Voxsafe Privacy Policy

Last Updated: January 2025

Your Privacy is Our Promise

Voxsafe was built from the ground up to protect your privacy. We believe your conversations should stay private, and we've engineered every part of our system to make that happen.

Our Core Privacy Commitments

🔒 Strong Encryption

• •Call transcripts are encrypted with AES-256-GCM encryption
• •Encryption keys are managed by Google Cloud Key Management Service
• •Built on Google's enterprise-grade security infrastructure
• •Industry-standard protection for your privacy

🚫 Limited Data Access

• •Your conversations are encrypted at rest in our database
• •All processing is automated - no manual human review
• •We've built strong policies to protect your privacy
• •Call transcripts are sent to Google Gemini AI for scam analysis only

🤖 Smart Protection

• •Advanced AI protects you from scams by analyzing call transcripts
• •Transcripts are encrypted and stored in Firebase Firestore
• •Scam analysis results (confidence scores and explanations) are saved
• •Complete protection with strong encryption

What We Collect

Call Data

• •Call Transcripts: Full transcripts of calls from unknown numbers, encrypted with AES-256-GCM
• •Call Metadata: Caller phone number, call duration, call status, timestamps, call direction (inbound/outbound)
• •Voicemail Recordings: Audio recordings stored by Twilio with public access URLs
• •Scam Analysis Results: AI-generated scam detection verdicts, confidence scores, and explanations

User Information

• •Phone Numbers: Your registered phone number for call forwarding and verification
• •Authentication Data: Firebase Auth UID and email address, or Clerk authentication credentials
• •Push Notification Tokens: Firebase Cloud Messaging (FCM) tokens for sending alerts
• •Contact Information: SHA-256 hashed phone numbers from your contact list (not plaintext)

Care Interface Data

• •Trusted Contact Relationships: Trusted Contact user ID, Protected Phone user ID, relationship status, connection timestamps
• •Care Codes: Temporary 6-character codes for establishing Trusted Contact relationships (expire after 15 minutes)

How We Use Your Data

Primary Purposes

1. •Call Screening: Route incoming calls from unknown numbers to your device for screening
2. •Scam Detection: Analyze call transcripts in real-time using Google Gemini AI to identify potential scams
3. •User Notifications: Send push notifications when high-confidence scams are detected (≥70% confidence)
4. •Voicemail Service: Record and store voicemails when calls are not answered
5. •Contact Matching: Identify known vs. unknown callers using hashed contact lists
6. •Phone Verification: Verify phone numbers via SMS using Twilio Verify service
7. •Trusted Contact Monitoring: Allow authorized Trusted Contacts to view call history and scam analysis for Protected Phones

Data Sharing with Third Parties

We share your data with the following third-party services to provide our functionality:

• •Google Gemini AI: Full call transcripts are sent for scam analysis. Google may process this data according to their privacy policy.
• •Twilio: Phone numbers, call metadata, and recordings are processed for call routing, SMS verification, and voicemail storage.
• •Firebase/Google Cloud: All user data, call metadata, encrypted transcripts, and voicemail records are stored in Google Cloud Firestore (US multi-region).
• •Google Cloud KMS: Encryption keys for protecting call transcripts.
• •Firebase Cloud Messaging: Device tokens are used to send push notifications.

We do not sell your data to advertisers, data brokers, or marketers.

How We Protect Your Data

Encryption Methods

• •Transcript Encryption: AES-256-GCM encryption with envelope encryption pattern
• •Data Encryption Keys (DEK): Randomly generated 256-bit keys for each transcript segment
• •Key Management: DEKs are encrypted with Google Cloud KMS master keys
• •Authentication Tags: GCM mode provides integrity verification for encrypted data
• •Transport Security: All API communications use HTTPS encryption

Data Isolation & Access Control

• •Each user's data is completely isolated in Firestore collections
• •Firebase security rules enforce strict access controls
• •Authentication required for all user-specific endpoints (Firebase ID tokens or Clerk auth)
• •Twilio webhook signatures validated to prevent unauthorized access
• •Trusted Contact access limited to explicitly authorized relationships only

Security Best Practices

• •Phone numbers are masked in logs (only last 4 digits shown)
• •Contact phone numbers are hashed (SHA-256) before storage
• •Invalid FCM tokens are automatically cleaned up
• •Call validation prevents unauthorized recording access
• •Firestore encryption at rest (Google-managed)

Your Data, Your Control

Access Your Data

• •View your call history and scam analysis in the dashboard
• •Access encrypted call transcripts (decrypted for your viewing)
• •Review voicemail recordings and metadata
• •See your active Trusted Contact relationships

Manage Your Data

• •Delete call records and transcripts
• •Disconnect Trusted Contact relationships at any time
• •Update your contact list synchronization
• •Revoke push notification permissions
• •Request account deletion (contact support)

