Privacy Policy for Spoqen

1. Introduction and Scope of This Policy

This Privacy Policy outlines how Spoqen ("the Company," "it") collects, uses, discloses, and protects the personal information of individuals ("Data Subjects," "Users") who use Spoqen (the "Service"). The purpose of this document is to provide transparency regarding the Company's data handling practices. Use of the Service signifies acceptance of the terms described herein. Individuals who do not agree with these terms should refrain from using the Service.

The Service incorporates artificial intelligence (AI) to provide its functionalities. The Company is committed to explaining how this technology interacts with personal information. This policy reflects the Company's current data practices and understanding of applicable privacy laws. Given the dynamic nature of AI technology and data privacy regulations, this Privacy Policy may be updated periodically. Users are encouraged to review it regularly. The "Last Updated" date indicates the most recent revision.

2. Information Collected

The Company collects various types of personal information to provide and improve the Service. The collection practices are designed to be purposeful and transparent. This information can be broadly categorized as follows:

Information Provided Directly by Users:

• Account Registration Data: When Users create an account, the Company collects information such as name, email address, phone number, and, if applicable, payment details for subscription services.
• Voicemail Content: The core of the Service involves processing audio recordings of voicemails and the AI-generated transcriptions of these voicemails. This content is inherently personal and may contain sensitive information depending on the caller and the message left.
• Contact Lists or Address Book Information: If Users grant the Service access to their contact lists or address book, this information may be used for features such as caller identification or syncing contacts with the Service.
• Communications with Customer Support: Records of interactions with the Company's support team, including the content of inquiries and responses, are maintained.
• User Settings and Preferences: Information related to User configurations, preferences for Service features, and other settings are collected to personalize the experience.

Information Collected Automatically:

• Usage Data: The Company gathers information about how Users interact with the Service. This includes features utilized, the timing and frequency of use, and performance metrics related to the AI functionalities. Where feasible, this data is anonymized or aggregated.
• Device Information: Details about the User's device, such as device type, operating system version, and unique device identifiers, are collected to optimize Service delivery and for troubleshooting.
• IP Address and General Location Data: The IP address of the User's device is collected, from which general geographic location may be inferred. This is used for security purposes, analytics, and service customization.
• Log Data: The Service automatically records certain information in server logs, including access times, system activity, and error logs, which are essential for monitoring, security, and improving service stability.
• Cookies and Similar Tracking Technologies: If the Service includes a web-based interface or application, cookies and similar technologies may be used to enhance user experience, for authentication, and for analytics. A separate Cookie Policy, if applicable, will provide more detailed information.

Information from Third Parties:

The Company may receive information from third-party services if Users choose to integrate the Service with other platforms and explicitly authorize such data transfers. The nature of this information will depend on the third-party service and the User's privacy settings on that platform.

Specifics on Voicemail Data and Call Recordings:

It is explicitly stated that voicemails left for Users are recorded and processed by the Service's AI systems. This processing includes transcription and potentially other analytical features.

The act of a caller leaving a voicemail for a User of the Service inherently involves recording the caller's voice. The User, by employing the Service, consents to their incoming voicemails being recorded and processed. For callers, particularly those in jurisdictions requiring two-party or all-party consent for call recording, the Service may offer configurable options for Users to provide appropriate notice to their callers (e.g., a customizable pre-voicemail announcement). Compliance with such consent requirements for incoming calls ultimately rests with the User, who must ensure their use of the Service aligns with applicable laws in their jurisdiction and the jurisdictions of their callers. The Service operates based on the User's direction to record messages left for them.

The handling of voicemail content requires special attention due to its dual nature: it is provided by callers at the User's implicit direction (by having a voicemail service) and automatically collected and processed by the Service. This content can be highly sensitive, potentially containing Personally Identifiable Information (PII) and, under frameworks like the California Privacy Rights Act (CPRA), Sensitive Personal Information (SPI).

