This page summarises how TaxiVoice AI supports GDPR requirements. It is provided for informational purposes and does not constitute legal advice.
1. Roles: controller and processor
Taxi operators using TaxiVoice AI are typically the data controllers for passenger and booking data. Beluga AI Ltd acts as a data processor for that data when providing the Service.
2. Lawful basis
Controllers determine the lawful basis for processing passenger data (for example, contract performance to fulfil a booking). We process data based on the controller’s documented instructions and our contractual obligations.
3. Data minimisation
The Service is designed to process only what is needed to create, modify, cancel bookings, and retrieve ETAs.
4. Security measures
We apply appropriate technical and organisational measures, including encryption in transit (TLS) for API communications and strict access controls for administrative systems. See our Security page for more detail.
5. Subprocessors
We use trusted subprocessors (such as voice infrastructure and backend/database providers) to deliver the Service. Subprocessors are bound by contractual obligations to safeguard personal data.
6. Data subject requests
If you are a passenger and want to exercise your GDPR rights, you should contact the relevant taxi operator (controller). If we receive a request directly, we may redirect it to the controller or assist as required.
7. International transfers
Depending on controller configuration and subprocessor locations, personal data may be processed in different countries. We use reputable providers and contractual safeguards designed to support lawful transfers.
8. Contact
For GDPR-related enquiries: support@taxivoice.ai.