Data Processing & GDPR | Airis

Last Updated: May 10, 2026

1. Commitment to Privacy

Airis is built for Irish and EU businesses. We treat the General Data Protection Regulation (GDPR) and the security of your data seriously.

2. Roles and Responsibilities

Under GDPR terminology, the customer (the trades business) acts as the Data Controller for the personal data of their callers and job records. Airis acts as the Data Processor, processing this data on behalf of the customer to deliver our AI receptionist service.

3. Types of Processing

The processing we perform includes:

• Call intake and audio processing.
• Capturing contact details and job information.
• Generating job summaries.
• Operator notifications via SMS or dashboard.
• Maintaining logs and audit trails for service reliability and security.

4. Subprocessors

We use trusted third-party subprocessors to help deliver our service. These categories include:

• Cloud hosting providers.
• Telephony, SMS, and email providers.
• AI model providers for transcription and conversational logic.
• Monitoring and security tools.

5. Security Measures

We employ practical, MVP-level security measures to protect data, including strict access controls, secure secrets management, maintaining least-necessary access, and utilizing audit logs where available.

6. Formal Data Processing Agreement (DPA)

A formal Data Processing Agreement (DPA) can be provided or arranged for customers who require one as part of their compliance documentation. Please contact hello@airis.ie to request a DPA or if you have any questions.