Furthermore, the AI's operation involves a form of implicit data collection. As the AI processes voicemails (e.g., transcribing speech, identifying keywords, assessing sentiment), it generates operational data and learns from these interactions. This operational data, even if not directly "provided" by the User, is a byproduct of the Service's functionality and may be used for service improvement, a practice that is detailed further in this policy.

Table 1: Information Collected and Primary Purposes

3. How Information Is Used

The Company uses the collected personal information for several purposes, always striving to align with the principles of purpose limitation and data minimization.

To Provide and Improve the Services:

• Core Functionality: Delivering essential voicemail services, including the recording, storage, and retrieval of voicemails.
• AI-Powered Features: Providing advanced functionalities driven by AI, such as automated voicemail transcription, summarization of lengthy messages, identification of potential spam calls, voice analytics (if offered, e.g., sentiment analysis for User's own review), and smart reply suggestions. The specific AI features available may evolve as the Service is enhanced.
• Personalization: Customizing the User experience, which might include prioritizing voicemails based on learned importance or allowing for personalized greetings, where such features are available.
• AI Model Training and Refinement: User data, particularly voicemail audio and transcripts, may be used to train and improve the AI models that power the Service. This is crucial for enhancing accuracy, expanding capabilities (e.g., understanding more accents or languages), and developing new features. When data is used for model training, the Company employs measures to protect privacy, such as de-identification, aggregation, or other anonymization techniques where feasible, before the data is used for broader model improvement. Specific choices regarding the use of data for general model training are detailed in Section 11. The use of User data to improve the AI models, which enhances the Service's core technology, is a significant aspect of the Service. It is important to note that under certain data privacy laws, such as the CCPA/CPRA, the "improvement of technologies" through the use of personal information can be considered a "valuable consideration," potentially implicating definitions of "sale" or "sharing" even if no monetary exchange occurs. The Company's practices regarding these definitions are addressed in Section 5 and Section 6.

For Communication:

• Sending service-related notifications, including updates to the Service, security alerts, and billing information.
• Responding to User inquiries and providing customer support.
• Sending marketing communications about the Company's products or services, but only where Users have consented or where otherwise permitted by law, and always with clear opt-out mechanisms.

For Security and Fraud Prevention:

• Protecting the security and integrity of the Service, its infrastructure, and User data.
• Detecting, preventing, and investigating fraudulent, unauthorized, or illegal activities.

To Comply with Legal Obligations:

• Responding to lawful requests from public authorities, such as subpoenas or court orders.
• Complying with applicable laws, regulations, and legal processes.

The Company is committed to using data only for the specified, explicit, and legitimate purposes for which it was collected. Data collection is limited to what is necessary to achieve these purposes. The specific AI applications (e.g., transcription, spam filtering) are disclosed to provide Users with a clearer understanding of how their data is processed by AI systems, aligning with transparency principles. While the Company strives for accuracy and fairness in its AI models, it acknowledges the ongoing challenges in mitigating bias in AI systems and is committed to efforts in this area.

4. Legal Basis for Processing Personal Information (GDPR & other relevant laws)

The processing of personal information by the Company is grounded in specific legal bases, particularly under the General Data Protection Regulation (GDPR) if applicable to the User, and similar principles in other data protection laws. Every processing activity is tied to a lawful justification.

Consent:

The Company relies on User consent for certain processing activities. This includes:

• Sending direct marketing communications via email or other electronic means.
• The recording of incoming calls (voicemails) where all-party consent is required by applicable law, noting that the User of the Service provides their consent by using the Service to receive voicemails, and is responsible for ensuring any necessary consent from callers.
• Processing Sensitive Personal Information (SPI), as defined by applicable laws like CPRA, if such data is processed for purposes requiring explicit consent and not covered by another lawful basis.
• Using personal data for AI model training purposes that go beyond the direct provision or improvement of the Service for that specific User, or where explicit control over such use is provided to the User.

