Privacy Policy

Last updated: March 22, 2026

1. What We Collect

• Account information: Email address, name, password (hashed, never stored in plain text)
• Call data: Transcripts of calls you make while using VoxHint, AI-generated summaries and action items
• Knowledge base: Documents you upload (PDFs, text files)
• Usage data: Hours used, number of calls, feature usage
• Billing data: Handled entirely by Stripe. We do not store credit card numbers.

2. How We Use Your Data

• To provide the service: Transcribing calls, generating AI suggestions, searching your knowledge base
• To bill you: Tracking usage hours against your plan limits
• To improve the service: Aggregate, anonymized usage statistics (never individual call content)
• To communicate: Account notifications, usage alerts, billing receipts

3. What We Never Do

• We never sell your data to third parties
• We never use your call transcripts or documents to train AI models
• We never share your data with other users
• We never access your data unless required for support you requested or legal compliance

4. Data Storage & Security

• Encryption at rest: All data stored in encrypted databases (AWS RDS with AES-256)
• Encryption in transit: All connections use HTTPS/TLS
• Access control: Your data is isolated — no other user can access it
• Infrastructure: Hosted on AWS (US East region). Cloudflare provides DDoS protection.
• Passwords: Hashed with bcrypt (industry standard). We cannot see your password.

5. Third-Party Services

We use the following third-party services to provide VoxHint:

• Deepgram: Real-time speech-to-text transcription. Audio is processed in real-time and not stored by Deepgram.
• Google Gemini: AI suggestion generation. Your conversation context and questions are sent to Google's Gemini API to generate suggestions. On the paid API tier, Google does not use this data for model training. We will migrate to the paid tier as VoxHint scales.
• OpenAI: Document embeddings for knowledge base search. Small text chunks from your uploaded documents are sent to OpenAI to generate search vectors. OpenAI does not use API data for training (per their API data usage policy).
• Stripe: Payment processing. Stripe handles all credit card data. See Stripe's Privacy Policy.
• Cloudflare: DNS, SSL, and CDN. See Cloudflare's Privacy Policy.
• AWS: Cloud infrastructure. See AWS Privacy Policy.

6. Data Retention

• Call transcripts: Stored until you delete them or delete your account
• Knowledge base documents: Stored until you delete them or delete your account
• Usage records: Retained for billing purposes for 12 months
• Account data: Retained while your account is active. Deleted within 30 days of account deletion request.

7. Your Rights

• Access: You can view all your data through the dashboard
• Delete: You can delete individual calls, documents, or your entire account
• Export: You can request a copy of your data by contacting us
• Correction: You can update your profile information at any time

8. Cookies

We use minimal cookies:

• Authentication: JWT token stored in browser localStorage for session management
• Cloudflare: Security cookies for DDoS protection
• We do not use advertising or tracking cookies

9. Children

VoxHint is not intended for users under 18 years of age. We do not knowingly collect data from children.

10. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes via email. The "Last updated" date reflects when the policy was last modified.

11. Contact

For privacy questions or data requests, contact us at hello@voxhint.com.