Legal
Terms of Service & Privacy Policy
Last updated: 28 June 2026 · Necteli Ltd, registered in England & Wales.
Version 2026-06-28. View or download the exact, unaltered text of this version: /legal/terms-2026-06-28.md
This single document combines our Terms of Service (sections 1-13), our Data Processing terms (sections 14-19), our Privacy, Subprocessors & Cookies information (sections 20-24), and our outbound B2B sales call policy (section 25). It is the full agreement between Necteli Ltd and the dental practice using the Libby service. Read it once and keep it. We will tell you in writing if we change anything material.
1.Agreement and definitions
By creating an account or using Libby, the dental practice (“you”, “the Customer”) enters into a binding agreement with Necteli Ltd, a company registered in England & Wales (“Necteli”,“we”, “us”). “The service” means the Libby AI receptionist platform: a dedicated UK phone number, AI voice call handling, post-call email summaries, the web dashboard and any related features we make available.“Caller” means any person who phones your Libby number. If you do not agree to these terms, do not use the service.
2.The service
Libby answers inbound calls on your behalf, captures the caller's reason for calling, books or notes appointment requests, escalates urgent cases according to the rules you configure, and after each call sends you a short email notification that a call came in. For your patients' privacy, all the details (the caller, the full written summary and the clinical reason for the call) are kept in your secure dashboard, not in the email. The service is provided on a subscription basis after a free trial period.
3.Free trial
New accounts receive a free trial of 7 days or 60 minutes of call time, whichever expires first. No payment details are required to start the trial. At the end of the trial the account is locked until a paid subscription is purchased. We may withdraw or modify the trial at any time for accounts we reasonably suspect of abuse.
4.Subscriptions and billing
Paid plans are billed monthly in pounds sterling (GBP) by Stripe. Each plan includes an inclusive monthly minute allowance; additional minutes are charged at the per-minute overage rate published on the pricing page on the day they are used. Subscriptions auto-renew unless cancelled before the next billing date. Cancellation takes effect at the end of the current billing cycle. We do not refund partial months unless required by law. We may change pricing on 30 days' written notice to your account email.
5.Acceptable use
You must not, and must not allow any third party to:
- use the service in a way that breaches UK law, including the Privacy and Electronic Communications Regulations or the Data Protection Act 2018;
- use the service for cold-calling, marketing campaigns, telemarketing or any outbound dialling;
- route calls to the service that originate outside the United Kingdom without our prior written consent;
- attempt to reverse engineer, scrape, copy or otherwise compromise the security of the service;
- upload or transmit unlawful, harmful, defamatory or infringing content through the dashboard, including AI prompts that attempt to elicit clinical advice the service is not designed to provide.
Breach of this section is grounds for immediate suspension and termination under section 11.
6.AI limitations and disclaimer
Libby is a software receptionist powered by large language models and speech systems. It is not a clinician, not a medical device, and not a substitute for triage by a trained professional. Although we tune the assistant to escalate urgent cases, AI systems can occasionally misrecognise speech, paraphrase incorrectly, or generate content that looks confident but is inaccurate (“hallucinations”). You acknowledge this risk and agree that the service is provided as supplementary coverage, not as a primary clinical decision-maker. You are responsible for reviewing call summaries and acting on the information yourself, and for configuring escalation rules appropriate to your practice.
7.Service availability and continuity
We target 99.5% monthly uptime, measured at the inbound call layer. We do not commit to a contractual SLA with refunds for downtime during the trial or on standard subscription tiers. If the AI layer fails, calls fall through to a voicemail safety net so the caller does not encounter a dead line; you receive a notification by email and the transcript and summary in your dashboard. Planned maintenance is announced in advance where reasonably possible.
8.Customer responsibilities
- Provide accurate clinic information (opening hours, services, escalation contacts) and keep it up to date in the dashboard.
- Inform your callers that calls may be handled by an AI receptionist and recorded, in line with PECR and ICO guidance.
- Secure your dashboard login credentials. You are responsible for all activity under your account.
- Act on the call summaries we deliver, including any flagged urgent cases, within the timeframes appropriate for your practice.
