1. Introduction
At Voicegram, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
This policy applies to all users of the Voicegram platform, including website owners who integrate our widget ("Customers") and individuals who leave voicemail messages ("Callers").
By using our Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please do not use our Service.
2. Data We Collect
We collect different types of information depending on how you interact with our Service:
Account Data (Customers)
| Data Type | Description | Collection Method |
|---|---|---|
| Email Address | Your account email for login and notifications | Registration |
| Name | Your name or organization name | Registration |
| Domain(s) | Websites where you embed the widget | Dashboard configuration |
| Billing Information | Payment details processed by Paddle | Subscription |
Caller Data
| Data Type | Description | Collection Method |
|---|---|---|
| Email Address | Used for verification before recording | Widget submission |
| Voice Recording | Audio message (up to 5 minutes) | Widget recording |
| Transcription | AI-generated text from recording | Automated processing |
| Summary | AI-generated summary of message | Automated processing |
Technical Data
| Data Type | Description | Collection Method |
|---|---|---|
| IP Address | Used for security and rate limiting | Automatic |
| User Agent | Browser and device information | Automatic |
| Geolocation | City and country (not precise location) | IP-based lookup |
| Timestamps | When actions occur in the Service | Automatic |
Usage Data
| Data Type | Description | Collection Method |
|---|---|---|
| Recording Metadata | Duration, timestamps, domain | Service usage |
| Dashboard Activity | Pages viewed, features used | Service usage |
| Playback Events | When voicemails are played | Service usage |
3. How We Use Your Data
We use the collected information for the following purposes:
Service Delivery
- Processing and transcribing voicemail recordings
- Generating AI summaries of messages
- Delivering voicemails to Customers via email
- Providing access to the dashboard and analytics
- Processing payments and managing subscriptions
Security and Fraud Prevention
- Verifying caller email addresses to prevent spam
- Detecting and preventing fraudulent or abusive activity
- Enforcing rate limits and usage restrictions
- Protecting against unauthorized access
Service Improvement
- Analyzing usage patterns to improve features
- Monitoring system performance and reliability
- Developing new features and functionality
- Conducting aggregated analytics (non-identifying)
Legal Compliance
- Responding to legal requests and court orders
- Complying with applicable laws and regulations
- Enforcing our Terms of Service
- Protecting our legal rights and interests
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
Contract Performance
Processing necessary to provide the Service you have requested, including account management, voicemail processing, and subscription handling.
Legitimate Interests
Processing necessary for our legitimate business interests, such as fraud prevention, security, analytics, and service improvement, where these interests are not overridden by your rights.
Legal Obligations
Processing necessary to comply with legal requirements, such as tax obligations, court orders, or regulatory requests.
Consent
Where required, we will obtain your explicit consent before processing your data. You may withdraw consent at any time by contacting us.
5. Third-Party Processors
We share data with the following third-party service providers who process data on our behalf:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Paddle | Payment processing | Billing info, email | UK/USA |
| Deepgram | Speech-to-text transcription | Audio recordings | USA |
| Anthropic (Claude) | AI summarization | Transcripts only | USA |
| Resend | Email delivery | Email addresses | USA |
| LiveKit Cloud | WebRTC recording infrastructure | Audio streams | USA |
| Cloudflare R2 | File storage | Audio files, transcripts | Global |
| Supabase | Database hosting | All user data | USA |
| Vercel | Application hosting | Request logs | USA |
| Cloudflare Turnstile | Bot protection | IP, browser fingerprint | Global |
Each third-party processor is contractually obligated to protect your data and use it only for the specified purposes. We maintain a list of our sub-processors and notify Customers of any changes as required by applicable data protection laws.
6. AI and Automated Processing
We use artificial intelligence to process voicemail content. Here's what you should know:
Automatic PII Redaction
Deepgram's transcription service automatically attempts to detect and redact certain personally identifiable information (PII) such as Social Security numbers, credit card numbers, and similar sensitive data. However, this redaction is not guaranteed to be complete.
AI-Generated Summaries
Claude 3 Haiku generates summaries of voicemail transcripts. These summaries are created automatically without human intervention and are designed to provide a quick overview of the message content.
No Human Review
Your recordings and transcriptions are processed entirely by automated systems. Voicegram employees do not listen to or read your voicemail content unless specifically requested by you for support purposes.
No Training on User Data
Your voicemail recordings, transcriptions, and summaries are never used to train Voicegram's systems or any third-party AI models. Your content is processed solely to provide the Service.
7. Data Retention
We retain your data for different periods depending on the type of data and your subscription plan:
Voicemail Storage by Plan
| Plan | Storage Period |
|---|---|
| Free | 7 days |
| Starter | 14 days |
| Pro | 30 days |
| Business | 90 days |
| Enterprise | 1 year |
After the storage period expires, voicemail recordings and transcriptions are automatically and permanently deleted from our systems.
Account Data
Account information is retained for as long as your account is active. Upon account deletion, your data will be removed within 30 days, except where retention is required for legal or compliance purposes.
Compliance Records
Certain records, such as deletion audit logs and billing records, may be retained for longer periods as required by law (typically 7 years for financial records).
8. Data Security
We implement comprehensive security measures to protect your data:
Encryption
- TLS encryption for all data transmitted to and from our servers
- AES-256 encryption for data stored at rest
- Encrypted database connections
Access Controls
- Row-level security in our database ensuring users can only access their own data
- Strong authentication requirements for all accounts
- Limited employee access to production systems on a need-to-know basis
- API key authentication for widget integration
Infrastructure Security
- Hosting on enterprise-grade cloud infrastructure (Vercel, Supabase, Cloudflare)
- Regular security audits and vulnerability assessments
- Automated security monitoring and alerting
- Incident response procedures
While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
9. Your Rights (GDPR)
If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):
Right of Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data ("right to be forgotten"), subject to certain exceptions.
Right to Restrict Processing
You have the right to request that we limit how we use your personal data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your country of residence.
To exercise any of these rights, please contact us at security@voicegram.io. We will respond to your request within 30 days.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know
You have the right to know what personal information we collect, use, disclose, and sell (if applicable).
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions.
Right to Opt-Out of Sale
We do NOT sell your personal information to third parties. This includes traditional sales and sharing for cross-context behavioral advertising.
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Limit Sensitive Data Use
You have the right to limit how we use sensitive personal information.
To exercise your California privacy rights, please contact us at security@voicegram.io.
11. International Data Transfers
Your data may be transferred to and processed in the United States and other countries where our service providers are located. These countries may have different data protection laws than your country of residence.
Transfer Mechanisms
When transferring data from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of data protection, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding corporate rules where applicable
- Other valid transfer mechanisms under applicable law
Data Protection
Regardless of where your data is processed, we apply the same security measures and data protection standards described in this policy.
13. Children's Privacy
The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at security@voicegram.io.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you by email if the changes significantly affect how we use your data
- Post a notice on the Service prior to the changes taking effect
Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.
15. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Voicegram LLC
1178 Broadway, 3rd Floor #3432, New York, NY 10001
Privacy inquiries: security@voicegram.io
General support: support@voicegram.io
We aim to respond to all privacy-related inquiries within 30 days.