Consent is obtained through clear, affirmative action, and Users have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Contractual Necessity:

Much of the data processing is necessary for the performance of the contract between the User and the Company for the provision of the AI Voicemail Assistant Service. This includes, for example:

• Collecting account information to set up and manage the User's account.
• Recording, storing, transcribing, and delivering voicemails as per the core functionality of the Service.
• Providing customer support related to the Service.

Legitimate Interests:

The Company processes certain personal information based on its legitimate interests, provided these interests are not overridden by the fundamental rights and freedoms of the Data Subject. A balancing test is performed for such processing. Legitimate interests include:

• Improving and developing the Service, including enhancing the accuracy and capabilities of the AI models through the analysis of usage patterns and, where appropriate and safeguarded, voicemail data (e.g., using de-identified or aggregated data). The use of personal data for general AI model training based on legitimate interest is subject to rigorous assessment to ensure User rights are protected, and may be supplemented or replaced by consent depending on the nature and sensitivity of the data and the specifics of the training process.
• Ensuring the security and integrity of the Service, preventing fraud, and protecting the Company's legal rights.
• Conducting internal analytics and reporting using aggregated or anonymized data to understand service usage and business performance.

The specific legitimate interests pursued are documented and regularly reviewed.

Legal Obligations:

The Company may process personal information where it is necessary to comply with a legal obligation to which it is subject. This includes responding to lawful requests from law enforcement or other government authorities, or complying with financial and regulatory reporting requirements.

The choice of lawful basis for each processing activity, especially those involving AI and sensitive voicemail content, is carefully considered. For instance, while improving AI models can be a legitimate interest, the sensitivity of voicemail data means that additional safeguards, such as robust de-identification or obtaining explicit consent, are prioritized, particularly for uses that are not directly tied to the immediate service delivery for that User. Transparency in communicating these lawful bases is a key commitment.

Table 2: Our Purposes for Using Your Information and Legal Bases (Illustrative GDPR Focus)

5. How Information Is Shared

The Company does not share personal information with third parties except in the circumstances outlined below, and always with a commitment to protecting User privacy.

With Service Providers and Sub-processors:

The Company engages third-party vendors and service providers (sub-processors) to perform various functions necessary to operate and improve the Service. These may include cloud hosting providers (e.g., for storing voicemail data and running AI models), payment processors, analytics providers, customer support platform providers, and communication tool providers.

These service providers are granted access to personal information only to the extent necessary to perform their designated functions and are contractually obligated to maintain the confidentiality and security of the data. They are prohibited from using personal information for any other purpose. The Company maintains a list of its key sub-processors, which can be made available to Users upon request or via a designated link on its website. The selection and vetting of sub-processors, particularly those involved in AI infrastructure or handling sensitive voice data, is a critical aspect of the Company's data governance.

For Legal Reasons and to Protect Rights:

The Company may disclose personal information if required to do so by law, regulation, valid legal process (such as a subpoena, court order, or search warrant), or governmental request.

Disclosure may also occur to enforce the Company's Terms of Service, to investigate potential violations, to detect, prevent, or otherwise address fraud, security, or technical issues.

Furthermore, information may be shared to protect the rights, property, or safety of the Company, its Users, or the public, as required or permitted by law. The Company will strive to be transparent about government data requests, disclosing information only when legally compelled and, where permissible, notifying the User.

In Connection with Business Transfers:

If the Company is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, User personal information may be sold or transferred as part of such a transaction. Users will be notified of any such deal and informed of any choices they may have regarding their information, as required by applicable law.

With User Consent:

The Company may share personal information with other third parties when it has the User's explicit consent to do so.

"Sale" or "Sharing" of Personal Information (CCPA/CPRA Context):

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) has specific definitions for "sale" and "sharing" of personal information. A "sale" is broadly defined to include the exchange of personal information for monetary or other valuable consideration. "Sharing" is defined to include disclosure for cross-context behavioral advertising.

