Last Updated: 8 March 2026 ยท Version 3.0
Your privacy matters to us. This Privacy Policy explains in detail how Lambie AI ("we", "us", "our", "the Company") collects, uses, discloses, retains, and protects your personal information when you access or use our website at lambie-ai.com, our AI agent services, APIs, integrations, and any related products or services (collectively, the "Services").
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you must discontinue use of our Services immediately.
This Privacy Policy is designed to comply with applicable data protection laws, including but not limited to South Africa's Protection of Personal Information Act (POPIA), the European Union General Data Protection Regulation (GDPR), the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable international privacy regulations.
In this Privacy Policy, the following terms have the meanings set out below:
We collect information through various means depending on how you interact with our Services. The categories of information we collect include the following:
We do not intentionally collect sensitive personal information (also known as "special categories of data"), including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. If you believe you have inadvertently provided sensitive information, please contact us immediately at info@lambie-ai.com.
We process your Personal Data only when we have a valid legal basis to do so. The legal bases on which we rely include:
| Legal Basis | Description |
|---|---|
| Consent | You have given clear consent for us to process your Personal Data for a specific purpose, such as receiving marketing communications. |
| Contract Performance | Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract. |
| Legitimate Interest | Processing is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving our Services, preventing fraud, ensuring security, and direct marketing to existing clients. |
| Legal Obligation | Processing is necessary for compliance with a legal obligation to which we are subject, including tax reporting, anti-money laundering, and regulatory requirements. |
| Vital Interests | Processing is necessary to protect the vital interests of you or another natural person. |
We use the information we collect for the following purposes:
We do not sell, rent, or trade your Personal Data to third parties for their marketing purposes.
We may share your information in the following circumstances:
We engage trusted third-party companies and individuals to perform services on our behalf. These service providers have access to your Personal Data only to perform specific tasks and are contractually obligated to protect it. Our service providers include:
If Lambie AI is involved in a merger, acquisition, reorganisation, bankruptcy, dissolution, sale of assets, or similar transaction, your Personal Data may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.
We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities, including courts, law enforcement agencies, regulatory bodies, or other governmental entities.
We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms and Conditions, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.
We may share your information for any other purpose with your explicit consent.
Your Personal Data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. Specifically, our servers and service providers may be located in the United States, European Union, and other jurisdictions.
When we transfer Personal Data internationally, we take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy and applicable law, including:
We retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
| Data Category | Retention Period | Basis |
|---|---|---|
| Client account data | Duration of relationship plus 5 years | Legal and contractual obligations |
| AI agent training data | Duration of service agreement plus 90 days | Service delivery and recovery |
| Communication records | 3 years from last interaction | Legitimate interest and dispute resolution |
| Marketing contacts | Until consent is withdrawn or unsubscribe | Consent |
| Financial and billing records | 7 years | Tax and regulatory compliance |
| Website analytics | 26 months (anonymised) | Legitimate interest |
| Server logs | 90 days | Security and troubleshooting |
| Cookie data | See Section 8 | Consent or legitimate interest |
When your Personal Data is no longer needed, we will securely delete or anonymise it. If deletion is not immediately possible (for example, because data has been stored in backup archives), we will securely isolate your Personal Data from any further processing until deletion is possible.
We use cookies and similar tracking technologies to collect and use information about you and your interaction with our Services. A cookie is a small data file stored on your device that helps us improve our Services and your experience.
| Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the website to function. Cannot be disabled. Includes session management, security tokens, and load balancing. | Session to 1 year |
| Performance / Analytics | Help us understand how visitors use our website by collecting anonymous usage statistics (Google Analytics). | Up to 26 months |
| Functional | Remember your preferences and settings to provide a more personalised experience. | Up to 1 year |
| Advertising / Marketing | Used to deliver relevant advertisements and measure ad campaign effectiveness (Meta Pixel, Google Ads). | Up to 13 months |
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse cookies, delete cookies, or alert you when a cookie is being sent. For more information, visit www.allaboutcookies.org.
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Our website currently does not respond to DNT signals due to the lack of a uniform industry standard. We will continue to review developments in DNT technology and may update this policy if a standard is established.
We implement and maintain appropriate technical and organisational security measures designed to protect the confidentiality, integrity, and availability of your Personal Data. Our security measures include, but are not limited to:
While we strive to protect your Personal Data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and continuously improving our security practices.
Depending on your jurisdiction, you may have some or all of the following rights regarding your Personal Data:
To exercise any of your rights, contact us at:
Email: info@lambie-ai.com
Subject line: "Data Privacy Request - [Your Right]"
We will acknowledge receipt of your request within 5 business days and respond substantively within 30 days. In complex cases, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.
We may need to verify your identity before processing your request. We will not charge a fee for processing your request unless it is manifestly unfounded, repetitive, or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
Our Services are not directed at individuals under the age of 18 ("Minors"). We do not knowingly collect, solicit, or maintain Personal Data from Minors. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us immediately at info@lambie-ai.com. If we become aware that we have collected Personal Data from a Minor without verification of parental consent, we will take steps to delete that information as quickly as possible.
