Compliance
GDPR & Data Processing
PracticeCall is built around UK GDPR and the Data Protection Act 2018. We act as a data processor for your client data and provide a standard Data Processing Agreement (DPA) on request.
Data residency
All client data is stored in UK and EU data centres. Backups are encrypted at rest and never leave the UK/EU.
Encryption
Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is role-based with audit logging.
Sub-processors
We use a small set of vetted sub-processors (hosting, SMS delivery, email delivery). A current list and DPA terms are available on request.
Consent & opt-out
Every outbound SMS includes a clear opt-out path. Opt-outs are honoured automatically across all sequences and tied to the caller's phone number.
Data subject requests
We support access, rectification, erasure and portability requests within statutory timeframes. Customers can self-serve via the CRM or escalate to our team.
Breach notification
We will notify affected customers within 72 hours of becoming aware of a personal data breach, with full detail to follow as our investigation progresses.
Request our DPA, sub-processor list or security pack at privacy@practicecall.co.uk.