9.Intellectual property
All software, prompts, branding and documentation that make up the service remain the property of Necteli Ltd. You receive a limited, non-exclusive, non-transferable licence to use the service for the duration of your subscription. Recordings, transcripts and summaries of calls received by your Libby number belong to you, but you grant us a licence to process them as necessary to provide the service and (in fully anonymised, aggregated form) to improve it.
10.Confidentiality
Each party will protect the other's confidential information with the same care it uses for its own (and at least with reasonable care). Confidential information includes call content, patient information, business plans, pricing arrangements and technical configuration. This obligation continues for 3 years after termination of the account.
11.Suspension and termination
We may suspend or terminate your account immediately if (a) you breach these terms in a material way and do not cure the breach within 7 days of written notice, (b) you fail to pay an invoice that is more than 14 days overdue, (c) we are required to do so by law or regulator, or (d) we reasonably suspect fraud or misuse that exposes us, our subprocessors or other customers to risk. On termination we close your dedicated number, deactivate the AI assistant, and delete call recordings and transcripts on the schedule in section 17.
12.Limitation of liability
Nothing in these terms limits liability that cannot lawfully be limited (such as death or personal injury caused by negligence, or fraud). Subject to that, our total aggregate liability for any claim arising out of or in connection with the service is limited to the fees you paid us in the 12 months immediately preceding the event giving rise to the claim. Neither party is liable for indirect, consequential, special or punitive losses, lost profits, lost revenue or lost goodwill.
13.Indemnity
You agree to indemnify and hold Necteli harmless from any third-party claim arising out of (a) your breach of these terms, (b) your unlawful use of the service, (c) content you provide to the AI assistant, or (d) clinical decisions made by you or your staff on the basis of, or in spite of, information delivered by the service.
14.Data Processing Agreement (UK GDPR)
Sections 14-19 form a Data Processing Agreement (DPA) under Article 28 of the UK GDPR. They apply automatically when you use the service and do not require a separate signature. Necteli Ltd is registered with the UK Information Commissioner's Office; our ICO registration number is ZC159414.
15.Lawful basis and roles
You (the dental practice) are the Data Controller in respect of patient personal data captured during calls. Necteli is the Data Processor, processing personal data only on your documented instructions, which are the configuration you set in the dashboard and any subsequent written instruction by email to hello@necteli.co.uk. The lawful basis for processing is your legitimate interest in answering patient enquiries reliably and, where appropriate, the performance of a contract between you and the patient.
16.Data we process
- Caller details: the calling phone number, any name the caller gives, the date and time of the call.
- Call content: audio recording of the call, full transcript, and the AI-generated summary.
- Outcome data: appointment requests, callback requests, urgent flags raised by the assistant.
- Account data: your clinic name, address, opening hours, escalation contacts, billing email and Stripe customer ID.
Special category data (such as health information) may incidentally appear in call content. We do not solicit it; when it appears we process it under the same UK GDPR obligations and the additional condition in Schedule 1 Part 1 of the Data Protection Act 2018 (provision of health or social care).
17.Retention
Call recordings, transcripts and summaries are retained for 30 days from the date of the call and are then automatically deleted from our primary systems. Backups are rotated and overwritten within an additional 30 days. Account metadata (clinic name, billing records) is retained for as long as the account is active and for up to 7 years after closure to satisfy UK accounting law. You may request earlier deletion of specific call records at any time.
18.Data subject rights and DSAR assistance
If a caller asks you to exercise their UK GDPR rights (access, rectification, erasure, restriction, objection, portability), we will assist you within reasonable timeframes. Send the request to hello@necteli.co.uk with the caller's phone number and approximate call date; we will return the relevant records, redact, or delete them as appropriate, normally within 7 business days and always within the 30-day statutory period. There is no extra fee for the first DSAR per quarter; volume requests may attract a reasonable administrative charge.
19.Breach notification
If we become aware of a personal data breach involving your data, we will notify you in writing without undue delay and in any event within 72 hours of becoming aware, with the information you need to assess and (if required) notify the ICO yourself under Articles 33-34 UK GDPR. We will assist your investigation, share remediation steps we have taken, and cooperate with any regulator enquiry.
