Privacy Policy

Last updated: March 24, 2026

VocAIris Inc. ("VocAIris", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit vocairis.com, use our AI-powered voice, video, and messaging platform, or interact with our services in any way.

By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

1. Who We Are

VocAIris Inc. is the data controller for personal information collected through our website and platform. We provide AI orchestration services — including AI phone screening, front-desk automation, and customer support agents — to businesses ("Customers") and their end users ("End Users").

Data Controller: VocAIris Inc.
Contact: [email protected]

2. Information We Collect

2.1 Information You Provide Directly

  • Name, email address, and phone number when you contact us, register for a demo, or fill out forms on our site
  • Company name, role, and other professional details when you sign up for a Customer account
  • Payment and billing information (processed by our payment processors — we do not store raw card data)
  • Messages, preferences, and feedback you submit to us

2.2 Information Collected Automatically

  • Browser type, operating system, device type (mobile/desktop), and IP address
  • Pages visited, time spent on each page, referrer URL, and clickstream data
  • Session identifiers stored in sessionStorage and localStorage for site personalization
  • Cookie identifiers as described in our Cookie Policy

2.3 Voice, Video, and Conversation Data

When End Users interact with a VocAIris AI agent (phone, video, or chat), the following may be collected on behalf of the Customer:

  • Voice recordings and transcripts of phone or video calls
  • Chat messages and conversation logs
  • Responses to structured screening questions
  • Scheduling preferences and availability

Important: Customer-controlled conversation data is processed strictly on behalf of the Customer and is never used to train our AI models without explicit written consent.

2.4 Information from Third Parties

  • CRM data synced via Customer-configured integrations (e.g., Zoho CRM)
  • Publicly available professional profiles where permitted by applicable law
  • Analytics and enrichment data from our service providers

3. How We Use Your Information

We use personal information for the following purposes:

  • To provide, operate, and improve our platform and services
  • To respond to inquiries, demo requests, and support tickets
  • To process transactions and send billing-related communications
  • To personalize your experience and remember your preferences
  • To send product updates, security notices, and other service communications
  • To analyze usage patterns and improve platform performance
  • To detect and prevent fraud, abuse, and security incidents
  • To comply with legal obligations and enforce our agreements

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

  • Contract: to fulfill our service agreement with you or your employer
  • Legitimate Interests: to improve our services, prevent abuse, and conduct analytics
  • Consent: for marketing communications and optional cookies — you may withdraw consent at any time
  • Legal Obligation: to comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal information. We may share it in the following circumstances:

5.1 Service Providers (Sub-processors)

We work with trusted third-party providers to operate our platform, including:

  • Microsoft Azure — cloud infrastructure, storage, and AI services
  • Zoho CRM — customer relationship management
  • Twilio / communication providers — SMS, voice, and video services
  • Payment processors — billing and subscription management
  • Analytics providers — anonymized usage analytics

All sub-processors are bound by data processing agreements and required to maintain appropriate security standards.

5.2 Business Transfers

In connection with a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your data becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose personal information if required by law, subpoena, court order, or government authority, or to protect the rights, property, or safety of VocAIris, our customers, or the public.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: retained for the duration of the Customer relationship plus 3 years
  • Conversation transcripts and recordings: retained per Customer configuration (default 90 days); Customers may request earlier deletion
  • Website analytics: aggregated data retained up to 24 months
  • Financial records: retained for 7 years as required by law
  • Marketing data: retained until you unsubscribe or request deletion

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • TLS 1.2+ encryption in transit for all data exchanges
  • AES-256 encryption at rest for stored data
  • Tenant-level data isolation — no cross-customer data access
  • Azure managed identity for service-to-service authentication (no stored secrets)
  • Role-based access controls and least-privilege principles
  • Comprehensive audit logging and anomaly detection
  • Regular penetration testing and vulnerability assessments

No transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 All Users

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request erasure of your personal data (subject to legal retention requirements)
  • Objection: object to processing based on legitimate interests
  • Portability: receive your data in a structured, machine-readable format

8.2 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and disclosed
  • Right to delete personal information (with certain exceptions)
  • Right to opt out of sale or sharing of personal information — we do not sell personal information
  • Right to non-discrimination for exercising your privacy rights
  • Right to limit use of sensitive personal information

8.3 EEA / UK Residents (GDPR / UK GDPR)

  • Right to lodge a complaint with your local supervisory authority
  • Right to restrict processing in certain circumstances
  • Rights related to automated decision-making and profiling

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website and improve your experience. For full details, including a list of specific cookies, how to manage your preferences, and how to opt out, please see our Cookie Policy.

10. Voice and Video Recording Consent

Interactions with VocAIris AI agents may be recorded for quality assurance and training purposes. End Users are notified of recording at the start of each session. By proceeding with the session, End Users consent to recording as described in the applicable Customer's privacy notice.

Customers are responsible for obtaining required consents from their End Users in compliance with applicable laws, including two-party consent recording laws where applicable.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at [email protected] and we will delete it promptly.

12. International Data Transfers

VocAIris is based in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards for international transfers from the EEA and UK.

13. Third-Party Links

Our website may contain links to third-party sites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated date and, where appropriate, via email. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

VocAIris Inc. — Privacy Team
Email: [email protected]
Website: vocairis.com/contact