Privacy Policy

Vocxa Software Company ("Vocxa", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website at https://vocxa.com or use our services.

This policy is designed to comply with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the UK Data Protection Act 2018, and other applicable international data protection laws.

The Data Controller responsible for your Personal Data is:

3.1 Data You Provide Directly

• Contact Form Submissions: Full name, email address, phone number, company name, service interest, budget range, and project details.
• Email Communications: Content and metadata of emails you send to us.
• WhatsApp Messages: Messages sent through WhatsApp including your phone number and message content.
• Job Applications: Name, email, resume/CV, and related application materials sent via email.
• Newsletter Subscriptions: Email address provided for blog notifications.

3.2 Data Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, time spent on pages, click patterns, referring URL, and navigation paths.
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy).

3.3 Data from Third Parties

We may receive information about you from third-party services such as analytics providers, social media platforms, and business partners, strictly within the bounds of applicable law.

We use your Personal Data for the following purposes:

We do not sell your Personal Data. We may share your data with:

• Service Providers: Trusted third parties who assist us in operating our website, conducting business, or servicing you (e.g., hosting providers, email services, analytics tools), bound by data processing agreements.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, with appropriate notice to you.

All third-party processors are contractually obligated to comply with GDPR and maintain adequate security measures.

Your Personal Data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Decision 2021/914).
• Adequacy Decisions where the European Commission has determined that a country provides an adequate level of data protection.
• Binding Corporate Rules for intra-group transfers where applicable.
• Your explicit consent for specific transfers after being informed of risks.

We retain your Personal Data only as long as necessary for the purposes outlined in this policy:

• Contact form submissions: Up to 24 months from the date of submission, unless an ongoing business relationship exists.
• Email communications: Up to 36 months from the last interaction.
• Job applications: Up to 12 months after the position is filled, unless consent is given for longer retention.
• Website analytics data: Up to 26 months (anonymized after this period).
• Newsletter subscriptions: Until you unsubscribe.
• Legal/financial records: As required by applicable law (typically 6-10 years).

After the retention period expires, data is securely deleted or anonymized.

Under the GDPR and applicable data protection laws, you have the following rights regarding your Personal Data:

8.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether your Personal Data is being processed, and if so, to access that data along with information about how it is processed.

8.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate Personal Data and completion of incomplete data.

8.3 Right to Erasure — "Right to Be Forgotten" (Article 17)

You have the right to request deletion of your Personal Data when:

• The data is no longer necessary for its original purpose.
• You withdraw consent and no other legal basis exists.
• You object to processing and no overriding legitimate grounds exist.
• The data has been unlawfully processed.
• The data must be erased to comply with a legal obligation.

8.4 Right to Restriction of Processing (Article 18)

You may request restriction of processing when accuracy is contested, processing is unlawful, we no longer need the data but you require it for legal claims, or you have objected to processing pending verification.

8.5 Right to Data Portability (Article 20)

You have the right to receive your Personal Data in a structured, commonly used, machine-readable format (e.g., JSON or CSV) and to transmit it to another controller.

8.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or direct marketing at any time. We will cease processing unless we demonstrate compelling legitimate grounds.

8.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect you. We do not currently use automated decision-making.

8.8 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

To request deletion of your Personal Data:

1. Send an email to [email protected] with the subject line "Data Deletion Request".
2. Include your full name and the email address associated with your data.
3. Specify what data you would like deleted, or request full deletion.
4. We will verify your identity within 5 business days.
5. Upon verification, we will delete your data within 30 days and send confirmation.
6. We will instruct any third-party processors to delete your data as well.

Exceptions: We may retain certain data where required by law, for the establishment, exercise, or defense of legal claims, or to fulfill a legal obligation.

We implement appropriate technical and organizational measures to protect your Personal Data, including:

• SSL/TLS encryption for all data in transit.
• Encrypted storage for data at rest.
• Access controls and authentication for internal systems.
• Regular security assessments and vulnerability testing.
• Staff training on data protection and security best practices.
• Incident response procedures for data breaches.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33).
• Notify affected individuals without undue delay if the breach is likely to result in a high risk (GDPR Article 34).
• Document the breach, its effects, and remedial actions taken.

Our Services are not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU Data Protection Authorities can be found at edpb.europa.eu.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you via email.

For any privacy-related questions, concerns, or requests: