Data Processing & GDPR | Airis
Last Updated: May 13, 2026
1. Overview
This page explains the practical GDPR setup for Airis. It is written for small Irish trades businesses who need to understand how caller and job data is handled.
2. Controller and processor roles
For caller and job data captured for a trades business, the trades business normally decides why the data is collected and how it will follow up. That means the trades business is usually the controller. Airis processes that data to provide the call intake and handoff service, so Airis is usually the processor.
Airis is usually controller for its own website, signup, account, billing if introduced, security, support, business analytics and legal/compliance records.
3. Processing we perform for customers
- Receive forwarded or inbound call events.
- Process call audio/transcription where applicable.
- Ask intake questions and structure caller/job details.
- Create summaries and urgency indicators.
- Display jobs in the dashboard and send handoff notifications.
- Maintain operational logs and audit records needed for reliability and security.
4. Customer responsibilities as controller
- Have a lawful basis for using Airis with callers.
- Provide appropriate privacy and AI/call disclosure information to callers.
- Review summaries before making decisions.
- Respond to caller rights requests where the caller is your customer.
- Tell Airis promptly if you receive a request or complaint that needs our help.
5. DPA
Our Data Processing Agreement is available online and is intended to meet the main Article 28 GDPR requirements for early pilots unless replaced by a signed customer DPA.
6. Subprocessors
See our Subprocessors page for the current providers identified from the product implementation.
7. Security and retention
We use managed cloud infrastructure, HTTPS, least-privilege access, secure session cookies, provider secret configuration, logging minimisation where practical, and limited retention targets. We do not claim external security certifications unless separately documented.