20.Subprocessors
We use the following subprocessors to deliver the service. Each is bound by a written agreement that imposes data protection obligations no less protective than these terms. We remain liable to you for their acts and omissions in respect of your data.
- Cloud infrastructure and database storage providers
- Payment processing and billing service providers
- Communication and telecommunications routing providers
- Artificial intelligence voice processing and transcription providers
- Email delivery and marketing automation providers
Each subprocessor is established in, or provides appropriate safeguards for, the UK or EU, and processes data only on our documented instructions. The specific named providers in each category, and their locations, are available to you as a controller on request. We will give you at least 14 days' advance notice by email before adding or replacing a subprocessor, and you may object on reasonable data-protection grounds within that period.
21.International transfers and security
We keep call recordings and transcripts on UK or EU infrastructure. Some subprocessors are US-based companies; where personal data is transferred to them we rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses (or an equivalent UK adequacy mechanism) together with supplementary technical measures (encryption in transit and at rest).
We use TLS 1.2 or higher for all data in transit, encrypted database storage at rest, role-based access control limited to the staff who need access to provide the service, and audit logs on the admin layer. We do not currently hold ISO 27001 or SOC 2 certification; both are on our roadmap and we will update this section when we do. We do not hold a professional indemnity insurance policy beyond the limits set out in section 12.
22.Audit rights
On reasonable written notice (and not more than once in any 12-month period unless required by a regulator), you may request information sufficient to demonstrate our compliance with the obligations in sections 14-21. We will respond in writing, provide policy documents, the most recent penetration-test summary if available, and confirm the technical and organisational measures in place. On-site audits are by mutual agreement and at your cost; we may satisfy this obligation by providing a third-party audit report if one is available.
23.Governing law, changes, and contact
These terms are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction over any dispute. We may update these terms; the “Last updated” date at the top will change and we will notify you of any material change by email. Continued use of the service after a change indicates acceptance.
For questions, DSAR requests, breach reports or any other matter under these terms: hello@necteli.co.uk.
24.Cookies and website analytics
This section explains the cookies and similar technologies our website and dashboard use, and what we collect with your consent. We group them into three kinds:
- Strictly necessary — used to run the service, such as keeping you securely signed in to your dashboard. These are always on and do not require consent, as permitted under the Privacy and Electronic Communications Regulations (PECR).
- Functional — remember your preferences, such as your light or dark display choice and whether you have seen our guided tours. These are stored on your device only and are not used to track you.
- Analytics (consent required) — only set if you choose Accept on our cookie banner. We use Microsoft Clarity to understand how visitors use the site. With your consent it collects your approximate geographic location (country and region level, derived from your IP address — never your precise location), and your on-site behaviour: the pages you view, where you click, how far you scroll, and anonymised session recordings and heatmaps. We use this solely to improve the user experience and optimise the structure and layout of our pages. We do not use it to identify you personally or for advertising.
You can accept or reject analytics cookies at any time using the banner shown on your first visit, and you can withdraw consent later by clearing your browser's site data for this website. Rejecting analytics has no effect on your ability to use Libby. For any cookie question, contact hello@necteli.co.uk.
25.Outbound B2B sales calls and call recording
Necteli Ltd makes outbound telephone calls to UK dental practices for the purpose of introducing the Libby AI receptionist service. These calls may be recorded, or an AI-generated transcript may be retained, for the following purposes: to evidence any consent given, for quality and compliance monitoring, and to improve the service.
The lawful basis for this processing is Legitimate Interest under UK GDPR Article 6(1)(f). A Legitimate Interest Assessment (LIA) is maintained internally. Before calling, we check all outbound numbers against the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) registers, in line with the Privacy and Electronic Communications Regulations (PECR). We call only business telephone numbers; we do not make cold outbound calls to numbers registered to private individuals.
Recordings or transcripts of outbound sales calls are retained for a maximum of 6 months from the date of the call and are then deleted automatically. You may object to this processing at any time by contacting us at hello@necteli.co.uk — we will honour your objection promptly and remove your details from our outbound call list.
Necteli Ltd · Registered in England & Wales · ICO registration ZC159414 · UK GDPR & DPA 2018 compliant