Privacy Notice

Privacy Policy
for VOXA

This Privacy Policy explains how VOXA collects, uses, discloses, and protects personal information in connection with its AI voice receptionist platform. VOXA is operated by Samuel Lamarche in Quebec, Canada and provides inbound call handling and appointment-booking support for businesses.

Version 1.0 Effective April 5, 2026 Quebec, Canada EN

01 Introduction

VOXA is an AI voice receptionist platform that answers business phone calls, helps collect caller details, and supports appointment booking through connected provider systems. This Privacy Policy applies to personal information processed through the VOXA website, onboarding and account flows, billing flows, and the VOXA service itself.

Depending on the context, VOXA may process information for its own business operations or on behalf of a client business using VOXA. When VOXA handles customer call or booking data for a client, that client remains responsible for its own notices and legal basis for collecting that information from its customers.

No advertising or model training use. VOXA does not use personal information for advertising and does not use client or caller personal information to train AI models.

02 Who This Policy Applies To

This policy applies to the following categories of people whose information may be processed in connection with VOXA:

  • Visitors to the VOXA website.
  • Prospective customers who contact VOXA or submit a website form.
  • Business owners, staff, or other representatives who create or administer a VOXA account.
  • Callers and customers of VOXA clients whose calls are answered through the VOXA platform.
  • Individuals whose booking, appointment, or payment-related information is involved in providing the service.

03 Information We Collect

The information VOXA collects depends on how you interact with the website or service and on which service settings a client enables.

Website and Contact Form Data

  • Name, business name, email address, phone number, and details you submit through contact or demo-request forms.
  • Any message content or business context you choose to provide when contacting VOXA.

Account and Signup Data

  • Account holder name, business identity, login credentials or authentication data, and onboarding details required to configure the service.
  • Records related to account creation, acceptance of legal terms, and administrative communications.

Call and Caller Data

  • Caller phone number, caller-provided name, requested service details, appointment preferences, call timestamps, call duration, and call outcome.
  • Voice recordings and transcripts where recording or transcription features are enabled in the applicable service configuration or provider settings.

Booking and Provider-Integrated Data

  • Appointment details, selected services, staff or provider assignment, booking times, and related booking metadata exchanged with connected provider platforms such as Square.
  • Business configuration data needed to route callers and create or update appointments on a client's behalf.

Billing and Payment-Related Data

  • Subscription plan details, billing contact information, invoice records, tax-related details, and payment status.
  • Payment card handling is performed by payment processors; VOXA does not store full payment card numbers.

Technical, Device, and Log Data

  • VOXA may collect limited technical and log data such as IP address, browser type, device information, and standard server or application logs.
  • VOXA may also maintain operational and audit logs used for security, reliability, and troubleshooting.

04 How We Use Information

VOXA uses personal information only as reasonably necessary to operate, deliver, support, and improve the service. This includes using information to:

  • Respond to inquiries, provide demos, and communicate with prospective or current customers.
  • Create and administer accounts, configure client workspaces, and maintain service access.
  • Answer inbound calls, capture caller requests, and facilitate bookings or related business workflows.
  • Process billing, generate invoices, administer subscriptions, and detect payment or account issues.
  • Monitor performance, prevent misuse, investigate incidents, and maintain platform reliability and security.
  • Comply with legal obligations and maintain business records.

05 How We Share Information

VOXA does not sell personal information. We share information only where needed to provide the service, run the business, or comply with legal obligations.

  • With client businesses that use VOXA, so they can receive call outcomes, caller details, and booking information connected to their operations.
  • With service providers and subprocessors that help host infrastructure, route calls, process payments, or connect bookings.
  • With professional advisors or authorities where disclosure is required to comply with law, enforce rights, respond to valid legal process, or protect the security of the service.
  • As part of a business transaction, if VOXA is involved in a sale, financing, reorganization, or transfer of assets, subject to appropriate confidentiality measures.

06 Subprocessors / Service Providers

VOXA uses third-party providers to support the delivery and operation of the platform. Current providers include:

Provider Role Location Privacy Policy
Vapi Voice AI call handling and related call processing services United States vapi.ai/privacy
Supabase Database and application infrastructure hosting United States supabase.com/privacy
Square Booking provider integration used for connected client scheduling workflows United States squareup.com/privacy
Telnyx Telephony, phone number provisioning, and call routing United States telnyx.com/privacy
Stripe Payment processing, invoicing, and subscription billing support United States stripe.com/privacy

These providers process information under their own terms and privacy commitments, and VOXA uses them only as needed to operate the service.

07 Cross-Border Processing / Transfers

VOXA is operated from Quebec, Canada, but some infrastructure and service providers used to support VOXA may be located in the United States or may process information there. As a result, personal information may be accessed, stored, or processed outside your home jurisdiction.

When cross-border processing is involved, VOXA takes reasonable contractual and operational steps to require service providers to handle information consistently with the purposes for which it was collected and with appropriate safeguards for the sensitivity of the data involved.

08 Data Retention

VOXA retains personal information only for as long as reasonably necessary for the purposes described in this policy, to support client services, and to meet legal, tax, accounting, or dispute-resolution requirements.

  • Website inquiries and account administration records may be retained for customer relationship management and recordkeeping purposes.
  • Call data, booking-related records, and related logs are retained according to operational needs and client service settings.
  • Voice recordings and transcripts may be retained only where those features are enabled, and retention may depend on the configured service or provider settings in use.
  • Billing, invoicing, and tax records may be retained for longer periods where required by applicable law.

09 Security Safeguards

VOXA uses administrative, technical, and organizational safeguards appropriate to the nature of the information and the risks involved. These measures may include encryption in transit, controlled system access, authentication protections, logging, and internal access limitation.

No system can guarantee absolute security, but VOXA works to reduce risk, investigate incidents, and update safeguards as the service evolves.

10 Your Privacy Rights / Requests

Depending on the context and applicable law, individuals may have rights to request access to, correction of, or deletion of their personal information.

If you are a VOXA account holder or website contact, you may send privacy requests directly to VOXA. If you are a caller or customer of a business that uses VOXA, your request may need to be directed first to that business, because it controls the customer relationship and decides why the information is collected.

VOXA may request information needed to verify identity before processing a privacy request and may keep a record of the request and how it was handled.

11 Children

VOXA is intended for business use and is not directed to children. VOXA does not knowingly design its website or service to collect personal information directly from children for its own purposes. If we learn that personal information has been provided in a way that should not have occurred, we will take appropriate steps to review and address the situation.

12 Changes to This Policy

VOXA may update this Privacy Policy from time to time to reflect changes to the service, providers, legal obligations, or operational practices. The latest version will be posted on this page with a revised effective date when applicable.

If a change is material, VOXA may also provide additional notice through the website, dashboard, or email where appropriate.

13 Contact / Privacy Officer

Questions, privacy requests, or concerns about this Privacy Policy may be directed to VOXA's Privacy Officer:

Privacy Officer & Operator

Samuel Lamarche — VOXA

samuel.lamarche@getvoxa.ca

getvoxa.ca

Quebec, Canada