TensorSound is a product of Domixir Ltd, a company registered in England and Wales (company number 15698236), whose registered office is at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.
Domixir Ltd is the data controller for all personal data processed in connection with TensorSound. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC108035.
This Privacy Policy explains what personal data we collect across all TensorSound touchpoints — our marketing website (tensorsound.com), our live demo feature ("Hear It For Yourself"), and our platform (app.tensorsound.com) — how we use it, who we share it with, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations 2003 (PECR).
To contact us about this policy or to exercise a data subject right, email us at support@tensorsound.com.
When you browse our marketing website we do not use cookies that require your consent and we do not deploy third-party advertising trackers. Basic server-side access logs (IP address, browser type, pages visited, timestamp) may be retained by our hosting infrastructure for security and operational purposes for up to 90 days.
When you request a live AI demonstration call we collect the following personal data:
| Data | Purpose | Lawful basis |
|---|---|---|
| Phone number | To send an OTP verification code and to place the demonstration call | Art 6(1)(a) UK GDPR — Consent; PECR reg. 21 — Explicit consent |
| IP address & user agent | Fraud prevention, rate limiting, and PECR audit record | Art 6(1)(a) UK GDPR — Consent; Art 6(1)(f) — Legitimate interests (security) |
| Consent timestamp & consent text version | Legally required PECR audit trail demonstrating you provided informed consent before we called | Art 6(1)(c) UK GDPR — Legal obligation (PECR) |
| OTP code & verification timestamp | To confirm ownership of the phone number before placing a call | Art 6(1)(a) UK GDPR — Consent |
| Call transcript & duration | To improve our AI voice product and to measure demo quality | Art 6(1)(a) UK GDPR — Consent (disclosed in the pre-call notice) |
| Post-call qualification data (name, email, company, fleet size, pain point, rating) | To follow up with you as a potential customer if you voluntarily submit this form after the call | Art 6(1)(a) UK GDPR — Consent (submission is voluntary and separate from the call itself) |
If you or your organisation creates a TensorSound platform account we collect:
Platform data is processed on the lawful basis of Art 6(1)(b) UK GDPR — Performance of a contract (your subscription agreement with Domixir Ltd), and where applicable Art 6(1)(c) — Legal obligation (e.g. financial records under HMRC requirements).
When you contact us by email, we retain your name, email address, and message content for as long as necessary to resolve your enquiry and for a period of 12 months thereafter for quality assurance purposes. Lawful basis: Art 6(1)(f) UK GDPR — Legitimate interests (providing support).
We use personal data only for the purposes for which it was collected, specifically:
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell personal data to third parties. We do not use personal data for behavioural advertising.
We share personal data with the following third-party processors who act under our instruction and are bound by data processing agreements:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
| Stripe | Payment processing and subscription billing | Name, email, billing address, payment method | USA (EU-US Data Privacy Framework & SCCs) |
| HubSpot | CRM — storing and managing qualified leads who have consented to follow-up contact | Name, email, company, fleet size, pain point (post-call qualification data only) | USA (EU-US Data Privacy Framework & SCCs) |
| SMTP2GO | Transactional email delivery (account creation, password reset, billing) | Email address, name | Australia / USA (SCCs apply) |
| Telnyx | SMS delivery for OTP verification codes sent during the demo call request flow | Phone number | USA (SCCs / UK IDTA apply) |
| Cloudflare | CDN, DDoS protection, and DNS for tensorsound.com | IP address, HTTP request metadata | Global (Cloudflare UK DPA applies) |
| Netlify | Static website hosting for tensorsound.com | IP address, access logs | USA (SCCs apply) |
All call processing infrastructure (telephony, voice AI models, databases) runs on servers physically located in the United Kingdom and is operated directly by Domixir Ltd. No voice data, transcripts, or call recordings are transferred outside the UK by our own infrastructure.
We may disclose personal data to law enforcement or regulatory authorities if required by law, or to protect the rights, property, or safety of Domixir Ltd, our customers, or the public.
Where personal data is transferred outside the UK (for example, to processors based in the USA), we ensure appropriate safeguards are in place as required by UK GDPR Chapter V. These safeguards include the UK International Data Transfer Agreement (IDTA) or reliance on the EU-US Data Privacy Framework with UK extension, as applicable to each processor.
You can request a copy of the safeguards we rely on for any specific transfer by contacting us at support@tensorsound.com.
| Data type | Retention period | Reason |
|---|---|---|
| Demo call request — phone number, IP, consent record | 24 months from creation | PECR consent audit trail; ICO guidance recommends retaining consent records for the duration of the relationship plus a reasonable period |
| Call transcripts | 12 months from call date | Product improvement; deleted on expiry unless subject access request is pending |
| Post-call qualification data (name, email, company) | Until you withdraw consent, or 36 months of inactivity (no engagement), whichever is sooner | CRM follow-up; in line with ICO guidance on marketing data |
| Platform account data | Duration of subscription + 7 years after termination | Contract performance; HMRC financial records retention requirement |
| Security and audit logs | 12 months rolling | Security monitoring and compliance investigation |
| Support correspondence | 12 months after resolution | Quality assurance and dispute resolution |
| Server access logs (Cloudflare / Netlify) | Up to 90 days | Operated by respective processors per their own retention policies |
At the end of each retention period, personal data is securely deleted or anonymised such that it can no longer be attributed to an individual.
As a data subject under UK GDPR you have the following rights:
To exercise any of these rights, email support@tensorsound.com with the subject line "Data Subject Request". We will respond within one calendar month as required by Art. 12 UK GDPR. We may ask you to verify your identity before processing your request.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at any time:
We would, however, appreciate the opportunity to address your concern directly before you approach the ICO. Please contact us first at support@tensorsound.com.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay, as required by Art. 33–34 UK GDPR.
Our marketing website (tensorsound.com) uses no consent-required cookies. We do not deploy advertising cookies, retargeting pixels, or third-party analytics scripts on the marketing site.
Our platform (app.tensorsound.com) uses strictly necessary session cookies to maintain your authenticated session. These cookies are essential to provide the service and are exempt from PECR consent requirements under Regulation 6(4).
We may update this Privacy Policy from time to time to reflect changes in our data processing activities, applicable law, or ICO guidance. When we make material changes we will update the "Last updated" date at the top of this page. For significant changes affecting platform customers, we will provide notice via the platform dashboard or by email.
Continued use of TensorSound after a policy update constitutes acceptance of the updated policy. We recommend reviewing this page periodically.
For any questions about this Privacy Policy, to exercise a data subject right, or to raise a concern:
We aim to respond to all data subject requests and privacy enquiries within 5 business days and will always meet the statutory one-month deadline under Art. 12 UK GDPR.