ES EN

Privacy Policy — Voxalera

Last updated: October 31, 2025

Controller: Voxalera (“Voxalera”, “we”).
Privacy contact: privacy@voxalera.com

This Policy covers the website, demos, and the AI voice/messaging services we operate for our clients (“Clients”).

  • For visits to our site, forms, demos, and pilot programs, Voxalera acts as the Controller.
  • For Client contact lists and outbound campaigns, the Client is the Controller and Voxalera acts as the Processor, handling data only under written instructions.

1) Data we process

  • Identity / contact: name, phone, email, optional location or internal ID.
  • Call/message operations: caller/callee numbers, date/time, duration, outcome (confirmed, rescheduled, no answer, etc.).
  • Conversation content (where lawful): recordings and/or transcripts of calls; instant messaging content.
  • Client-provided lists: names and phone/email data supplied by the Client. We do not buy lists or send unsolicited spam.
  • Technical / analytics: IP, user-agent, telemetry required for stability and security.
  • Billing/support: data required for invoicing and customer success.

2) Sources

  • Direct interactions: web forms, WhatsApp, calls, demos.
  • Client-provided databases.
  • Automated collection of technical metadata.

3) Purposes & lawful bases

  • Delivering the service (contract or legitimate interest): answering/sending calls, confirmations, rescheduling, recovery campaigns.
  • Quality & support (legitimate interest and/or consent for recording): prompt tuning, troubleshooting, limited auditing.
  • Security (legitimate interest): fraud prevention, continuity, debugging.
  • Transactional notifications: confirmations, reminders, schedule updates.
  • Limited marketing: only with prior relationship or consent and always with an easy opt-out.

4) Recordings & transcripts

We may record or transcribe calls solely for operations, quality, or support. We disclose this at the beginning of the interaction and offer alternatives (no recording, anonymization, WhatsApp/SMS) where required by law or by the Client.

5) Roles & responsibilities

  • For Client lists/campaigns: the Client is Controller; Voxalera is Processor and follows contractual security requirements.
  • For our site and demos: Voxalera is Controller.

6) Subprocessors & international transfers

We rely on providers for telephony/messaging, AI/ASR/TTS, hosting, and analytics. Some are located outside your jurisdiction. We require contractual safeguards (DPA/SCCs), monitor their security posture, and publish material changes to our subprocessors.

7) Retention

  • Call/message metadata: up to 12 months (unless law or Client requires otherwise).
  • Transcripts/recordings: default 12 months; we can shorten, delete, or anonymize on request when technically feasible.
  • Site/demo data: minimum time required for security, metrics, and compliance.

8) Security

We use encryption in transit, least-privilege access, environment segmentation, event logging, and secure disposal. If a breach materially impacts your data, we will notify without undue delay under applicable law.

9) Individual rights

You may request access, rectification, deletion, restriction, data portability, or object to processing as provided by local laws. Use privacy@voxalera.com as the single DSAR channel; we may ask for ID verification.

10) Minors

Our services are not directed at minors. If a Client’s workflow involves minors, they must provide the lawful basis. If we discover unauthorized processing, we delete the data.

11) Cookies

We use essential cookies for site functionality and security. Optional analytics cookies will always provide notice and opt-out controls.

12) Changes

We may update this Policy due to legal or operational changes. For material updates we will provide at least 15 days’ notice via the site, email, or WhatsApp.

United States (US) Addendum

Scope: individuals located in the United States or processing subject to U.S. federal/state law.

A) Applicable framework

  • Telephone Consumer Protection Act (TCPA) and FCC robocall rules.
  • Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) for email.
  • State privacy statutes (e.g., CCPA/CPRA, Colorado CPA, Virginia CDPA) where the thresholds apply.
  • Local “Do Not Call” and opt-out registries.

B) Consent & outreach

  • Voxalera only initiates outbound calls/messages with documented prior consent or an established business relationship supplied by the Client.
  • We honor federal/state Do Not Call lists and immediately suppress any opt-out received via voice, SMS, or email.
  • Clients must provide compliant scripts and consent records; Voxalera can assist with recommended wording but does not provide legal advice.

C) Recording disclosures

  • Call recording notices comply with one-party or all-party consent requirements for the state where both the caller and recipient are located.
  • If a caller refuses recording, we log the preference, disable recording for future interactions when feasible, and offer alternate channels (SMS, WhatsApp, email).

D) Data subject rights (state privacy laws)

  • Residents of states with omnibus privacy laws may exercise access, deletion, correction, opt-out of targeted advertising, and portability rights.
  • DSARs are processed via privacy@voxalera.com within statutory timelines; appeals follow the same channel.

E) Retention & deletion

  • Call metadata and transcripts tied to U.S. operations follow the 12-month baseline unless a shorter retention is mandated by Client policy or state law.
  • Upon termination, Clients can request exports and certified deletion within 30 days.

F) Contact

Voxalera — Denver, CO, USA (operations hub).
Email: privacy@voxalera.com
For telemarketing complaints you may also contact the FCC or your state Attorney General.

Book a live demo