The Company's use of personal information, such as voicemail data, to train and improve its AI models (which enhances the value of the Service and the Company's technology) could potentially be considered "sharing" or a "sale" for "valuable consideration" under these broad definitions, even if no money is directly exchanged for the data. Similarly, the use of certain third-party analytics or advertising cookies on any associated web portals might constitute "sharing."

The Company is committed to transparency regarding these activities. California residents have the right to opt-out of the "sale" or "sharing" of their personal information. Instructions on how to exercise this right are provided in Section 6 and via a "Do Not Sell or Share My Personal Information" link on the Company's website or application interface.

If the Service utilizes any analytics or tracking technologies that contribute to cross-context behavioral advertising, particularly through a web portal for managing voicemails, this activity would be classified as "sharing" under the CPRA and would necessitate providing an opt-out mechanism.

6. Privacy Rights and Choices

The Company respects the privacy rights of its Users and provides mechanisms to exercise these rights in accordance with applicable data protection laws.

General Rights (often aligned with GDPR):

• Right of Access: Users have the right to request information about whether the Company holds personal information about them and to obtain a copy of such information.
• Right to Rectification: Users have the right to request the correction of inaccurate or incomplete personal data. It is important to note that correcting factual inaccuracies that may be present in AI-generated content (e.g., a transcript or summary) can be technically complex, and while the Company will make reasonable efforts, perfect correction within the AI models themselves may not always be feasible.
• Right to Erasure (Deletion): Users have the right to request the deletion of their personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected or if consent is withdrawn. The technical implications of erasure for AI models are significant; while data will be deleted from operational systems, its past influence on trained models may not be immediately reversible without model retraining, a process that may be undertaken periodically.
• Right to Restrict Processing: Users have the right to request the limitation of how their personal data is processed in specific circumstances.
• Right to Data Portability: Where applicable, Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object: Users have the right to object to the processing of their personal data based on legitimate interests or for direct marketing purposes. If an objection is made to processing for AI model training based on legitimate interests, the Company will cease such processing unless compelling legitimate grounds override the User's interests, rights, and freedoms, or for legal claims.
• Rights related to Automated Decision-Making and Profiling:If the AI Service makes decisions that produce legal effects concerning Users or similarly significantly affect them (which is generally not the primary function of a voicemail assistant but could arise in advanced features like automated blocking based on AI analysis), Users have the right to obtain human intervention, express their point of view, and contest the decision.

Rights under CCPA/CPRA (for California residents):

• Right to Know: California residents have the right to request disclosure of the specific pieces of personal information the Company has collected about them; the categories of personal information collected; categories of sources from which it was collected; the business or commercial purposes for collecting, selling, or sharing it; categories of third parties to whom it was disclosed, sold, or shared; and categories of information sold or shared.
• Right to Delete: California residents have the right to request the deletion of their personal information, subject to certain exceptions.
• Right to Correct: California residents have the right to request the correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: California residents have the right to opt-out of the "sale" or "sharing" of their personal information. A clear and conspicuous link titled "Do Not Sell or Share My Personal Information" will be provided on the Company's website and/or within the Service interface, enabling Users to exercise this right.
• Right to Limit Use and Disclosure of Sensitive Personal Information (SPI):If the Company collects or processes SPI (which voicemail content may contain) for purposes beyond those specifically permitted by the CPRA (e.g., for certain types of AI model training not strictly necessary for service delivery or security), California residents have the right to direct the Company to limit its use and disclosure of such SPI. A link titled "Limit the Use of My Sensitive Personal Information" will be provided where applicable.
• Right to Non-Discrimination: The Company will not discriminate against California residents for exercising any of their CCPA/CPRA rights.

