CalmResolve

Privacy Policy

Last updated: 01 December 2025

CalmResolve Privacy Policy.

1. Who we are

CalmResolve is an online AI-assisted mediation service provided by Spire Bellotte Consulting Limited, trading as CalmResolve (“we”, “us”, “our”), based in Chesterfield, United Kingdom.

CalmResolve helps individuals and organisations resolve disputes through secure online chat sessions with a neutral AI mediator. This privacy policy explains how we collect, use and protect personal data when you use:

  • our website at calmresolve.co.uk (the “Site”); and
  • our mediation services, including booking and participating in CalmResolve sessions (the “Services”).

We are the data controller for the personal data described in this policy.

If you have any questions, you can contact us at:

  • Email: info@calmresolve.co.uk
  • Postal: Tapton Park Innovation Centre, Brimington Road, Chesterfield, Derbyshire, S41 0TZ

We have not appointed a Data Protection Officer, but you can use the contact details above for all privacy-related queries.

2. Summary – what you need to know

  • We only collect the personal data we need to run CalmResolve and improve it.
  • We do not sell your personal data.
  • Your mediation chat is private between you and our neutral AI mediator. Other participants and the organiser cannot see your raw chat messages; they only see information the mediator chooses to summarise or share as part of the process.
  • We use reputable providers for hosting, payments, SMS/email delivery and AI processing, and we have agreements in place to protect your data.
  • You are in control of your information. You have rights to access, correct, delete and restrict how we use your data.
  • We do not send marketing emails or promotions. We will only contact you when necessary to provide our Services or important updates.

The rest of this notice provides more detail.

3. The data we collect

The data we collect depends on how you interact with us.

3.1 Website visitors

When you browse the Site, we may process:

  • Technical data: IP address, browser type, device identifiers, operating system, pages visited, time and date of visits, and similar diagnostic data.
  • Cookies and similar technologies: We use a small number of essential cookies needed to operate the Site and keep sessions working (for example, remembering that you are in an active mediation session). We do not use analytics or advertising cookies.

We do not use analytics or advertising cookies and do not use tracking technologies for marketing.

We do not use this information to try to identify you directly, but it may still be personal data under UK law.

3.2 Private booking organisers (non-corporate)

If you book a mediation as a private individual, we collect:

  • Your name – this can be your full name, a first name only, or a chosen name if you prefer.
  • Your contact details – we ask for your email address so we can send booking confirmations and service messages. You may also choose to provide a mobile number later for SMS reminders.
  • Information about the type of mediation (e.g. family, workplace, neighbour, commercial, or “other”). This is mainly for our own statistics and service planning.
  • Names and contact details of participants you invite – typically a first name and an email address and/or mobile number so we can send joining instructions.
  • Booking details – for example, the scheduled date and time, and whether your session is set up as a live (real-time) session or a more flexible session where people can respond in their own time.
  • Payment-related information – such as the amount due, payment status and transaction reference, provided to us by our payment provider. We do not see your full card details.

If you also join as a participant, we process your data as a participant too (see 3.4).

3.3 Corporate organisers

If you are a corporate customer or organiser, we may collect:

  • Organisation name and basic company details
  • Your name and contact details (usually your work email)
  • Details of your organisation’s subscription and entitlements
  • Information about the cases you book (type of mediation, participants’ details, session configuration)

As a corporate organiser, you do not receive meeting codes unless you are also registered as a participant.

3.4 Participants in mediation sessions

For each participant in a mediation session (whether invited by a private or corporate organiser), we process:

  • Name (or chosen display name)
  • Contact details (email and/or mobile number)
  • Meeting code and session participation details
  • The mediation chat content you send and receive (messages you type, and any attachments if enabled in future)
  • System notices and AI mediator responses associated with your session

Who sees what:

  • Your raw chat messages are visible to you and to our AI mediator.
  • Other participants and the organiser cannot see your raw chat messages.
  • If you ask the mediator to pass a message on, it will normally rephrase or summarise your message and share only what is necessary for the mediation.

Because CalmResolve is used to deal with disputes, your messages may include special category data, such as:

  • Health information
  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Information about sexual life or sexual orientation
  • Information about criminal allegations or convictions

We do not require this information, but we recognise that you may choose to share it because it is relevant to your situation.

3.5 Communications and support

If you contact us (for example by email or via a contact form), we process:

  • Your name and contact details
  • The content of your message
  • Any follow-up communications with you

3.6 Payment and billing information

When you pay for a session or subscription, we process:

  • Basic payment information made available to us by our payment provider, such as the amount, currency, timestamps, payment status and a transaction reference
  • The email address used at checkout (for example to send receipts)

Card details (such as full card number and security code) are collected and processed directly by our payment provider (e.g. Stripe) within their secure payment frame. CalmResolve does not store your full card number or security code on our systems.

3.7 Safety and quality monitoring data

To keep CalmResolve safe and functioning correctly, our systems may flag certain messages or interactions (for example, messages that might breach our usage rules or raise safety concerns).

For these specific cases we may:

  • Store a copy of the flagged message(s) and relevant system logs in a separate part of our database
  • Review a sample of these records to check that the AI mediator responded appropriately and to improve our safety instructions and controls
  • Where reasonably possible, remove or avoid storing obvious direct identifiers (for example, full names and contact details) in these safety records

This safety and quality data is kept separate from the main chat transcript and retained for longer than the standard session history (see section 8).

4. How and why we use personal data (legal bases)

Under the UK GDPR and Data Protection Act 2018, we must have a lawful basis for each use of your data.

4.1 To provide our Services (contract)

We process data as necessary to:

  • Allow organisers to book sessions and invite participants
  • Create and manage mediation sessions and meeting codes
  • Deliver emails and SMS messages with joining instructions and reminders
  • Run the AI-assisted mediation chat and route messages correctly
  • Manage subscriptions, usage and time credits
  • Process payments and issue receipts

Legal basis: performance of a contract (or steps taken at your request before entering into a contract).

4.2 To handle special category data (consent and legal claims)

Mediation chats may contain sensitive personal information. For this, we rely on:

  • Your explicit consent when you choose to share such information in a mediation context; and/or
  • The fact that processing may be necessary for the establishment, exercise or defence of legal claims, where relevant to your dispute.

You should only share sensitive information that is genuinely necessary for the mediation.

You can withdraw your consent at any time by contacting us (see section 11). Withdrawing consent will not affect processing already carried out and may affect our ability to continue the session.

4.3 To maintain and improve CalmResolve (legitimate interests)

We may use data (usually in aggregated or pseudonymised form where possible) to:

  • Monitor service performance and reliability
  • Debug issues, prevent abuse and enhance security
  • Improve our AI prompts, workflows and user experience
  • Develop new features and refine our business processes
  • Review flagged safety or protocol events (see 3.7) to make sure the mediator responds appropriately and to improve our safety controls over time

Legal basis: our legitimate interests in operating and improving a secure, reliable mediation service. We balance these interests against your privacy rights and minimise the use of identifiable data for these purposes.

Where this involves special category data (for example, in a flagged message), we also rely on your explicit consent and/or the legal claims basis described in 4.2.

4.4 To comply with legal obligations

We may use and retain certain information to:

  • Maintain accounting and tax records
  • Respond to lawful requests from regulators, law enforcement or courts
  • Manage and defend legal claims

Legal basis: legal obligation.

4.5 Service updates (no marketing emails)

We do not send marketing emails, promotional material or third-party advertising.

We may send:

  • Service-related emails that are necessary to operate CalmResolve (for example, booking confirmations, changes to your session, important safety notices or system messages).
  • Occasional service updates that are directly relevant to your existing CalmResolve account or session, such as improvements to safety features or changes to our terms or privacy policy.

These communications are not marketing; they are provided so you can use CalmResolve safely and effectively.

If we ever introduce optional marketing in the future, we will:

  1. Ask for your clear, affirmative consent first;
  2. Make it easy to opt out at any time; and
  3. Never use your mediation data for marketing purposes.

5. How the AI mediator works and where data goes

CalmResolve uses AI technology to assist with mediation. In practical terms:

  • Your messages and other relevant session data are sent securely to our AI provider(s) so the AI can generate responses.
  • The AI provider processes this data as our processor, under contract, and is not allowed to use it to contact you or for its own independent marketing.
  • We configure the AI mediator to encourage neutral, non-judgemental language and to avoid providing legal, medical or therapeutic advice.
  • The mediator is designed so that it does not automatically share your messages with other participants. If you ask it to share something, it will normally do so in its own words, as a summary or paraphrase, and it will apply our safety rules before doing so.

We choose providers who offer strong security controls and appropriate contractual protections, including where data is processed outside the UK (see section 7).

6. Who we share your data with

We share your personal data only when necessary and with appropriate safeguards. Typical recipients include:

  • Hosting providers and IT infrastructure services (to run our website and databases)
  • Payment providers (e.g. Stripe) for processing payments
  • Email and SMS providers (for sending notifications and verification codes)
  • AI technology providers that generate mediation responses
  • Professional advisers (lawyers, accountants, auditors) where needed
  • Regulators, law enforcement or courts where we are legally required to do so

We do not sell personal data to third parties.

