Privacy Policy
Last updated: 2026-04-18 · Effective: 2026-04-18
VoxSign AI (“we”, “our”) builds voice AI infrastructure. This policy explains what we collect, how we use it, and the rights you have over your data. It is written to be readable; it is not a replacement for the Data Processing Agreement (DPA) we sign with enterprise customers.
1. Our basic stance
- Raw audio is not retained. When you speak to a VoxSign app, the audio is transcribed locally or by a backend of your choice; the audio bytes are discarded after transcription unless you explicitly opt-in to retain them.
- Your data does not train our central models. Personalisation (hotwords, memory graph, voice preferences) lives on hardware you control and is never aggregated into a shared model.
- Self-hosting is supported. The Edge components of VoxSign are Apache 2.0 open source. You can run the entire stack on hardware you own, with no data leaving your network.
2. What we collect
If you use the hosted voxsign.ai Center
- Account data: email, display name, authentication tokens.
- Transcripts and memory events synced to your account (not raw audio).
- Usage telemetry: session timestamps, backend latency, error rates. Linked to your account. Used to improve reliability.
If you self-host the Edge only
- Nothing. The Edge does not phone home. Anonymous, opt-in error reports can be enabled in settings if you choose to help us debug.
3. How we use it
- To provide the service you asked for (transcription, memory, correction).
- To improve reliability — identifying backends that fail too often, latency spikes, etc.
- To bill your subscription (Pro, Business, Enterprise).
We do not sell your data, rent it, or share it with advertising networks. We do not profile you for third parties.
4. Sub-processors
By default, VoxSign uses no third-party AI processors. You can optionally enable cloud backends (DashScope, Claude API, OpenAI) per tenant; if you do, those providers receive the data you send them as part of that request only. The current sub-processor list is published in the PDPL compliance guide § 6.
5. Data residency
For Enterprise customers we can pin all data to a specified region (UAE, Saudi Arabia, other GCC). Self-hosted deployments stay entirely on your hardware. For the hosted Pro tier, data is stored in the region nearest to the tenant's primary country of use.
6. Your rights
- Access — export everything we have via
GET /api/v1/user/data/exportor by emailing us. - Correction — edit any memory, hotword, or profile field in the app directly, or request a correction.
- Deletion — delete your account and all derived
data via
DELETE /api/v1/user/dataor email. We will confirm deletion within 30 days. - Portability — export is JSON; you can take it with you.
7. Retention
- Account and transcripts: until you delete them. No silent auto-delete.
- Raw audio: not retained.
- Logs: 90 days unless we agree otherwise in a DPA.
- Billing records: legally required retention varies; typically seven years.
8. Security
All connections are TLS-encrypted. Access to customer data by VoxSign engineers requires hardware-key authentication and is logged. See the security questionnaire for the full controls list.
9. Children
VoxSign is not intended for use by children under 16. We do not knowingly collect data from children.
10. Changes to this policy
Material changes will be announced by email and on this page at least 30 days before they take effect. Version history lives in our public git repository.