Exercising Your Rights:

• Users can submit requests to exercise their privacy rights by contacting the Company through the channels provided in Section 13 ("Contact Information").
• The Company will need to verify the identity of the individual making the request before processing it to protect User privacy and security. The verification process for an audio-centric service like a voicemail assistant may involve confirmation via the registered email address or phone number, or other methods appropriate to the sensitivity of the data.
• The Company will respond to verifiable consumer requests within the timeframes mandated by applicable law (e.g., 45 days under CCPA/CPRA, extendable once).

Opt-Out of Marketing Communications:

Users can opt-out of receiving promotional communications from the Company by following the unsubscribe instructions in those communications or by changing their account settings.

Call Recording Consent Management:

Users are reminded that for jurisdictions requiring two-party or all-party consent for call recording, consent from all parties to the communication is necessary. If the Service provides features for Users to manage announcements or consent mechanisms for their incoming voicemails, details will be available within the Service settings or support documentation.

Table 3: Your Privacy Rights and How to Exercise Them

7. Data Security

The Company implements and maintains reasonable technical and organizational security measures designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Encryption: Personal information, including voicemail audio and transcripts, is encrypted both in transit (e.g., using TLS/SSL) and at rest (e.g., using AES-256 or similar standards).
• Access Controls: Strict access controls are enforced to limit access to personal information to authorized personnel who have a legitimate need to access it for their job responsibilities. This includes role-based access controls and multi-factor authentication where appropriate.
• Pseudonymization and Anonymization: Where feasible and appropriate, techniques such as pseudonymization or anonymization are applied, particularly when data is used for analytics or AI model training, to reduce the risk of re-identification.
• Regular Security Assessments: The Company conducts regular security audits, vulnerability assessments, and penetration testing to identify and remediate potential security weaknesses.
• Secure Software Development: Security considerations are integrated into the software development lifecycle.
• Physical Security: Secure data centers with appropriate physical security measures are used to host the Service and store data.

Voice data is inherently sensitive, and AI systems can present novel security challenges (e.g., model evasion, data poisoning). The Company's security program specifically considers these risks associated with AI and voice data processing.

Despite these efforts, it is important to acknowledge that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while the Company strives to use commercially acceptable means to protect personal information, it cannot guarantee its absolute security.

Users also play a role in data security. They are responsible for maintaining the confidentiality of their account credentials (e.g., passwords) and for securing the devices they use to access the Service.

Data Breach Notification Procedures:

In the event of a data breach involving personal information, the Company has procedures in place to respond promptly. This includes assessing the scope and impact of the breach, taking steps to contain and mitigate it, and notifying relevant regulatory authorities (e.g., within 72 hours of becoming aware, as required under GDPR for certain breaches) and affected individuals if the breach is likely to result in a high risk to their rights and freedoms.

8. Data Retention

The Company retains personal information, including voicemail recordings and transcripts, only for as long as necessary to fulfill the purposes for which it was collected and processed. The criteria used to determine retention periods include:

• Provision of the Service: Data is retained for the duration the User maintains an active account and as necessary to provide the features of the Service.
• Legal and Regulatory Obligations: Retention periods may be dictated by applicable laws and regulations (e.g., for financial records, or in response to legal holds).
• Resolution of Disputes and Enforcement of Agreements:Information may be retained as necessary to resolve disputes, enforce the Company's terms of service, or defend legal claims.
• Business Needs: For purposes such as AI model integrity and improvement, data may be retained. However, this is balanced against data minimization principles. For AI model training, raw personal data is retained for the shortest period necessary, and efforts are made to use de-identified, aggregated, or anonymized data for longer-term model evolution. Indefinite retention of identifiable user voicemails for potential future model training is avoided.
• User Choices: Users may have the ability to delete individual voicemails or their entire account. When a User deletes a voicemail or their account through the Service interface:
  • The data is typically marked for deletion and removed from active systems promptly.
  • It may persist in backup archives for a limited period (e.g., 30-90 days) before being permanently erased, as per standard backup rotation schedules. This backup data is not accessed for operational purposes.
  • If data has been used to train AI models, the deletion from active systems does not automatically remove its learned influence from already trained models. The Company is transparent that retraining models to exclude specific past data is a complex process and may occur periodically or based on aggregated deletion requests.

