Privacy Policy

Last updated: April 1, 2026

1. Introduction

17798415 Canada Inc., operating as VoxGraph ("VoxGraph", "we", "us", "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use our platform, website, APIs, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, you must not use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide

  • Account Information: Name, email address, organization name, role, and billing information provided during registration.
  • Communications: Information you provide when contacting support, submitting feedback, or joining our waitlist.

2.2 Information from Your Use of the Service

  • Voice AI Data: Call transcripts, audio metadata, LLM token usage, prompt versions, and latency metrics submitted through our SDK, webhooks, and API integrations. This may include data from your end users.
  • Usage Data: Feature usage analytics, interaction logs, session durations, and performance metrics.
  • Technical Data: IP address, browser type and version, operating system, device identifiers, referral URLs, and pages visited.

2.3 Information from Third Parties

  • Authentication Providers: If you sign in via a third-party provider (e.g., Google, GitHub), we receive your name, email, and profile information as authorized by you.
  • Integrated Services: Data received from services you connect to VoxGraph (e.g., LiveKit, telephony providers) as part of the observability and testing pipelines.

3. How We Use Your Information

We use collected information for the following purposes:

  • Provide, operate, maintain, and improve the Service.
  • Process waitlist registrations and account setup.
  • Analyze usage patterns to enhance features and performance.
  • Generate aggregated, anonymized analytics and benchmarks.
  • Detect, investigate, and prevent security incidents, fraud, and abuse.
  • Communicate service updates, security alerts, and administrative messages.
  • Provide customer support and respond to inquiries.
  • Comply with legal obligations and enforce our Terms of Service.

We do not use Your Data to train machine learning models for purposes unrelated to providing the Service, unless we obtain your explicit consent.

4. Legal Basis for Processing (EEA/UK Users)

For users in the European Economic Area and United Kingdom, our legal bases for processing personal data include:

  • Contract Performance: Processing necessary to provide the Service you requested.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
  • Consent: Where you have provided explicit consent for specific processing activities.
  • Legal Obligation: Processing required to comply with applicable laws.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, analytics), subject to strict confidentiality and data processing agreements.
  • Legal Requirements: When required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity.
  • With Your Consent: When you explicitly authorize us to share data with a specific third party.

6. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Account Data: Retained for the duration of your account and up to 30 days after deletion.
  • Voice AI Data: Retained in accordance with your organization's configured retention policies, or for up to 90 days by default.
  • Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.
  • Waitlist Data: Retained until the Service launches or you request removal, whichever comes first.

Upon expiration of the applicable retention period, data is either securely deleted or anonymized so it can no longer be associated with you.

7. Data Security

We implement industry-standard administrative, technical, and physical security measures to protect your information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and the principle of least privilege.
  • Regular security audits and vulnerability assessments.
  • Secure credential management and secret rotation.
  • Monitoring and logging of access to production systems.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Data Residency

VoxGraph operates a multi-region infrastructure. Your data is stored and processed in the region you select during account setup:

  • United States: Data is stored and processed within US-based infrastructure.
  • European Union: Data is stored and processed within EU-based infrastructure.
  • Canada: Data is stored and processed within Canada-based infrastructure.

These are the only three regions currently supported. Data does not transfer between regions unless explicitly initiated by you. We are committed to maintaining data sovereignty — your data remains in the region you choose.

Certain ancillary services (such as transactional email or payment processing) may involve limited data processing outside your selected region by our third-party providers, in accordance with appropriate safeguards.

9. Compliance Status

VoxGraph does not currently hold any formal compliance certifications such as SOC2, HIPAA, ISO 27001, or similar. While we follow industry-standard security practices, we make no representations or warranties that the Service meets the requirements of any specific regulatory or compliance framework.

If your organization requires certified compliance, we recommend conducting an independent assessment of the Service prior to use. We are committed to pursuing formal certifications as the platform matures.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we restrict processing of your data under certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at the address below. We will respond to your request within 30 days (or as required by applicable law).

10.1 For California Residents (CCPA)

If you are a California resident, you have the right to: (a) know what personal information is collected; (b) request deletion of your data; (c) opt out of the sale of personal information (we do not sell personal data); and (d) not be discriminated against for exercising your rights.

10.2 For EEA/UK Residents (GDPR)

You have the right to lodge a complaint with your local data protection authority if you believe your rights under the GDPR have been violated.

10.3 For Canadian Residents (PIPEDA & Provincial Laws)

If you are a Canadian resident (including Quebec under Law 25), you have the right to access your personal information, request corrections, and withdraw consent for processing. You may direct these requests to our designated Privacy Officer using the contact details below.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us immediately. If we learn that we have collected personal data from a child, we will take steps to delete that information promptly.

12. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for the Service to function properly (e.g., authentication, session management). These cannot be disabled.
  • Analytics Cookies: Used to understand how the Service is used, measure performance, and improve the user experience. These may be disabled via your browser settings.

We do not use advertising or behavioral tracking cookies. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will: (a) notify affected users without undue delay and no later than 72 hours after becoming aware of the breach (where required by law); (b) notify the relevant supervisory authority as required; and (c) provide details about the nature of the breach, the data affected, and the measures taken to mitigate harm.

14. Third-Party Links & Services

The Service may contain links to or integrations with third-party websites and services. We are not responsible for the privacy practices of any third party. We encourage you to read the privacy policies of any third-party services you access through VoxGraph.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by: (a) updating the "Last updated" date at the top of this page; and (b) providing notice through the Service or via email for significant changes. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

16. Contact

For privacy-related inquiries, data subject requests, or to contact our formally designated Privacy Officer, please email us at: privacy@voxgraph.ai

17798415 Canada Inc.
Operating as VoxGraph