Privacy policy
Last updated: 7 June 2026
BelBuddy is a service provided by Crafty Cast, trading under the name BelBuddy. We run an AI telephone assistant that answers inbound calls for our business customers, holds conversations, captures leads and schedules appointments. In delivering that service we process personal data — carefully and in line with the General Data Protection Regulation (AVG / GDPR). In this privacy policy we explain which data we process, why, for how long and what rights you have.
1. Who we are
The controller for the processing described in this policy is:
Crafty Cast (trading as BelBuddy)Noordvestsingel 81, 3119 DC Schiedam
Chamber of Commerce (KvK) number: 87872641
Email: privacy@belbuddy.com
2. Which personal data we process
From callers (people who call a telephone number that BelBuddy answers on behalf of our customer):
- telephone number and any caller identification;
- the recording of the telephone call and its text transcription;
- your name and any other information you provide during the call;
- the reason for your call and the content of your request;
- appointment and booking details (such as date, time and address) when an appointment is scheduled;
- messages exchanged with you via SMS or WhatsApp (for example a confirmation or booking link).
From customers (the businesses that use BelBuddy) and their contacts: account, contact and company details, sign-in and usage data, and billing details.
3. Purposes and legal bases
We process personal data only for clearly defined purposes, on a legal basis set out in Article 6 of the AVG (GDPR):
- Performance of the contract (Art. 6(1)(b)): answering calls, capturing leads, scheduling appointments and managing our customer's account.
- Legitimate interest (Art. 6(1)(f)): improving and securing our service, and the call-back and follow-up process for our customer.
- Consent (Art. 6(1)(a)): for recording calls and for any marketing messages. You can withdraw your consent at any time.
- Legal obligation (Art. 6(1)(c)): for example, the statutory retention requirement for billing data.
4. Call recordings
At the start of a call you are informed that the call may be recorded. We use recordings and transcriptions to handle your request correctly, capture a lead and monitor the quality of the service. If you do not want the call to be recorded, you can say so at the start of the call.
5. Retention period
We do not keep personal data for longer than necessary. We retain call data, recordings and transcriptions for 730 days (2 years) by default, after which they are deleted automatically. We keep billing data for as long as we are legally required to (the statutory retention period of 7 years). A different retention period may be agreed for specific customers.
6. Sharing with third parties and sub-processors
We never sell your data. To deliver our service we engage carefully selected sub-processors, with each of whom we have entered into a data processing agreement:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Twilio | Telephony and SMS | US / EU | Data processing agreement + SCCs |
| Meta (WhatsApp Cloud API) | WhatsApp messages | US / EU | Data processing agreement + SCCs |
| Calendly | Appointments and bookings | US | Data processing agreement + SCCs |
| Hetzner | Hosting and infrastructure | Germany (EEA) | Data processing agreement |
| Anthropic | AI processing (language model) | US | Data processing agreement + SCCs |
| Google Workspace | US / EU | Data processing agreement + SCCs | |
| Self-hosted speech engine | Speech recognition and synthesis | Own infrastructure (EEA) | Under our own control |
7. Transfers outside the EEA
A number of our sub-processors are based in the United States. For transfers of personal data outside the European Economic Area we apply appropriate safeguards, such as the Standard Contractual Clauses of the European Commission and, where applicable, the EU-US Data Privacy Framework.
8. Security
We take appropriate technical and organisational measures to protect your data, including encryption of traffic (TLS), access restrictions and hosting within the EEA. The core processing of speech takes place on our own self-hosted infrastructure within the EEA.
9. Your rights
Under the AVG (GDPR) you have the following rights in relation to your personal data:
- the right of access;
- the right to rectification;
- the right to erasure (the "right to be forgotten");
- the right to restriction of processing;
- the right to object to processing;
- the right to data portability;
- the right to withdraw consent you have given.
You can submit a request via privacy@belbuddy.com. We respond within the statutory time limit. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl).
If you are a caller and your data was processed on behalf of one of our customers, that customer may be the controller. In that case we forward your request to the relevant customer and provide support where needed.
10. Cookies
On our website we set only functional, strictly necessary cookies. Read more about this in our Cookie policy.
11. Contact
Do you have questions about this privacy policy or about how we process your data? Get in touch at privacy@belbuddy.com.
12. Changes
We may update this privacy policy from time to time. You will always find the most current version on this page, with the date of the latest change shown at the top.