Given the nature of our AI agent services, we want to be transparent about how data is used in the context of artificial intelligence:
Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Lambie AI. We are not responsible for the privacy practices of these third parties. We strongly encourage you to review the privacy policy of every website or service you visit or use. This Privacy Policy applies only to our Services.
For any questions or concerns about this Privacy Policy or our data processing practices, you may contact our Data Protection Officer:
If you believe that our processing of your Personal Data infringes applicable data protection law, you have the right to lodge a complaint with a supervisory authority. In South Africa, the relevant authority is the Information Regulator (www.justice.gov.za/inforeg). For EU residents, you may contact your local Data Protection Authority.
We engage a defined set of trusted sub-processors to deliver the Services. Each sub-processor is bound by a written data processing agreement that imposes obligations no less protective than those set out in this Privacy Policy and applicable law. The current list of material sub-processors is set out below.
| Sub-Processor | Function | Processing Location |
|---|---|---|
| Cloudflare, Inc. | Edge network, WAF, DDoS protection, DNS | Global edge (US headquartered) |
| Amazon Web Services, Inc. | Cloud hosting and storage | EU, US, ZA regions |
| Google LLC (GCP, Workspace, Analytics, Tag Manager) | Productivity, analytics, infrastructure | EU and US |
| Supabase, Inc. | Application database and authentication | EU and US regions |
| OpenAI, OpCo, LLC | Large language model inference | US (zero data retention API mode where supported) |
| Anthropic, PBC | Large language model inference | US |
| Google DeepMind (Gemini) | Large language model inference | US and EU |
| ElevenLabs, Inc. / Deepgram, Inc. | Voice synthesis and speech to text | US |
| Twilio Inc. / Meta Platforms (WhatsApp Business) | Telephony, SMS, WhatsApp messaging | US, EU, global |
| Stripe, Inc. / PayPal, Inc. / Yoco / PayFast | Payment processing (PCI DSS Level 1) | US, EU, ZA |
| Resend / SendGrid / Postmark | Transactional and marketing email | US and EU |
| n8n GmbH / Make.com | Workflow automation orchestration | EU |
| Cal.com, Inc. | Scheduling and calendar booking | EU and US |
| Meta Platforms, Inc. / Google Ads | Advertising measurement and conversion tracking | US and EU |
We will provide at least 30 days' prior written notice (by email or by updating this Privacy Policy) of any intended addition or replacement of a material sub-processor. Enterprise Clients may object on reasonable, documented data protection grounds, in which case we will work in good faith to provide an alternative or, failing that, the Client may terminate the affected Services without penalty.
Where Personal Data is transferred outside its country of origin, we rely on one or more of the following legally recognised transfer mechanisms:
A copy of the transfer mechanism applicable to your Personal Data is available on written request to info@lambie-ai.com.
We maintain a documented incident response programme. In the event of a Personal Data breach affecting your data:
We do not provide any government, law enforcement, or intelligence agency with direct, unrestricted, or back-door access to Personal Data, encryption keys, or systems. We disclose Personal Data in response to a lawful and binding request only after carefully reviewing the request for legal validity and proportionality. We will, where lawfully permitted, notify the affected Client or Data Subject in advance and challenge requests that are overly broad, unlawful, or inconsistent with international human rights standards.
Certain features of the Services involve automated processing, including AI-driven lead scoring, intent classification, routing, qualification, sentiment analysis, and appointment booking. Where such processing produces legal or similarly significant effects on a Data Subject, we will:
AI agents deployed on behalf of Clients are configured by the Client and operate within rules the Client defines. The Client is responsible for ensuring that any automated decisions made by its AI agents comply with applicable law.
We may aggregate, anonymise, or de-identify Personal Data so that it can no longer reasonably be used to identify any individual. Such data is no longer Personal Data and may be retained and used indefinitely for any lawful purpose, including service improvement, benchmarking, research, model evaluation, and the publication of industry insights. We will not attempt to re-identify de-identified data except as permitted by law.
Where required by applicable law, we honour user-enabled global privacy control signals (such as the GPC browser signal) as a valid request to opt out of the sale or sharing of Personal Data for cross-context behavioural advertising. We do not sell Personal Data for monetary consideration in the conventional sense.
If we are required under Article 27 of the GDPR or Article 27 of the UK GDPR to designate a representative, the appointed representative's contact details will be published on this page and made available on request. Until such time as a representative is appointed, all enquiries should be directed to info@lambie-ai.com. Our Information Officer for POPIA purposes is contactable at the same address.
Sections of this Privacy Policy that by their nature should survive termination of your use of the Services (including retention, security, international transfers, breach notification, governing law, and dispute resolution) shall survive such termination.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
For any privacy-related questions, requests, or complaints:
Email: info@lambie-ai.com
Phone: +27 79 418 9828
Address: Johannesburg, South Africa
Website: www.lambie-ai.com