Privacy Policy
1. Introduction & Our Role
This Privacy Policy describes how Voctiv Inc ("Voctiv", "we", "us", or "our") collects, uses, stores, shares, and protects information when you use the Voctiv Assistant MCP service ("Service").
This policy applies to all users of the Service, including developers, businesses, and anyone who accesses our website or API.
1.1 Our Dual Role
Depending on the context, Voctiv acts in different capacities:
- Data Controller: For your account information, billing data, and website usage data, Voctiv determines the purposes and means of processing and acts as the data controller.
- Data Processor: For Call Data (phone numbers you provide, call recordings, transcriptions), Voctiv processes data on your behalf according to your instructions. You (the User) are the data controller for the personal data of the individuals you call through the Service.
If you require a formal Data Processing Agreement, please refer to our DPA.
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name and email address
- Company name (if applicable)
- Payment information (processed by Stripe; we do not store full card numbers)
- Billing address
2.2 Call Data
When you use the Service to make Calls, we collect and process:
- Phone numbers dialed through the Service
- Call recordings - audio recordings of Calls (where applicable)
- Transcriptions - text transcriptions of Call conversations
- Call metadata - duration, timestamps, status (completed/failed), caller ID, SIP response codes
- Agent configuration - prompts, scripts, and settings used for Calls
Important: You are the data controller for the personal data of Called Parties. You are responsible for ensuring that your collection and use of Called Party data complies with all applicable privacy laws, including obtaining any necessary consent.
2.3 API Usage Data
We automatically collect information about your use of the Service:
- API requests and responses (tools called, parameters, timestamps)
- IP addresses used to access the Service
- Error logs and diagnostic data
- Usage patterns and volume metrics
2.4 Technical Data
When you visit our website, we may collect:
- Browser type and version
- Operating system
- Device type
- Referring URL
- Pages visited and time spent
2.5 Cookies
We use only essential cookies required for the operation of our website. See our Cookie Policy for details.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: Processing your API requests, initiating Calls, generating transcriptions, and providing call history
- Billing and payments: Calculating usage charges, processing payments, and maintaining billing records
- Account management: Managing your account, authenticating access, and communicating service updates
- Customer support: Responding to your inquiries and resolving technical issues
- Security and fraud prevention: Detecting and preventing unauthorized access, abuse, spam, and fraudulent activity
- Compliance monitoring: Monitoring for compliance with our Terms of Service, Acceptable Use Policy, and applicable telecommunications laws
- Service improvement: Using de-identified and aggregated data to improve AI model quality, speech recognition accuracy, and overall Service performance
- Legal obligations: Complying with applicable laws, regulations, legal processes, and law enforcement requests
4. Call Recording & Transcription Policy
4.1 What We Record
By default, the Service records audio and generates transcriptions for all Calls. This data is used for:
- Providing transcription and recording features to you
- Quality assurance and compliance monitoring
- Dispute resolution
- Service improvement (using de-identified data)
4.2 Storage Duration
Call recordings and transcriptions are stored for the periods specified in Section 6 (Data Retention) below.
4.3 De-identification
When using Call Data for service improvement, we apply de-identification techniques to remove personal identifiers. De-identified data cannot be re-linked to specific individuals or accounts.
4.4 Opt-Out
You may opt out of having your Call Data used for service improvement purposes by contacting legal@voctiv.com. Note that opting out does not affect recordings maintained for compliance, legal, or billing purposes.
4.5 Your Responsibility
You are solely responsible for complying with all applicable call recording consent laws in the jurisdictions where Calls are made. This includes obtaining consent from Called Parties in all-party consent jurisdictions.
6. Data Retention
We retain different categories of data for different periods:
| Data Category | Retention Period | Basis |
|---|---|---|
| Call recordings | 90 days from call date | Service delivery; compliance monitoring |
| Transcriptions | 90 days from call date | Service delivery; compliance monitoring |
| Call metadata | 1 year from call date | Billing; analytics; compliance |
| Account data | Duration of account + 30 days | Account management |
| Billing records | 7 years | Legal/tax requirement |
| API logs | 30 days | Debugging; security monitoring |
| Compliance records | 5 years | Regulatory compliance (TCPA) |
After the retention period expires, data is securely deleted or de-identified. You may request earlier deletion of certain data categories - see Section 9.
