TL;DR: We take your privacy seriously. We collect only what's necessary to provide our service, never sell your data, and give you full control over your information. Fully GDPR, CCPA, and SOC 2 compliant.
1. Introduction
Welcome to VoxAgent ("we," "our," or "us"). This Privacy Policy explains how Epsylon Systems LLC collects, uses, discloses, and safeguards your information when you use our AI voice automation service at vox-agent.ai (the "Service").
By using VoxAgent, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our Service.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, phone number, billing address
- Payment Information: Credit card details (processed securely via Stripe; we don’t store full card numbers)
- Call Data: Phone numbers you call, call recordings, transcripts, metadata (duration, outcome)
- Agent Configuration: AI prompts, voice settings, custom scripts you create
2.2 Automatically Collected Information
- Usage Data: IP address, browser type, device information, pages visited, time spent
- Cookies: Session tokens, preferences, analytics data (see Cookie Policy)
- API Logs: API requests, response times, error logs for debugging
2.3 Third-Party Data
- CRM Integrations: Data synced from Salesforce, HubSpot, or other connected platforms
- Telephony Partners: Call metadata from Twilio (our voice infrastructure provider)
3. How We Use Your Information
| Purpose |
Legal Basis (GDPR) |
| Provide and maintain the Service |
Contract performance |
| Process payments and prevent fraud |
Contract performance, Legal obligation |
| Send service updates and support messages |
Contract performance |
| Improve our AI models and service quality |
Legitimate interest |
| Marketing communications (with consent) |
Consent (opt-out anytime) |
| Comply with legal obligations |
Legal obligation |
4. Data Sharing and Disclosure
4.1 We Share Data With:
- Service Providers: Twilio (voice), Stripe (payments), AWS (hosting), OpenAI (AI processing)
- CRM Platforms: If you connect Salesforce, HubSpot, etc. (data syncs both ways)
- Analytics: Google Analytics, Mixpanel (anonymized usage data)
- Legal Authorities: If required by law (subpoena, court order)
4.2 We DO NOT:
- ❌ Sell your data to third parties
- ❌ Use your call data to train public AI models
- ❌ Share customer lists with competitors
- ❌ Send spam or unsolicited marketing (you control all communications)
5. Data Security
We implement industry-standard security measures:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access, 2FA for admin accounts
- Infrastructure: AWS with SOC 2 Type II compliance
- Call Recordings: Encrypted and stored in secure S3 buckets (US/EU regions)
- Regular Audits: Annual penetration testing and security reviews
⚠️ Important: No method of transmission over the internet is 100% secure. While we strive to protect your data with enterprise-grade security, we cannot guarantee absolute security.
6. Data Retention
- Active Accounts: We retain your data as long as your account is active
- Call Recordings: Stored for 90 days by default (customizable: 30–365 days)
- Closed Accounts: Data deleted within 30 days of closure (backups purged in 90 days)
- Legal Holds: Data retained longer if required for legal or compliance purposes
7. Your Privacy Rights
7.1 GDPR Rights (EU/UK Users)
- Access: Request a copy of your data
- Rectification: Correct inaccurate information
- Erasure: Request deletion (“right to be forgotten”)
- Portability: Export your data in machine-readable format
- Object: Object to processing based on legitimate interest
- Restrict: Limit how we process your data
- Withdraw Consent: Opt out of marketing anytime
7.2 CCPA Rights (California Users)
- Know: What personal information we collect and why
- Delete: Request deletion of your personal information
- Opt-Out: Opt out of “sale” of personal information (we don’t sell any data)
- Non-Discrimination: We won’t penalize you for exercising your rights
7.3 How to Exercise Your Rights
Email us at privacy@vox-agent.ai or submit a request via our Privacy Request Form. We’ll respond within 30 days.
8. International Data Transfers
VoxAgent operates globally. If you're outside the United States, your data may be transferred to and processed in the US or other countries where we or our service providers operate.
EU Data Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
9. Children's Privacy
VoxAgent is not intended for users under 18. We do not knowingly collect data from children. If you believe we’ve collected data from a minor, contact us immediately at privacy@vox-agent.ai.
10. Third-Party Links
Our Service may contain links to third-party websites (e.g., Salesforce, HubSpot). We are not responsible for their privacy practices. Please review their policies before sharing data.
11. Changes to This Policy
We may update this Privacy Policy periodically. Changes are effective immediately upon posting. We will notify you of material changes via:
- Email to your registered address
- In-app notification
- Prominent notice on our website
Continued use after changes constitutes acceptance.
12. Contact Us
13. Compliance Certifications
- ✓ GDPR Compliant – EU General Data Protection Regulation
- ✓ CCPA Compliant – California Consumer Privacy Act
- ✓ SOC 2 Type II Certified – Security, Availability, Confidentiality
- ✓ HIPAA-Ready Infrastructure – For healthcare clients
© 2025 VoxAgent. A product of Epsylon Systems LLC. All rights reserved.