The Company is committed to transparency regarding what happens to data upon User-initiated deletion versus any backend retention for legitimate, specified purposes (such as short-term backups or, if explicitly stated and based on a lawful ground, de-identified data for long-term AI training).

9. International Data Transfers

Personal information collected by the Company may be transferred to, stored in, and processed in countries other than the User's country of residence. These countries may have data protection laws that are different from, and potentially less protective than, the laws of the User's jurisdiction. AI services often leverage global cloud infrastructure, making such transfers common.

If the Company transfers personal information originating from the European Economic Area (EEA), the United Kingdom (UK), or Switzerland to countries that have not been deemed to provide an adequate level of data protection by the relevant authorities, it relies on appropriate legal safeguards. These safeguards may include:

• Adequacy Decisions: Transferring data to countries recognized by the European Commission (or relevant UK/Swiss authorities) as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): Implementing SCCs as approved by the European Commission (or relevant UK/Swiss authorities) between the Company and the data importer. These clauses impose data protection obligations on the data importer.
• Binding Corporate Rules (BCRs): For intra-group transfers, BCRs approved by competent data protection authorities may be used.
• EU-U.S. Data Privacy Framework (DPF) and UK/Swiss Extensions:If the Company or its relevant sub-processors are certified under the DPF and its extensions, this may serve as a valid transfer mechanism for data from the EU, UK, and Switzerland to the United States.

The Company's primary data processing servers may be located in. Information about the locations of key sub-processors can be found in the Company's sub-processor list. The Company stays informed of legal developments concerning international data transfers, such as those arising from rulings like Schrems II and subsequent frameworks, to ensure ongoing compliance.

If a User is located in the EEA or UK and the Company is not established in the EU, an EU Representative may be appointed as required by GDPR. Contact details for any such representative would be provided in Section 13.

10. Children's Privacy

The Service is not intended for or directed at individuals under the age of. The Company does not knowingly collect personal information from children under this specified age.

If the Company becomes aware that it has inadvertently collected personal information from a child under this age without verifiable parental consent (where required), it will take steps to delete that information promptly. If a parent or guardian believes that their child has provided personal information to the Company without their consent, they should contact the Company using the details in Section 13.

The California Consumer Privacy Act (CCPA)/CPRA has specific requirements for businesses that "sell" or "share" the personal information of minors. If the Company has actual knowledge that a User is under 16 years of age, it will not sell or share their personal information without affirmative authorization (opt-in consent) from the minor if they are between 13 and 16, or from their parent or guardian if they are under 13. Given the nature of the Service, it is not anticipated that it will be used by individuals who would trigger these specific opt-in requirements, but the Company remains vigilant.

Processing children's voice data, especially for AI model training, would raise significant ethical and legal concerns. Therefore, the Company strictly prohibits the knowing collection and processing of children's voice data for such purposes.

11. Use of AI and Automated Decision-Making

The Company is committed to transparency regarding its use of Artificial Intelligence (AI) in the Service.

