1. Introduction
VoxChron ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered captioning and non-verbal sound detection platform ("Service"). This policy is compliant with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Data Controller
VoxChron Ltd is the data controller for the personal data processed through our Service. VoxChron Ltd is a company registered in England and Wales.
For any data protection inquiries, please contact our Data Protection Officer at dpo@voxchron.com.
3. What Data We Collect
3.1 Account Information
- Full name, email address
- Hashed password (we never store plaintext passwords)
- Account preferences and settings
3.2 Uploaded Content
- Audio and video files you submit for processing
- Processing results: transcripts, annotations, subtitle files (SRT, VTT, TXT, JSON, DOCX)
- Job metadata: context mode, signal layer selections, confidence thresholds
3.3 Payment Information
- Billing details processed by Stripe (we do not store credit card numbers)
- Subscription tier, usage minutes, and billing history
3.4 Technical Data
- IP addresses, browser type, device information
- Usage analytics and interaction patterns
- Cookies and similar tracking technologies (see our Cookie Policy)
4. Legal Basis for Processing (GDPR Article 6)
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of contract |
| Processing audio/video and generating captions | Performance of contract |
| Processing payments | Performance of contract |
| Sending transactional emails (job completion, billing) | Performance of contract |
| Sending product updates | Legitimate interest |
| Marketing communications | Consent (opt-in) |
| Analytics and service improvement | Legitimate interest |
| Legal compliance and fraud prevention | Legal obligation |
5. How We Use Your Data
- To provide, maintain, and improve the VoxChron captioning and sound detection service
- To process your uploaded audio/video files and generate transcripts, annotations, and subtitle exports
- To process your payments and manage your subscription
- To send transactional emails (job completion, billing receipts)
- To send marketing communications (only with your explicit consent)
- To detect, prevent, and address technical issues and security threats
- To comply with legal obligations
We never use your audio, video, or transcript data to train AI models — ours or any third party's.
6. AI Processing & Third-Party Services
We use AI models to detect non-verbal sounds and generate transcriptions. When processing your content:
- Audio content is processed by our AI detection engine (BEATS-based) for non-verbal sound classification
- We do not send your personal account information (email, password) to any AI provider
- All AI processing is governed by Data Processing Agreements (DPAs)
- Generated transcripts, annotations, and subtitle files are stored in our database and made available to you for download
7. Data Sharing & Third Parties
We share data only with the following categories of processors:
- Stripe — Payment processing. Stripe is PCI DSS compliant. We do not store card details.
- Cloud Object Storage — File storage, EU-based, AES-256 encrypted at rest.
- Cloud infrastructure providers — To host and operate the service.
We do not sell, rent, or trade your personal data to any third parties.
We have Data Processing Agreements (DPAs) in place with all sub-processors.
8. Data Security
- All uploaded files are encrypted in transit (TLS 1.2+) and at rest (AES-256) on our cloud object storage
- Passwords are hashed using bcrypt — never stored in plaintext
- All data in transit is encrypted via TLS 1.2+
- Database access is restricted and monitored
- Regular security audits and vulnerability assessments
- Payment data is handled entirely by Stripe (PCI DSS compliant)
9. Data Retention
- Source files (audio/video): Automatically deleted from storage immediately upon job completion, or within 24 hours of a failed job.
- Subtitle output files: Retained in your dashboard until you delete them or close your account.
- Account data: Retained while your account is active. Permanently deleted within 30 days of account deletion request.
- Payment records: Retained for 7 years for legal and tax compliance.
- Audit logs: Retained for 2 years.
- Cookie consent records: Retained for 3 years from date of consent.
10. Your Rights (GDPR Articles 15-22)
Under GDPR, you have the following rights:
- Right of Access (Art. 15): Request a copy of all personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate personal data.
- Right to Erasure (Art. 17): Request deletion of your personal data ("Right to be Forgotten").
- Right to Restrict Processing (Art. 18): Request limitation of how we process your data.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests or for marketing.
- Right to Withdraw Consent (Art. 7): Withdraw any consent you have given at any time.
To exercise these rights, visit your Account Settings > Privacy & Data page where you can export your data, manage marketing consent, and delete your account. You can also email us at privacy@voxchron.com. We will respond within 30 days as required by GDPR Article 12.
11. International Data Transfers
Your data is primarily processed and stored within the EU on our cloud infrastructure. Where data is transferred outside the European Economic Area (EEA), we ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved transfer mechanisms as required by GDPR.
12. Children's Privacy
Our Service is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@voxchron.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by email and/or a prominent notice on our Service. Continued use of the Service after changes constitutes acceptance of the updated policy. Where required by law, we will seek your renewed consent.
14. Supervisory Authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact Us
For any questions about this Privacy Policy or our data practices:
- Email: privacy@voxchron.com
- Data Protection Officer: dpo@voxchron.com