Privacy Policy

1. Overview & Scope

VoxiQa, Inc. ("VoxiQa," "we," "us," or "our") operates an AI-powered voice receptionist platform designed for US-based businesses, including dental offices, salons, spas, medical practices, and other local service businesses. This Privacy Policy applies to:

• Our website at voxiqa.com and any associated subdomains
• The VoxiQa platform and dashboard
• The VoxiQa AI receptionist service (inbound call handling, appointment booking, follow-up messaging)
• Any communications between you and VoxiQa, including email and support interactions

By using our services, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree, please discontinue use of our services and contact us at privacy@voxiqa.com.

2. Information We Collect

2.1 Information You Provide Directly

When you register for the waitlist, create an account, or contact us, we may collect:

• Account information: name, business name, work email address, phone number, business address, and business type
• Configuration data: business hours, service lists, FAQ content, staff information, and booking rules you enter into the VoxiQa platform
• Payment information: billing address and payment method details (processed securely via our payment processor; we do not store full card numbers)
• Communications: emails, support tickets, feedback forms, and any other messages you send to us

2.2 Call Data & Transcripts

When VoxiQa handles calls on behalf of your business, we process and may retain:

• Call recordings (subject to applicable state wiretapping and consent laws)
• Automated transcripts of conversations
• AI-generated summaries and extracted data (caller name, requested appointment, callback number, etc.)
• Call metadata (timestamp, duration, caller ID where available, outcome)

Call recordings and transcripts are stored in your account dashboard. You control the retention period for this data within platform settings.

2.3 Automatically Collected Information

When you visit voxiqa.com or use the platform, we automatically collect:

• IP address, browser type, operating system, and device type
• Pages visited, time spent, and clickstream data
• Referring URLs and search terms
• Session identifiers and usage patterns

2.4 Third-Party Integrations

If you connect third-party services (Google Calendar, Calendly, Mindbody, Vagaro, etc.), we access the minimum data necessary to provide the integration functionality — typically calendar availability and appointment records. We do not store more data from these services than is required for operation.

3. How We Use Your Information

We use the information we collect to:

• Provide our services: operate the AI receptionist, book appointments, send follow-up messages, and generate call summaries
• Maintain your account: manage your subscription, process payments, and provide customer support
• Improve our platform: analyze usage patterns to improve voice model accuracy, booking conversion rates, and product features (using anonymized, aggregated data only)
• Communicate with you: send transactional emails (confirmations, invoices, security alerts), product updates, and — where you have opted in — marketing communications
• Ensure security and compliance: detect fraud, prevent abuse, enforce our Terms of Service, and comply with legal obligations
• Legal basis (where applicable): performance of a contract (providing the service), legitimate interests (improving the platform), legal obligation (compliance), and consent (marketing emails)

We do not use call recordings or transcripts to train general AI models without your explicit consent. Voice model improvements are based on anonymized, aggregated performance metrics only.

4. HIPAA & Healthcare Data

For healthcare clients operating under HIPAA, the following additional terms apply:

• Protected Health Information (PHI): We treat any individually identifiable health information obtained through call handling as PHI and handle it in accordance with HIPAA's Privacy Rule and Security Rule
• Minimum Necessary Standard: We access and retain only the minimum PHI necessary to provide the contracted services
• Encryption: All PHI is encrypted using AES-256 at rest and TLS 1.3 in transit
• Access Controls: Access to PHI is restricted to VoxiQa personnel who require it to perform their job functions, subject to role-based access controls and audit logging
• Breach Notification: In the event of a breach of unsecured PHI, we will notify you within 60 days of discovery as required by the HIPAA Breach Notification Rule
• Subcontractors: Any subcontractors who handle PHI on our behalf are required to execute appropriate Business Associate Agreements

5. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information or your customers' data to any third party. Ever.