In a mediation session:

  • Other participants do not see your raw chat messages.
  • They may see summaries or rephrased versions of what you ask the mediator to share, when this is appropriate for the mediation and consistent with our safety rules.

We do not treat other participants as our “third-party recipients” in the same way as external service providers; they are part of the mediation you have chosen to take part in.

7. International data transfers

Some of our service providers (including AI and cloud providers) may be located outside the UK or the European Economic Area (EEA).

Where this results in a transfer of your personal data to a country without an “adequacy decision” by the UK government, we will ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved for use in the UK; and/or
  • Other legally recognised transfer mechanisms.

You can contact us for more detail about the specific safeguards used for your data.

8. How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy, including any legal, accounting or reporting requirements.

As a guide (subject to change as we refine our retention policy):

  • Mediation session data (main chat transcripts): normally kept for up to 72 hours after the session ends. This allows you to reopen a session in that period or download a transcript if the feature is available. After that, the main transcript is deleted from our active systems, except for any limited safety/quality records described below.
  • Safety and quality monitoring records (flagged events): where specific messages or events have been stored separately for safety or quality review (see 3.7), we may retain those limited records for up to 24 months to monitor system behaviour, improve our safety measures and handle any complaints about how the mediator responded.
  • Booking and billing records: kept for up to 7 years after the end of the financial year in which the transaction occurred (to comply with tax and accounting rules).
  • Technical logs and security records: usually kept for up to 12 months, unless needed longer for security investigations.
  • Marketing preferences: we do not currently send marketing communications. If optional marketing is introduced in the future, we will retain minimal information to respect any opt-out you exercise.

We may sometimes need to keep data for longer if required by law or if it is relevant to ongoing legal claims. If you exercise your rights (for example by asking us to delete certain data), we may keep a minimal record of that request so we can demonstrate we have complied.

9. Cookies and similar technologies

Our Site uses cookies and similar technologies to:

  • Make the Site work properly (for example, keeping you logged into a session and helping our security controls function).

We currently use only strictly necessary cookies for these purposes and do not use cookies for analytics or advertising.

We may use server logs and other non-cookie-based tools to understand how the Site is being used and to improve it. These do not rely on storing additional cookies in your browser.

If we decide to introduce optional analytics or other non-essential cookies in future, we will:

  • Update this policy; and
  • Where required, ask for your consent via a clear banner or settings panel.

A more detailed cookie statement can be added as a separate Cookie Policy.

10. Security

We take security seriously and use appropriate technical and organisational measures to protect your data, including:

  • Secure hosting and encryption in transit (HTTPS)
  • Storage of session data in our SQL Server databases with encryption at rest
  • Access controls and authentication for staff and systems
  • Regular software updates and security patching
  • Logical separation of test and production environments
  • Background processes for monitoring and logging key system events

However, no online service can be completely risk-free. You are responsible for:

  • Keeping your meeting codes and login details (if applicable) confidential
  • Choosing strong passwords and not re-using them across services
  • Being cautious about what you share in mediation sessions, especially sensitive information

11. Your rights

Under the UK GDPR, you have several rights in relation to your personal data, subject to certain conditions and exemptions:

  • Right of access – to obtain a copy of your personal data and information about how we use it.
  • Right to rectification – to have inaccurate or incomplete data corrected.
  • Right to erasure (“right to be forgotten”) – to ask us to delete your data in certain circumstances.
  • Right to restrict processing – to limit how we use your data in certain cases.
  • Right to data portability – to receive certain data in a structured, commonly used format or ask us to transfer it to another provider where technically feasible.
  • Right to object – to object to certain processing, including where we rely on legitimate interests or, if we ever introduce it, direct marketing.
  • Right to withdraw consent – where we rely on your consent (for example, for marketing or for certain sensitive data), you can withdraw it at any time.

To exercise any of these rights, please contact us using the details in section 1. We may need to verify your identity before responding.

12. Complaints

If you are concerned about how we use your personal data, please contact us first so we can try to resolve your issue.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113

13. Children

CalmResolve is intended for use by adults. If a dispute involves a child or young person, the organiser is responsible for ensuring that any necessary consents or safeguards are in place.

If we learn that we have collected personal data from a child without appropriate consent (where required), we will take steps to delete that data.

14. Changes to this privacy policy

We may update this privacy policy from time to time, for example to reflect changes to our Services or legal obligations. When we do, we will:

  • Update the “Last updated” date at the top of this notice; and
  • Where appropriate, notify you via the Site or by email.

We encourage you to review this policy periodically to stay informed about how we protect your information.