement, or intelligence agency with direct, unrestricted, or back-door access to Personal Data, encryption keys, or systems. We disclose Personal Data in response to a lawful and binding request only after carefully reviewing the request for legal validity and proportionality. We will, where lawfully permitted, notify the affected Client or Data Subject in advance and challenge requests that are overly broad, unlawful, or inconsistent with international human rights standards.

21. Automated Decision-Making and Profiling

Certain features of the Services involve automated processing, including AI-driven lead scoring, intent classification, routing, qualification, sentiment analysis, and appointment booking. Where such processing produces legal or similarly significant effects on a Data Subject, we will:

AI agents deployed on behalf of Clients are configured by the Client and operate within rules the Client defines. The Client is responsible for ensuring that any automated decisions made by its AI agents comply with applicable law.

22. Aggregated and De-Identified Data

We may aggregate, anonymise, or de-identify Personal Data so that it can no longer reasonably be used to identify any individual. Such data is no longer Personal Data and may be retained and used indefinitely for any lawful purpose, including service improvement, benchmarking, research, model evaluation, and the publication of industry insights. We will not attempt to re-identify de-identified data except as permitted by law.

23. Global Privacy Control and Opt-Out Signals

Where required by applicable law, we honour user-enabled global privacy control signals (such as the GPC browser signal) as a valid request to opt out of the sale or sharing of Personal Data for cross-context behavioural advertising. We do not sell Personal Data for monetary consideration in the conventional sense.

24. EU, UK and South African Representatives

If we are required under Article 27 of the GDPR or Article 27 of the UK GDPR to designate a representative, the appointed representative's contact details will be published on this page and made available on request. Until such time as a representative is appointed, all enquiries should be directed to info@lambie-ai.com. Our Information Officer for POPIA purposes is contactable at the same address.

25. Survival

Sections of this Privacy Policy that by their nature should survive termination of your use of the Services (including retention, security, international transfers, breach notification, governing law, and dispute resolution) shall survive such termination.

26. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

27. Contact Us

For any privacy-related questions, requests, or complaints:

Email: info@lambie-ai.com

Phone: +27 79 418 9828

Address: Johannesburg, South Africa

Website: www.lambie-ai.com