HAMI Voice is operated by NIRST LTD, a company registered in Scotland under company number SC710095, with registered office at 4 Rubislaw Terrace, Aberdeen, AB10 1XE, United Kingdom. In this Privacy Policy "we", "us", and "our" refer to NIRST LTD. We are the data controllers responsible for personal data collected and processed in relation to the HAMI Voice platform and services. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZB728752.
The privacy and security of your data is important to us. Please review this Privacy Policy to understand how we handle your information. By using or accessing the HAMI Voice platform you acknowledge and accept the practices described below.
Last updated: 2026-05-29
We collect and process personal data in compliance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.
When you sign up for HAMI Voice we collect:
Your account is associated with a team. Your team owner may also see your name and email address as part of team management.
Where you create or administer a team you may also provide:
When you create or run surveys on HAMI Voice you provide content, including:
You retain ownership of this content. We process it solely to provide the service to you.
When you choose to use the voice-driven survey mode, your speech is recorded in real-time and converted to text by a third-party speech-to-text service (Soniox). Real-time audio is streamed directly to the speech-to-text provider and is not stored by default. Soniox does not retain audio after processing and does not use your data to train its models.
While voice mode is active, recording continues when the HAMI Voice app is in the background — for example when your screen is locked, when you switch to another app, or when your phone is in a pocket or pouch — so you can complete a survey hands-free. Your device's operating system displays a microphone indicator (a small dot in the iOS status bar, a notification icon on Android) whenever the microphone is active. Recording stops when you exit voice mode, end the survey session, or close the app.
If your team has enabled the optional voice audio log, the platform additionally stores per-utterance audio clips and transcripts for up to 14 days. The audio log is disabled by default and only available where a team administrator opts in. When enabled, all users in the team are shown a consent disclosure before voice mode begins ("This inspection will be recorded for quality and debugging purposes. Recordings are automatically deleted after 14 days."). You can withdraw consent at any time by declining the consent prompt or by switching to manual text entry.
Audio log recordings are stored on AWS S3 in the eu-central-1 region (Frankfurt, Germany) under the survey-utterances/ prefix and are automatically deleted by S3 lifecycle rule after 14 days. Transcripts and AI extraction metadata associated with utterances are retained until the survey session is deleted or you exercise your right to erasure.
Voice features are entirely optional. You may always use manual text entry instead. Your voice data is not used for biometric identification, speaker recognition, or authentication.
Where you capture photographs as part of a survey session, the image files are uploaded to AWS S3 in the eu-central-1 region (Frankfurt, Germany) under the survey-sessions/ prefix. Images are linked to the survey session, group instance, or field that they were captured against. Images are retained for the lifetime of the survey session and deleted when the session is deleted.
Where a survey field requests a signature, the signature is captured on-screen and stored as a small image embedded directly in the survey session record. Signatures are used to evidence acceptance or sign-off of a completed report and are not used for biometric identification or authentication. Signatures are deleted when the associated survey session is deleted.
Survey reports are generated on-demand from your data when you request a download or share. We do not maintain a separate stored copy of the generated PDF; each download regenerates the report from the current survey session record.
We collect operational telemetry that helps us run and improve the service:
We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device until they expire or you delete them) to authenticate your session, remember your preferences, and analyse usage. You can control cookies through your browser settings; disabling cookies may limit your ability to use the platform.
The information collected is used for the purpose of providing and improving the platform. We may use your personal data to:
| Processing activity | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Account creation and authentication | (b) Performance of a contract |
| Storing and processing survey content you create | (b) Performance of a contract |
| Voice recording and transcription (real-time) | (a) Consent — voice mode is optional |
| Voice audio log (when team has opted in) | (a) Consent — admin-enabled, per-user disclosure |
| AI processing of survey input | (b) Performance of a contract |
| AI Template Builder processing of uploaded documents | (b) Performance of a contract |
| Service emails (security, account, billing) | (b) Performance of a contract |
| Marketing communications | (a) Consent (opt-in, opt-out at any time) |
| Aggregated analytics and service improvement | (f) Legitimate interest |
HAMI Voice includes AI-powered features that process your input using third-party AI services:
hami-template-builder/ prefix and retained until you delete the template.We use AI-assisted features on the basis of contract performance (delivering the service you have signed up for) and, for voice, consent. You are informed when interacting with an AI-powered feature.
