Privacy policy

Last updated: April 13, 2026

At voz.ag, S.L. (hereinafter "voz.ag") we take the privacy of our users very seriously. This policy explains what data we collect, how we use it and what rights you have over it, in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

voz.ag, S.L., with registered office in Madrid (Spain). Contact email: privacy@voz.ag. Data Protection Officer: dpo@voz.ag.

2. Data we collect

Identification and contact data (name, email, company, phone), service usage data (call transcripts, optional recordings, interaction metadata), billing data and technical data (IP address, browser, device). We do not collect sensitive data and we do not make automated decisions with legal effects.

3. Purpose of processing

Providing the contracted service, managing the contractual relationship, complying with legal and tax obligations, improving the product through aggregated analytics and sending commercial communications related to voz.ag (only with explicit consent).

4. Legal basis

Performance of the contract (voz.ag service), consent (marketing communications, non-essential cookies), legal obligation (invoicing, tax) and legitimate interest (security, fraud prevention).

5. Data retention

Account data: for the duration of the contractual relationship + 4 years for tax obligations. Transcripts and recordings: 30 days by default (configurable by the customer down to 0 days). Billing data: 6 years. Once the retention period expires, the data is irreversibly deleted or anonymized.

6. Recipients and international transfers

Your data is hosted on servers located in the European Union (Supabase EU Frankfurt). We share data with processors engaged under a signed DPA (Data Processing Agreement): Supabase, Telnyx, Deepgram, Cartesia, Anthropic, Google. The full list is available at trust.voz.ag/subprocessors. We do not carry out international transfers outside the European Economic Area without appropriate safeguards (Standard Contractual Clauses approved by the European Commission).

7. Your rights

As a data subject you can exercise the rights of access, rectification, erasure (right to be forgotten), objection, restriction, portability and the right not to be subject to automated decisions, by writing to privacy@voz.ag with a copy of your ID. You also have the right to lodge a complaint with the Spanish Data Protection Agency (aepd.es).

8. Cookies and similar technologies

We use technical cookies required for the site to function (no consent required) and analytics cookies (PostHog, Vercel Analytics) that are only activated if you give your explicit consent through the banner. You can change your preferences at any time from the footer.

9. Security measures

We apply appropriate technical and organizational measures: encryption in transit (TLS 1.3) and at rest (AES-256), role-based access controls, internal audits, SOC 2 Type I (in progress), staff training and incident response plans. We will notify any security breach to the supervisory authority within 72 hours.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email to registered users at least 30 days in advance.

11. Contact

For any questions about this policy or the processing of your personal data, write to privacy@voz.ag or dpo@voz.ag. We will reply within a maximum of 30 days.