Privacy Policy

Last updated: March 15, 2026

1. Introduction and Data Controller

Voxa ("we", "us", "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit joinvoxa.com and use our calling service.

For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection law, Voxa is the data controller of your personal data. If you have questions about how we handle your data, please contact our privacy team at privacy@joinvoxa.com before using the service.

2. Information We Collect

Information you provide directly

  • Name and email address when you register an account
  • Payment and billing information when you purchase call credits (handled by PCI-compliant processors — we do not store full card details)
  • Support communications and correspondence with our team

Information generated through your use

  • Call records: destination telephone numbers dialled, call duration, call start/end times, and connection outcome (answered, unanswered, failed)
  • Credit balance history and top-up transactions
  • IP address at the time of login and during calls (used for fraud detection and call routing)

Automatically collected technical data

  • Browser type and version, operating system, device type
  • Pages visited, session duration, and navigation behaviour on joinvoxa.com
  • Cookies and similar tracking technologies (see Section 7)

Call content: Voxa does not record or store the audio content of your calls. Call metadata (numbers, duration, timestamps) is retained as described in Section 5.

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data under the following legal bases:

Contract performance (Article 6(1)(b))

Processing your registration details, payment information, and call logs is necessary to provide you with the Voxa calling service you have contracted us to deliver.

Legal obligation (Article 6(1)(c))

We may be required to retain certain telecommunications data, transaction records, or account information to comply with applicable laws and regulations.

Legitimate interests (Article 6(1)(f))

We process technical and behavioural data to detect fraud, prevent abuse, secure our infrastructure, and improve the quality of our service. These interests do not override your fundamental rights.

Consent (Article 6(1)(a))

Where we send marketing communications, we will do so only with your explicit consent. You may withdraw consent at any time via the unsubscribe link in any marketing email.

4. How We Use Your Information

We use your personal data to:

  • Create and manage your account
  • Process credit purchases and maintain your balance
  • Route and connect your outbound calls
  • Send transactional communications: receipts, low-balance alerts, account notifications
  • Respond to support requests and resolve disputes
  • Detect, investigate, and prevent fraudulent or abusive activity
  • Comply with telecommunications regulations and law enforcement requests
  • Analyse aggregated, anonymised usage data to improve the service

We do not use your data for automated decision-making or profiling that produces significant legal effects without your involvement.

5. Data Retention

  • Account data (name, email): retained while your account is active, plus 12 months after closure to handle disputes or legal claims
  • Call logs (metadata: numbers, duration, timestamps): retained for 12 months from the date of the call
  • Payment records: retained for 7 years to satisfy financial regulation and tax obligations
  • Support communications: retained for 3 years from the date of the interaction

When data is no longer required, we delete it securely or anonymise it so it can no longer be linked to you. You may request earlier deletion of account data at any time (subject to legal obligations that require us to retain certain records).

6. Data Sharing and Disclosure

We do not sell your personal information. We share data only in the following circumstances:

  • Payment processors: Stripe, PayPal, or similar PCI-compliant processors to handle credit purchases. They receive only the information necessary to process your payment.
  • Telecommunications carriers: The destination telephone number is passed to our carrier partners to route your call. No other personal data is shared with carriers.
  • Cloud and infrastructure providers: Our servers and databases are hosted on industry-standard cloud infrastructure. Providers are contractually bound to process data only according to our instructions.
  • Legal and regulatory authorities: Where required by a valid legal obligation, court order, or to protect the rights and safety of users or third parties.
  • Business transfers: In the event of a merger, acquisition, or sale, personal data may be transferred to the acquiring entity. You will be notified in advance with the opportunity to delete your account.

When sharing data with third-party processors, we ensure appropriate data processing agreements are in place in accordance with applicable law, including GDPR Article 28.

7. International Data Transfers

Our infrastructure and some of our service providers are located outside the European Economic Area. Where we transfer personal data to countries that do not provide an equivalent level of data protection, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — before any transfer takes place.

8. Cookies

We use the following categories of cookies:

  • Strictly necessary: Required for the service to function (e.g. authentication session tokens). These cannot be disabled.
  • Functional: Remember your preferences and settings.
  • Analytics: Help us understand how visitors use the site using aggregated, anonymised data. You may opt out via our cookie banner.

You can manage or withdraw cookie consent at any time using the cookie settings banner on joinvoxa.com, or by adjusting your browser settings. For full details, see our Cookie Policy.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. Specific measures include:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Voice call audio is encrypted end-to-end using DTLS-SRTP (Datagram Transport Layer Security — Secure Real-time Transport Protocol)
  • Payment data is handled exclusively by PCI DSS-compliant processors — we do not store card numbers on our servers
  • Access to personal data within Voxa is restricted to staff who need it to perform their job functions
  • We conduct regular security reviews of our infrastructure and systems

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, in accordance with our obligations under GDPR Article 33–34.

10. Your Rights

Under applicable data protection law (including the GDPR), you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your data, subject to our legal retention obligations
  • Right to restriction: Ask us to restrict processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format
  • Right to object: Object to processing based on legitimate interests, or to any direct marketing
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Right to lodge a complaint: You have the right to lodge a complaint with your national data protection supervisory authority if you believe we have not handled your data lawfully

To exercise any of these rights, email privacy@joinvoxa.com. We will respond within 30 days (or within 72 hours for urgent erasure requests where legally required).

EU/EEA users may also contact their national data protection authority. A directory of EU supervisory authorities is available at edpb.europa.eu.

11. Children's Privacy

The Voxa service is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 16. If you believe a minor has created an account or provided us with personal data, please contact us immediately at privacy@joinvoxa.com and we will delete the data without delay.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. We will notify you of material changes by email and by posting a prominent notice on joinvoxa.com at least 14 days before the updated policy takes effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

13. Contact Us

For questions, concerns, or data subject requests related to this Privacy Policy, please contact our privacy team:

Voxa — Privacy Team

Email: privacy@joinvoxa.com

Website: joinvoxa.com