We may share information only in the following limited circumstances:

• Service providers: trusted vendors who help us operate the platform (cloud hosting, payment processing, email delivery, analytics). These vendors are contractually prohibited from using your data for any purpose other than providing services to VoxiQa
• Integrations you authorize: when you connect a third-party scheduling system, we share data with that system as necessary to complete the integration
• Legal requirements: if required by law, regulation, court order, or governmental authority — in which case we will notify you to the extent permitted by law
• Business transfers: in the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified via email and/or a prominent notice on our website prior to the transfer
• With your consent: in any other circumstance, only with your explicit prior consent

6. Data Security

We implement industry-leading security measures to protect your information:

• Encryption at rest: AES-256 encryption for all stored data, including call recordings, transcripts, and personal information
• Encryption in transit: TLS 1.3 for all data transmitted between your browser/devices and our servers
• Infrastructure: SOC 2 Type II-compliant cloud infrastructure with multi-region redundancy
• Access controls: Role-based access control, multi-factor authentication for all internal systems, and principle of least privilege
• Penetration testing: Regular third-party security audits and penetration testing
• Employee training: All employees handling customer data receive HIPAA and data security training

While we implement extensive security measures, no system can be 100% secure. If you believe your account has been compromised, please contact us immediately at security@voxiqa.com.

7. Data Retention

We retain different types of data for different periods:

• Account data: retained for the duration of your account plus 3 years after termination, unless you request earlier deletion
• Call recordings & transcripts: configurable by you in dashboard settings. Default retention is 90 days. Healthcare clients may configure this to meet their specific compliance requirements
• Billing records: retained for 7 years as required by US tax and accounting regulations
• Security logs: retained for 12 months
• Marketing data (waitlist): retained until you unsubscribe or request deletion

When data is deleted — either automatically upon retention expiration or upon your request — it is permanently removed from our systems within 30 days, including all backups.

8. Cookies & Tracking Technologies

Our website uses cookies and similar technologies for the following purposes:

• Strictly necessary: session management, authentication, and security. These cannot be disabled
• Functional: remembering your preferences (e.g., your business type selection on the waitlist form). These are stored in sessionStorage and are not persisted across browser sessions
• Analytics: aggregated, anonymized usage data to understand how visitors use our website. We use privacy-focused analytics tools. No cross-site tracking
• Marketing: where you have provided consent, we may use cookies to measure the effectiveness of our advertising. You can opt out at any time via our cookie preferences

You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain features.

9. Your Rights

Regardless of your location, you have the following rights regarding your personal data:

• Access: request a copy of all personal data we hold about you
• Correction: request correction of inaccurate or incomplete data
• Deletion: request deletion of your personal data (subject to legal retention requirements)
• Portability: receive your data in a structured, machine-readable format
• Objection: object to processing based on legitimate interests
• Restriction: request that we restrict processing of your data in certain circumstances
• Withdrawal of consent: withdraw consent for marketing communications at any time by clicking "unsubscribe" in any email or contacting us

To exercise any of these rights, email privacy@voxiqa.com with "Privacy Request" in the subject line. We will respond within 30 days.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you over the past 12 months
• Right to Delete: request deletion of personal information we have collected, subject to certain exceptions
• Right to Opt-Out of Sale: we do not sell personal information. No opt-out is necessary, but we confirm this right is honored
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA/CPRA rights
• Right to Correct: request correction of inaccurate personal information
• Right to Limit Sensitive Personal Information: limit the use of sensitive personal information to what is necessary to provide the service

To submit a CCPA/CPRA request, contact us at privacy@voxiqa.com or write to VoxiQa, Inc., 350 Fifth Avenue, Suite 4000, New York, NY 10118. We will respond within 45 days.

California's "Shine the Light" law (Civil Code §1798.83) permits California residents to request information about sharing personal information with third parties for their direct marketing purposes. VoxiQa does not share personal information with third parties for direct marketing purposes.

11. Children's Privacy

VoxiQa's services are designed for businesses and are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.

If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@voxiqa.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last Updated" date
• Send an email notification to the address associated with your account (for material changes)
• Display a prominent notice on our website for 30 days following material changes

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should discontinue use of our services.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related concern, please contact our Privacy Team:

• Email: privacy@voxiqa.com
• Compliance/HIPAA: compliance@voxiqa.com
• Mailing Address: VoxiQa, Inc., Attn: Privacy Team, 350 Fifth Avenue, Suite 4000, New York, NY 10118

For security-related concerns or to report a potential data breach, email security@voxiqa.com immediately.