Data Retention

We retain your data for the following periods:

• •Call Transcripts: Stored until you delete them or request account deletion
• •Voicemail Recordings: Stored by Twilio until you delete them or request account deletion
• •Call Metadata: Retained for service operation until you request deletion
• •Scam Analysis Results: Retained with call metadata
• •Care Codes: Automatically deleted after 15 minutes or when used
• •Deleted Relationships: Trusted Contact relationship records marked as "disconnected" but retained for audit purposes

To request data deletion, contact support@voxsafe.com

Your Data is Never for Sale

Our commitments:

• •We never sell your data to anyone
• •No advertising companies get your information
• •No data brokers, no marketers, no exceptions
• •Data sharing limited to essential service providers listed above

Legal Compliance

GDPR & CCPA Rights

If you are located in the European Union or California, you have additional rights:

Right to Access: Request a copy of your personal data Right to Rectification: Correct inaccurate personal data Right to Erasure: Request deletion of your personal data Right to Data Portability: Receive your data in a structured, machine-readable format Right to Restrict Processing: Request limitation of data processing Right to Object: Object to processing of your personal data

To exercise these rights, contact privacy@voxsafe.com

Call Recording Compliance

By using VoxSafe, you acknowledge:

• •You are responsible for complying with call recording laws in your jurisdiction
• •Some jurisdictions require all-party consent; others require one-party consent
• •It is your responsibility to inform callers that calls may be recorded where required by law
• •VoxSafe provides the tools; you are responsible for lawful use

Trusted Contact Access & Consent

• •Trusted Contact relationships require explicit consent from both parties
• •Protected Phones generate and share access codes voluntarily
• •Either party can revoke access at any time
• •Trusted Contacts can only access call data for individuals who have granted permission

Voice Data and Biometric Privacy

Voice Recordings as Biometric Data

Voice recordings collected through VoxSafe may be considered biometric identifiers or biometric information under certain state laws, including:

• •Illinois Biometric Information Privacy Act (BIPA)
• •Texas Capture or Use of Biometric Identifier Act
• •Washington biometric privacy law
• •California Consumer Privacy Act (CCPA) biometric provisions

What We Collect

• •Voice recordings of incoming callers (via Twilio)
• •Voice transcripts (text converted from audio)
• •Audio characteristics captured during call transcription

How We Use Voice Data

• •Real-time transcription for scam detection
• •AI analysis of conversation patterns
• •Storage of encrypted transcripts
• •Voicemail recording and playback

Your Consent to Voice Data Collection

By using VoxSafe, you consent to:

• •Collection of your voice data and voice data of individuals who call you
• •Storage of voice recordings by Twilio (our telecommunications provider)
• •Transcription of voice data into text format
• •Analysis of voice transcripts by Google Gemini AI for fraud detection
• •Retention of voice data as described in our Data Retention section

Caller Notice

VoxSafe automatically plays a disclosure to incoming callers stating that calls will be recorded and analyzed for fraud prevention. Callers who continue the call after this disclosure are deemed to have consented to voice data collection.

Illinois BIPA-Specific Disclosures

If you or your callers are located in Illinois:

• •Purpose: Voice data is collected for fraud prevention and user safety
• •Duration: Voice data is retained until you request deletion or delete your account
• •Third Parties: Voice data is processed by Twilio (recordings) and Google (AI analysis)
• •No Sale: We never sell, lease, or trade biometric data to third parties
• •Destruction: You may request deletion of voice data by contacting support@voxsafe.com

How to Delete Voice Data

• •Delete individual call records from your dashboard
• •Request full voice data deletion by contacting support@voxsafe.com
• •Request account deletion, which will delete all associated voice data

Children's Privacy

VoxSafe is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• •Posting the updated policy on our website
• •Sending an email notification to your registered email address
• •Displaying an in-app notification

Your continued use of VoxSafe after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Us

Questions about privacy? We're here to help:

• •Privacy Inquiries: privacy@voxsafe.com
• •Data Deletion Requests: support@voxsafe.com
• •General Support: support@voxsafe.com
• •Response time: Within 48 hours

Summary

VoxSafe Privacy Highlights:

• •🔐 AES-256-GCM encryption protects call transcripts
• •🤖 AI scam detection via Google Gemini
• •🔑 Google Cloud KMS manages encryption keys
• •📱 Twilio handles call routing and recordings
• •🔒 Firebase/Google Cloud stores encrypted data
• •🚫 We never sell your data to third parties
• •👁️ Trusted Contact access requires explicit consent
• •⚖️ GDPR & CCPA rights supported

---

VoxSafe is committed to protecting your privacy while providing effective scam protection. This policy accurately reflects our data collection, usage, and protection practices.