VocalAI Solutions

1. Introduction

VocalAI Solutions, Inc. ("VocalAI," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our voice AI platform and services (the "Services").

This policy applies to all users of our Services, including enterprise customers, end-users interacting with voice AI agents, and visitors to our website.

2. Information We Collect

2.1 Account and Business Information

When you create an account or subscribe to our Services:

• Identity Data: Name, email address, job title, company name
• Contact Data: Phone number, mailing address, billing address
• Financial Data: Payment card details, billing information (processed by third-party payment processors)
• Authentication Data: Username, password (hashed), security questions

2.2 Voice and Conversation Data

This is the core data processed by our Services:

• Voice Recordings: Audio recordings of conversations between end-users and AI agents
• Transcripts: Text transcriptions of voice conversations
• Conversation Metadata: Call duration, timestamp, phone number (if applicable), language, sentiment
• Intent and Entity Data: Extracted information such as customer requests, product names, account numbers
• Voice Biometric Data: Voice characteristics used for speaker recognition (only with explicit consent)

2.3 Usage and Technical Data

• Platform Usage: Features used, configuration settings, API calls, dashboard interactions
• Technical Data: IP address, browser type, device information, operating system
• Performance Data: Response times, error rates, system health metrics
• Analytics Data: User behavior, feature adoption, conversion rates

2.4 Customer Service and Support Data

• Support tickets, chat conversations, email communications
• Feedback, survey responses, product reviews

3. How We Use Your Information

3.1 Service Delivery

• Provide voice AI agents that handle customer conversations
• Process and respond to customer inquiries in real-time
• Route calls and messages appropriately
• Maintain service availability and performance

3.2 AI Model Training and Improvement

With your explicit consent:

• Train machine learning models on voice conversations
• Improve speech recognition accuracy across languages and accents
• Enhance natural language understanding capabilities
• Develop better conversation handling strategies

Important: You can opt out of AI training at any time. Opting out does not affect service delivery but may limit personalization features.

3.3 Analytics and Reporting

• Generate conversation analytics and insights for customers
• Create performance dashboards and reports
• Identify trends and patterns in customer interactions
• Measure service quality and customer satisfaction

3.4 Communication

• Send service notifications and updates
• Respond to support requests
• Deliver product announcements and newsletters (with consent)
• Conduct customer satisfaction surveys

3.5 Legal Compliance and Security

• Comply with legal obligations and regulatory requirements
• Prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Respond to legal requests and court orders

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland:

5. Data Sharing and Disclosure

5.1 We DO NOT Sell Your Data

VocalAI Solutions does not sell, rent, or trade personal information to third parties for monetary consideration.

5.2 Service Providers

We share data with trusted third-party service providers who assist in:

• Cloud Infrastructure: AWS, Google Cloud (data hosting and processing)
• Payment Processing: Stripe (payment card processing)
• Analytics: Google Analytics, Mixpanel (usage analytics)
• Customer Support: Intercom, Zendesk (support ticket management)
• Email Services: SendGrid (transactional emails)

All service providers are contractually bound by data processing agreements (DPAs) and comply with GDPR standards.

5.3 Enterprise Customers

If you are an end-user interacting with a voice AI agent deployed by one of our enterprise customers, conversation data is shared with that customer for their business purposes. The customer acts as the data controller and is responsible for their own privacy practices.

5.4 Legal Requirements

We may disclose information when required by law, such as:

• In response to subpoenas, court orders, or legal processes
• To comply with government or regulatory investigations
• To protect our rights, property, or safety
• To prevent fraud or illegal activities

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide choices regarding your data.

6. Data Security

We implement industry-leading security measures to protect your data:

6.1 Encryption

• In Transit: TLS 1.3 encryption for all data transmission
• At Rest: AES-256 encryption for stored data
• Voice Data: End-to-end encryption for voice calls (where supported)

6.2 Access Controls

• Role-based access control (RBAC) for internal systems
• Multi-factor authentication (MFA) required for all employees
• Principle of least privilege: employees only access data necessary for their role
• Regular access reviews and audit logs

6.3 Compliance Certifications

• SOC 2 Type II: Annual audits by independent third parties
• ISO 27001: Information security management certification (in progress)
• GDPR Compliance: Full adherence to EU data protection standards
• CCPA Compliance: California consumer privacy rights supported

6.4 Data Breach Response

In the unlikely event of a data breach:

• We will notify affected users within 72 hours (GDPR requirement)
• We will provide details about the breach, data affected, and mitigation steps
• We will notify relevant authorities as required by law

7. Data Retention

You can request deletion of your data at any time, subject to legal retention requirements.

8. Your Rights and Choices

8.1 GDPR Rights (EEA, UK, Switzerland)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for AI training or marketing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

8.2 CCPA Rights (California Residents)

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we don't sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

8.3 How to Exercise Your Rights

Contact us at:

• Email: privacy@vocalai.solutions
• Web Form: Contact Us Page
• Mail: VocalAI Solutions, Inc.
  Attn: Privacy Team
  350 Rhode Island Street, Suite 240
  San Francisco, CA 94103, USA

We will respond to requests within 30 days (GDPR) or 45 days (CCPA).

9. International Data Transfers

VocalAI Solutions is based in the United States. If you are located outside the U.S., your information will be transferred to and processed in the United States and other countries.

9.1 EU-U.S. Data Transfers

For transfers from the EEA/UK to the U.S., we rely on:

• Standard Contractual Clauses (SCCs): EU Commission-approved data transfer agreements
• Adequacy Decisions: Transfer to countries with adequate data protection (e.g., Canada)
• Binding Corporate Rules: Internal data transfer policies (in development)

9.2 Data Localization

For customers with specific data residency requirements, we offer:

• EU data centers (Frankfurt, Ireland)
• UK data centers (London)
• Asia-Pacific data centers (Singapore, Tokyo)

Contact your account manager to configure data localization settings.

10. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we discover that we have collected information from a child, we will delete it immediately.

If you believe we have inadvertently collected information from a child, please contact us at privacy@vocalai.solutions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email (if you have an account)
• We will display a prominent notice on our website
• For material changes affecting GDPR rights, we will obtain your consent where required

Your continued use of the Services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

Data Protection Officer

For privacy-related questions or to exercise your rights:

Email: privacy@vocalai.solutions
Data Protection Officer: dpo@vocalai.solutions

EU Representative

VocalAI Solutions GmbH (Germany)
Friedrichstraße 123
10117 Berlin, Germany
Email: eu-representative@vocalai.solutions

Supervisory Authority

If you are in the EEA and have concerns about our data practices, you can contact your local data protection authority. For example:

• Germany: Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI)
• UK: Information Commissioner's Office (ICO)
• Ireland: Data Protection Commission (DPC)