We do not use customer data to train any AI models, and our AI sub-processors have committed not to use your data for their own model training.
We use the following third-party services to deliver the platform. Each acts as a data processor on our behalf under appropriate data processing agreements:
| Provider | Purpose | Data processed | Data location |
|---|---|---|---|
| Vercel | Web application hosting | Application data, request logs | EU |
| Neon | PostgreSQL database services | All stored personal data | EU |
| AWS (S3) | File storage (photos, signatures, audio log, template source documents) | Image files, audio files, document uploads | Frankfurt, Germany (eu-central-1) |
| AWS (Bedrock) | AI inference (PDF document analysis) | Uploaded PDF source documents | Frankfurt, Germany (eu-central-1) |
| xAI | AI inference (survey assistant, template builder default) | Text prompts, transcribed speech, image content of uploaded forms | EU (eu-west-1 region) |
| Soniox | Real-time speech-to-text transcription | Audio streams (real-time, zero retention) | EU |
| AWS (SES) | Transactional email delivery (account verification, password reset, account-deletion notices, trial-ending reminders) | Email address, recipient name, message content | Frankfurt, Germany (eu-central-1) |
Optional providers (active only where configured by us as alternates to the defaults above):
| Provider | Purpose | Data location |
|---|---|---|
| Google Cloud (Vertex AI, Gemini) | AI inference | Belgium (EU) |
| OpenAI | AI inference | EU (OpenAI Ireland Ltd) |
| Mistral AI | AI inference, OCR | EU (Paris, France) |
These providers process your data solely for the purpose of delivering the relevant feature and do not use your data for their own purposes, including model training.
All sub-processors listed above operate within the United Kingdom or the European Economic Area, or under appropriate transfer mechanisms (UK Addendum to the EU Standard Contractual Clauses) where any element of processing falls outside the UK/EEA. We do not transfer your personal data to a country or territory outside the UK or EEA without an appropriate transfer mechanism in place.
We retain different types of data for different periods:
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of your account, plus any legal retention period |
| Team and brand data | Duration of your team's account |
| Survey templates | Until deleted by your team |
| Survey sessions and responses | Until deleted by your team |
| Survey photos | Linked to session — deleted when session is deleted |
| Signatures | Embedded in session — deleted when session is deleted |
| Voice audio log recordings (when team has opted in) | 14 days (auto-deleted by S3 lifecycle rule) |
| Voice audio log transcripts and AI extraction metadata | Linked to session — deleted when session is deleted |
| AI Template Builder source documents | Until template is deleted |
| Application logs (telemetry) | 12 months |
| Database backups | 30 days |
We implement comprehensive security measures to protect your personal data:
Under data protection law you have the following rights in respect of your personal data:
To request deletion of specific data without closing your account, email us at support@hami-voice.com describing the data you would like removed (for example, a particular survey session, voice audio log recording, or uploaded template source document). We will action your request within 30 days, except where we have an overriding legal obligation to retain the data (for example, records required for tax, audit, or regulatory purposes).
To delete your account and all associated personal data, follow the steps on our Account and Data Deletion page. That page also describes how to request deletion if you can no longer sign in.
In order to process any of these requests we may need to verify your identity for your security. To exercise any of these rights, contact us at support@hami-voice.com.
We will only send you marketing communications about HAMI Voice with your consent. You can withdraw consent at any time by clicking the unsubscribe link in any marketing email or by contacting us at support@hami-voice.com. Withdrawing consent for marketing does not affect service emails (account notices, security alerts, billing if applicable).
HAMI Voice is intended for use by professionals in a business context. The platform is not directed at children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected such data, please contact us so we can delete it.
We reserve the right to update this Privacy Policy. We will post any changes on this page with a revised "Last updated" date. Material changes will be communicated to existing users by email or in-app notice.
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@hami-voice.com.
For postal correspondence:
NIRST LTD 4 Rubislaw Terrace Aberdeen, AB10 1XE United Kingdom