PRIVACY POLICY
Nerva Studios L.L.C
Effective Date: 28 February 2026
Last Updated: 28 February 2026
Nerva Studios L.L.C ("Nerva Studios", "we", "us", or "our") is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, services, and Voice AI platform.
We operate across multiple jurisdictions including Australia, the United Kingdom, and South Africa. This policy is designed to comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, and the South African Protection of Personal Information Act 4 of 2013 (POPIA).
By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy.
Nerva Studios L.L.C is an AI and automation technology company providing Voice AI solutions, CRM automation, and booking automation services to businesses. Our registered contact details are:
Nerva Studios L.L.C
Email: info@nervastudios.com
Website: www.nervastudios.com
For UK data protection purposes, Nerva Studios L.L.C acts as a data controller in respect of personal data collected from UK residents.
For South African POPIA purposes, Nerva Studios L.L.C is the responsible party for personal information processed in connection with our services.
We collect the following categories of information:
When you visit our website, we automatically collect:
• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time spent, and navigation paths
• Referring URLs and exit pages
• Cookie identifiers and similar tracking technologies
When businesses engage our services, we collect and process:
• Business contact details (name, email, phone, company name, address)
• Call recordings generated through our Voice AI platform
• CRM data including customer records, interaction logs, and booking information synced through our integrations
• Account credentials and configuration settings
• Usage data including call volumes, duration, and system performance metrics
We collect information necessary to process payments for our services, including:
• Billing name and address
• Payment card details (processed securely through third-party payment processors — we do not store full card numbers)
• Transaction history and invoicing records
We do not knowingly collect personal information from individuals under the age of 18. Our services are directed to businesses and their authorised representatives only.
We use the information we collect for the following purposes:
• To provide, operate, and maintain our Voice AI and automation services
• To manage client accounts, onboarding, and support
• To process transactions and maintain financial records
• To analyse usage patterns and improve our platform and services
• To send service updates, technical notices, and support messages
• To send promotional communications where you have consented or where permitted by applicable law
• To comply with applicable laws, regulations, and legal processes
• To detect, prevent, and address fraud, abuse, and security incidents
For individuals in the United Kingdom, we process personal data on the following legal bases:
• Contract Performance: Processing necessary to deliver services under our client agreements
• Legitimate Interests: Analytics, security, fraud prevention, and direct marketing to existing clients
• Legal Obligation: Compliance with applicable UK laws and regulations
• Consent: Where we rely on consent (e.g. marketing to new contacts), you have the right to withdraw consent at any time
We collect and handle personal information in accordance with the Australian Privacy Principles. We collect personal information only where it is reasonably necessary for our business functions and activities as described in this policy.
For South African data subjects, we process personal information on the following grounds:
• Contractual necessity for service delivery
• Legitimate interests of our business
• Compliance with legal obligations
• Consent, where required by POPIA
We use cookies and similar technologies on our website. These include:
• Essential Cookies: Required for the website to function. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g. Google Analytics).
• Marketing Cookies: Used to track the effectiveness of our advertising campaigns.
You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. Where required by law (including UK GDPR and POPIA), we will obtain your consent before placing non-essential cookies.
Our Voice AI platform may record and process calls handled by our AI agents on behalf of our clients. This is a core function of our service. Our clients (businesses) are responsible for:
• Notifying their customers that calls may be recorded and handled by AI
• Obtaining any consents required by applicable law in their jurisdiction
• Ensuring their use of our platform complies with local telecommunications and privacy laws
Call recordings are stored securely and retained for a period of 90 days by default unless otherwise agreed with the client. Clients may request earlier deletion. We do not use call recordings for any purpose other than service delivery, quality assurance, and technical support unless required by law.
We do not sell your personal information. We may share information in the following circumstances:
• Service Providers: Third-party vendors who assist us in delivering our services (e.g. Vapi for voice AI infrastructure, payment processors, cloud hosting providers). These parties are contractually bound to protect your information.
• CRM and Integration Partners: Where clients configure integrations with platforms such as HubSpot or Salesforce, data is shared in accordance with the client's instructions.
• Legal Requirements: Where disclosure is required by law, court order, or regulatory authority in Australia, the UK, South Africa, or other applicable jurisdictions.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the acquirer honouring this Privacy Policy.
• With Your Consent: Where you have explicitly authorised sharing for a specific purpose.
As a business operating across multiple countries, we may transfer personal information across borders. We ensure that such transfers are protected by appropriate safeguards including:
• Standard Contractual Clauses approved by relevant regulatory authorities
• Transfers only to countries with adequate data protection laws
• Contractual obligations on recipients to maintain equivalent protections
UK residents: International transfers from the UK are governed by UK GDPR transfer mechanisms. South African residents: Cross-border transfers comply with Section 72 of POPIA.
We retain personal information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law. Our general retention periods are:
• Client account data: Duration of the contract plus 7 years for financial records
• Call recordings: 90 days from the date of recording (unless otherwise agreed)
• Website analytics data: 26 months
• Payment records: 7 years (to comply with financial regulations)
• Marketing data: Until you unsubscribe or withdraw consent
You have the right to:
• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request erasure of your data ('right to be forgotten')
• Restrict or object to processing
• Data portability (receive your data in a structured, machine-readable format)
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk
Under the Privacy Act 1988, you have the right to:
• Access personal information we hold about you
• Request correction of inaccurate or outdated information
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au
Under POPIA, you have the right to:
• Request access to your personal information
• Request correction or deletion of your personal information
• Object to the processing of your personal information
• Submit a complaint to the Information Regulator of South Africa at www.inforegulator.org.za
To exercise any of these rights, please contact us at info@nervastudios.com. We will respond within 30 days of receiving your request.
We implement appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction. These measures include:
• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Staff training on data protection obligations
In the event of a data breach that is likely to result in a risk to individuals, we will notify affected parties and relevant regulatory authorities as required by applicable law.
Our website and services may contain links to third-party websites or integrate with third-party platforms. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify clients of material changes by email or through a prominent notice on our website. The effective date at the top of this policy indicates when it was last revised.
Continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy.
If you have any questions, concerns, or complaints about our privacy practices, please contact us:
Privacy Enquiries
Nerva Studios L.L.C
Email: info@nervastudios.com
Website: www.nervastudios.com
We take all privacy complaints seriously and will respond within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant regulatory authority in your jurisdiction as described in Section 11 of this policy.
This Privacy Policy was prepared for Nerva Studios L.L.C and is effective as of 28 February 2026. This document is provided for informational purposes. Nerva Studios recommends periodic review by a qualified legal professional to ensure ongoing compliance with applicable laws.