Trust & data
Automated messages carry your name. We treat that with the seriousness it deserves.
The strongest thing an automation company can tell you is what it will not do. Four rules are built into every Operscale system, enforced by the software itself, not promised in a meeting. Each one removes a category of risk before it can ever attach to your business.
The four rules.
No message goes out without a lawful basis.
Keeps you clean under UK GDPR and PECR, where fines now reach £17.5m.
Before the assistant messages anyone, the system checks it is allowed to: they contacted you first, they are an existing customer, or they have opted in. Sole traders are treated as individuals under PECR, exactly as the ICO requires. "STOP" halts everything, instantly, across every channel.
We always say when it is an AI.
Honesty by design, and aligned with incoming AI transparency rules.
Your customers are never tricked into thinking they are talking to a person. It is disclosed, plainly, in the first message. An assistant that pretends to be human is a reputation problem waiting to happen, so ours never does.
We never score, rank or auto-judge people.
Keeps you out of automated-decision territory under UK GDPR Article 22.
Nothing we run rates a human being: not job applicants, not customers, not anyone. Software that judges people drags its operator into a category of legal exposure we simply design out. People keep the judgment; the assistant keeps the admin.
We never handle medical or other sensitive personal data.
Keeps special-category data, and its obligations, out of the system entirely.
Health records, and the other categories UK GDPR treats as special, never flow through our systems. There is no breach surface to defend because the data is never there. If your business needs that handled, we will say so honestly and point you elsewhere.
What this means for you
In practice, for a UK small business.
On your customer messages
Text-backs, replies, reminders and chases go to people who contacted you, booked with you, or bought from you, which PECR treats kindly. Marketing beyond that, win-backs, reorder nudges, is sent only where consent or a customer relationship is on record, checked automatically before sending. STOP or unsubscribe ends contact instantly, everywhere.
On your data and your customers' data
Your customer data is processed under a signed data processing agreement meeting UK GDPR Article 28, with sub-processors named. Nothing we run scores or judges a person, no automated decision is made about anyone, and special-category data such as health information never enters the system at all.
The paper trail
Everything in writing, nothing on trust.
Data processing agreement
Signed on every engagement: how your data is handled, by whom, under UK GDPR Article 28, with the sub-processors named and an exit that returns or deletes everything.
AI disclosure, in the contract
A standing commitment that automated messages are always disclosed as automated to the people they reach. It is in the agreement, and it is in the messages themselves.
The message log
Every message sent, and the lawful basis it was sent under, kept in a tamper-proof record. If a question is ever raised, the answer is a lookup, not a reconstruction.
Agreement templates available on request during the pilot.
Bring your data questions to the pilot.
The pilot maps exactly which rules apply to your workflows, so you know where you stand before anything is built.