• Transparency about AI Use: The Service utilizes AI to process voicemails and provide various features. These functionalities include, but are not limited to, automated voicemail transcription, summarization of messages, analysis of call patterns for spam detection, and potentially other analytical capabilities designed to enhance the User experience.
• Data Used for AI: The primary data fueling these AI systems are the voicemail audio recordings, the AI-generated transcripts of these recordings, and User interactions with AI-powered features (e.g., corrections to transcripts, feedback on summaries).
• Purpose of AI Processing: AI is employed to deliver innovative and efficient voicemail management tools, improve the accuracy of transcriptions and other AI outputs, and personalize the User experience where appropriate.
• AI Model Training:
  • The Company is explicit that User data, including voicemail audio and transcripts, may be used to train and improve the AI models that underpin the Service. This ongoing training is essential for maintaining and enhancing the quality, accuracy, and capabilities of the AI.
  • Lawful Basis: The legal basis for using User data for AI model training is typically explicit consent or legitimate interest, coupled with robust privacy safeguards. Where legitimate interest is relied upon, it is based on the Company's interest in providing a state-of-the-art, continuously improving service, balanced against the User's privacy rights.
  • Privacy-Preserving Techniques: When User data is used for general AI model training (i.e., to improve the models for all users, not just for personalizing the individual User's service), the Company employs techniques to protect privacy. These may include de-identification, pseudonymization, aggregation of data, or other methods designed to prevent the direct identification of individuals. The Company may also explore and implement advanced privacy-enhancing technologies such as differential privacy, which adds statistical noise to data or model parameters to provide mathematical guarantees against re-identification of individual contributions to the training dataset.
  • User Choices: Users may be provided with choices regarding the use of their data for general AI model training. This could take the form of an opt-in mechanism or an opt-out right, clearly presented within the Service settings or account preferences. The trend among leading AI providers is towards greater user control over data used for training general models, and the Company aims to align with these best practices.
• Automated Decision-Making:
  • The AI Voicemail Assistant is primarily designed to assist Users in managing their voicemails and is not intended to make automated decisions that have legal or similarly significant effects on Users.
  • However, if future features were to involve such automated decision-making (e.g., an AI-driven system that automatically blocks callers based on complex analysis, leading to a significant impact on the User's ability to receive communications), the Company would provide Users with meaningful information about the logic involved (in a general, understandable manner), the significance, and the envisaged consequences of such processing. In such scenarios, Users would also be informed of their rights to obtain human intervention, express their point of view, and contest the automated decision, in line with requirements such as Article 22 of the GDPR.
• Fairness and Accuracy:
  • The Company recognizes the potential for biases in AI models and is committed to ongoing efforts to promote fairness, accuracy, and mitigate harmful biases in its AI systems. This includes careful dataset selection (where applicable for pre-training), model evaluation, and monitoring for performance disparities. The challenge of AI "black boxes" is acknowledged, and while full algorithmic explainability of complex models can be difficult, the Company strives for transparency in how AI is generally used and what types of data influence its outputs.
  • Data derived by the AI (e.g., sentiment scores, inferred topics from voicemails) is also considered personal data if linked to an individual. The use of this AI-derived data will adhere to the same principles of purpose limitation and lawful basis as other personal data.

12. Changes to This Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in its practices, the Service, legal requirements, or advancements in technology. The "Last Updated" date at the top of this Policy indicates when it was last revised.

Users will be notified of material changes to this Privacy Policy. Notification methods may include sending an email to the registered email address, providing an in-app notification, or posting a prominent notice on the Company's website. Minor updates or clarifications may be made without direct notification beyond updating the "Last Updated" date.

Users are encouraged to review this Privacy Policy periodically to stay informed about how their personal information is collected, used, and protected. Continued use of the Service after any changes to this Privacy Policy constitutes acceptance of the revised terms. For material changes that significantly alter data processing practices, the Company may seek renewed consent where required by law.

13. Contact Information

For any questions, concerns, or complaints about this Privacy Policy or the Company's data handling practices, or to exercise privacy rights, Users may contact the Company through the following channels:

If the Company has appointed a Data Protection Officer (DPO) as per GDPR requirements, their contact details will be provided here or can be obtained by contacting the Privacy Office.

If the Company is required to appoint an EU or UK Representative under Article 27 of the GDPR, their contact details will be provided here:

The Company is committed to addressing privacy inquiries promptly and effectively. An easily accessible and responsive privacy contact point is critical for building trust, especially for an AI service handling sensitive voice data.