Data Protection & Privacy

Voxa, a product of Voxa-LLC, is committed to protecting your privacy and ensuring the lawful, fair, and transparent processing of all personal data.

This Data Protection Statement outlines our practices and your rights under applicable privacy laws, including the California Consumer Privacy Act (CCPA), and where applicable, the General Data Protection Regulation (GDPR) for our international users.

We only collect and process personal data where we have a valid legal basis to do so, including:

• Consent – When you explicitly allow us to use your data for specific purposes (e.g., marketing).

• Contractual necessity – To fulfill our obligations to you under the service agreement.

• Legal obligation – To comply with applicable laws (e.g., accounting, fraud prevention).

• Legitimate interest – To improve our platform, monitor abuse, and protect our systems, while respecting your rights and freedoms.

We only collect personal data that is:

• Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

• Used solely for specified, explicit, and legitimate purposes, including account creation, communication, billing, and platform security.

We do not use your data for any purposes that are incompatible with those originally stated.

We provide clear and detailed information on:

• What personal data we collect

• Why and how we collect it

• Who we share it with

• How long we retain it

• How you can exercise your rights

You can access this information in our Privacy Policy or by contacting us directly at [email protected].

As a user, you have the following rights under applicable privacy laws:

4.1. Right to Access

You can request access to your personal data and obtain a copy of the information we hold about you.

4.2. Right to Rectification

You have the right to request correction of inaccurate or incomplete data.

4.3. Right to Deletion

You may request that we delete your personal data when there is no legal or contractual reason for its continued processing.

4.4. Right to Restrict Processing

You may request temporary restriction of processing in certain circumstances (e.g., during dispute resolution).

4.5. Right to Data Portability

You have the right to receive your data in a structured, machine-readable format, and to transmit it to another controller where feasible.

4.6. Right to Object

You may object to processing based on legitimate interest or direct marketing.

4.7. Right to Withdraw Consent

If processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing done prior to withdrawal.

4.8. California Residents (CCPA)

If you are a California resident, you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information. We do not sell your personal information.

We retain personal data only for as long as necessary to:

• Fulfill the purposes for which it was collected

• Comply with legal, accounting, or regulatory requirements

After the retention period, data is securely deleted or anonymized in accordance with best practices.

Your data is primarily stored and processed in the United States. If we transfer personal data internationally, we ensure appropriate safeguards such as:

• Standard Contractual Clauses (SCCs) where required

• Binding corporate rules (if applicable)

• Compliance with applicable cross-border data transfer regulations

All third-party partners and vendors undergo a rigorous review for data protection compliance.

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:

• Encryption of data in transit and at rest

• Access controls and user authentication

• Regular vulnerability scanning and security patching

• Employee training on privacy and data handling

While we are not currently required by law to appoint a Data Protection Officer under Article 37 of GDPR, we have designated a Privacy Compliance Lead responsible for overseeing data protection and ensuring ongoing compliance.

You may contact this person directly at: [email protected]

If you believe your privacy rights have been violated, you may lodge a complaint with:

• The Federal Trade Commission (FTC) at ftc.gov/complaint

• Your state's Attorney General office

• For California residents: California Attorney General at oag.ca.gov

If you have any questions about this GDPR Compliance Statement or our data practices, please contact:

Email: [email protected]