7. Data Security
We implement appropriate technical and organizational measures to protect your information:
- Encryption in transit: All data transmitted between your systems and the Service uses TLS 1.2 or higher
- Encryption at rest: Call recordings, transcriptions, and personal data are encrypted at rest using AES-256
- Access controls: Role-based access controls limit who can access personal data within Voctiv
- API key security: API keys are hashed and stored securely; they cannot be retrieved after initial issuance
- Incident response: We maintain an incident response plan for handling data breaches
- Monitoring: We monitor for unauthorized access, unusual patterns, and security threats
While we implement commercially reasonable security measures, no system is 100% secure. We cannot guarantee absolute security of your data.
8. International Data Transfers
Your data is primarily stored and processed in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.
8.1 European Economic Area (EEA)
For transfers of personal data from the EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, supplemented by additional safeguards as needed.
8.2 United Kingdom
For transfers from the UK, we use the UK International Data Transfer Addendum (IDTA) in conjunction with the SCCs.
8.3 Other Jurisdictions
For transfers from other jurisdictions with data transfer restrictions, we implement appropriate safeguards as required by applicable law.
9. Your Privacy Rights by Jurisdiction
9.1 GDPR Rights (EU/EEA)
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access - Request a copy of your personal data
- Right to rectification - Request correction of inaccurate data
- Right to erasure - Request deletion of your personal data (subject to legal retention requirements)
- Right to data portability - Receive your data in a structured, machine-readable format
- Right to restriction - Request limitation of processing in certain circumstances
- Right to object - Object to processing based on legitimate interests
- Right to withdraw consent - Where processing is based on consent
- Right to lodge a complaint - With your local supervisory authority
To exercise these rights, contact legal@voctiv.com. We will respond within 30 days.
9.2 CCPA/CPRA Rights (California)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know - What personal information we collect, use, and share
- Right to delete - Request deletion of your personal information
- Right to opt-out of sale/sharing - We do not sell your personal information. If this changes, we will provide an opt-out mechanism
- Right to non-discrimination - We will not discriminate against you for exercising your rights
- Right to correct - Request correction of inaccurate information
- Right to limit use of sensitive personal information
To exercise these rights, contact legal@voctiv.com. We will verify your identity before processing your request.
9.3 PDPA Rights (Southeast Asia)
If you are located in Vietnam, the Philippines, or Indonesia, you have rights under the applicable Personal Data Protection Acts, including rights to access, correction, deletion, and objection to processing. Contact legal@voctiv.com to exercise these rights.
9.4 Kazakhstan Data Protection
If you are located in Kazakhstan, you have rights under the Law on Personal Data and their Protection, including the right to access, correct, and delete your personal data. Contact legal@voctiv.com.
9.5 Mexico (LFPDPPP)
If you are located in Mexico, you have ARCO rights (Access, Rectification, Cancellation, Opposition) under the Federal Law on Protection of Personal Data Held by Private Parties. Contact legal@voctiv.com.
10. Do Not Track
We honor Do Not Track (DNT) browser signals. Since we do not use tracking or advertising cookies, our website does not track your browsing activity across other sites regardless of your DNT settings.
11. Children's Privacy
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18 (or under 13 as defined by COPPA). If we learn that we have collected information from a child under the applicable age, we will promptly delete that information. If you believe we have collected information from a child, please contact us at legal@voctiv.com.
12. Sub-processors
The Service is built using proprietary Voctiv components together with elements developed by leading technology companies. We use the following categories of sub-processors to provide the Service:
| Category | Provider(s) | Purpose | Location |
|---|---|---|---|
| Telecommunications | Telephony carrier partners | PSTN connectivity, call routing | United States |
| Cloud Infrastructure | AWS, Microsoft Azure, Google Cloud, and/or other providers | Hosting, storage, compute | United States |
| AI/ML | OpenAI, and/or other LLM providers | Language model for AI agent conversations | United States |
| Speech Processing | ElevenLabs, Google, Microsoft, and/or other providers | Speech recognition and synthesis | United States |
| Payments | Stripe | Payment processing | United States |
Voctiv may change specific sub-processors within each category as needed to ensure service quality and reliability. For the complete and current sub-processor list, or to subscribe to sub-processor change notifications, contact legal@voctiv.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. For material changes, we will provide notice via email or through the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
We encourage you to review this policy periodically.
14. Contact & Data Protection Officer
If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:
Voctiv Inc
Email: legal@voctiv.com
We will respond to privacy requests within 30 days (or as required by applicable law).