This Privacy Policy explains what personal data VoxTranslate ("we", "us") processes when you use our real-time translated video-calling service, why we process it, and the rights you have. It is written with the EU General Data Protection Regulation (GDPR) and similar laws in mind.
1. Who is the data controller
VoxTranslate is the controller for personal data processed through the Service. For any privacy request, contact privacy@voxtranslate.app. (Replace with your registered legal entity name, address, and—if applicable—your EU/UK representative and Data Protection Officer.)
2. What data we process
- Account data — when you sign in with Google, we receive your name, email address, and profile picture URL.
- Audio (transient) — while you speak, your microphone audio is streamed to our speech-to-text provider to generate a live transcript. We do not store raw audio.
- Transcripts & translations (transient) — generated to display subtitles and translated text to other participants in your call. They are relayed in real time and are not retained after the call, except where included in an abuse report (see below).
- Chat messages — relayed and translated between participants during a call.
- Usage & billing data — credit balance, transactions, and per-session speaking time used to meter and bill the Service.
- Safety data — abuse reports you submit or that are submitted about you (which may include a short transcript excerpt), and moderation/ban records.
- Technical data — basic connection metadata needed to operate the real-time service and keep it secure.
Video and audio between participants are sent peer-to-peer (WebRTC) and are not routed through or recorded by our servers. Our server handles signaling, the live speech-to-text stream, translation, and chat relay.
3. Why we process it and our legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide the call, transcription and translation | Performance of a contract (Art. 6(1)(b)) |
| Process the audio needed for live captions/translation | Contract; and your consent given at sign-up (Art. 6(1)(a)/(b)) |
| Metering, billing and fraud prevention | Contract; legitimate interests (Art. 6(1)(b)/(f)) |
| Safety, moderation and handling abuse reports | Legitimate interests in a safe service; legal obligation (Art. 6(1)(f)/(c)) |
| Keeping legally required transaction records | Legal obligation (Art. 6(1)(c)) |
4. Service providers (processors / sub-processors)
We share personal data with the providers below strictly to operate the Service. Some are located outside the EEA; where that is the case we rely on appropriate safeguards such as the EU Standard Contractual Clauses.
| Provider | Role | Data involved |
|---|---|---|
| Sign-in (OAuth) | Name, email, profile picture | |
| Deepgram | Speech-to-text | Streamed audio (transient) |
| Groq | Machine translation | Transcript text (transient) |
| Stripe | Payment processing | Billing details, payment data |
| Supabase | Database / account & billing storage | Account, usage, billing, safety data |
| Vercel | Frontend hosting | Technical/connection data |
| Railway | Backend hosting | Technical/connection data |
(Confirm each provider's current role, region, and safeguards before publishing, and keep this list up to date.)
5. How long we keep data
- Audio, transcripts and translations: processed in real time and not stored after the call.
- Account data: kept while your account exists; deleted when you delete your account.
- Billing/transaction records: retained as required by applicable tax and accounting laws.
- Safety/abuse reports and ban records: retained for as long as needed to keep the Service safe and to comply with legal obligations.
6. Your rights
Subject to applicable law, you have the right to:
- access the personal data we hold about you;
- rectify inaccurate data;
- erase your data ("right to be forgotten");
- receive your data in a portable format;
- restrict or object to certain processing;
- withdraw consent at any time (without affecting prior processing); and
- lodge a complaint with your local data protection authority.
You can exercise access and portability with Download my data, and erasure with Delete my account, both in the Privacy & data panel inside the app. You can also email privacy@voxtranslate.app.
7. Security
We use industry-standard measures to protect personal data, including encryption in transit and peer-to-peer media that does not transit our servers. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
8. Children
The Service is for adults (18+). We do not knowingly process data of children. If you believe a child has provided us data, contact us and we will delete it.
9. Changes
We may update this Policy; we will revise the version and date above and, for material changes, take additional steps where required by law.