Voice Gecko – Privacy Policy

1. Scope of this Privacy Policy

This Privacy Policy applies to information collected through your use of the Service, including our website, apps, API, and when you interact with us (for example, contacting support).

It does not cover:

• Information we process as an employer (covered by our internal HR policies).
• Information processed under separate contracts (e.g., a Data Processing Addendum).

This Privacy Policy is part of and subject to our Terms of Service.

16. Contact us

If you have any questions or requests about this Privacy Policy or how we handle your data, contact us:

• Email: privacy@voicegecko.com
• Support: support@voicegecko.com
• Legal: legal@voicegecko.com

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email (if you have an account) or by posting a notice on our site. The date at the top always shows when it was last updated.

14. Links to other websites

The Service may contain links to third-party sites. We are not responsible for their privacy practices. Please review their policies.

13. Business changes

If we undergo a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to this Privacy Policy.

12. Marketing communications

We may send you transactional emails (e.g., account confirmations, billing notices, service updates). You cannot opt out of these while using the Service.

We may send marketing emails (e.g., newsletters, promotions) if you opt in or where permitted by law. You can opt out anytime by clicking “unsubscribe” in the email or emailing privacy@voicegecko.com.

11. Security of your data

We use appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, and monitoring.

No system is 100% secure, but we follow industry best practices and review our controls regularly. See our published Security Policy for more details.

10. Your rights under GDPR

As a UK or EU data subject, you have the following rights:

• Access – request a copy of your personal data.
• Rectification – correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) – request deletion of your data, subject to legal obligations.
• Portability – request transfer of your data to another provider.
• Restriction – request limits on processing in certain cases.
• Objection – object to processing based on legitimate interests, including direct marketing.
• Withdraw consent – where processing is based on consent, you can withdraw it anytime.

You can exercise your rights by emailing privacy@voicegecko.com. We may need to verify your identity before fulfilling a request.

If you are unhappy with our handling of your data, you have the right to complain to the Information Commissioner’s Office (ICO) (www.ico.org.uk) or your local regulator.

9. Children’s privacy

The Service is not intended for or directed to children under 16. We do not knowingly collect data from anyone under 16. If you believe a child under 16 has provided us data, please contact us and we will delete it.

8. How long we keep your data

• Account data – kept while your account is active. Deleted if you close your account.
• Dictations – kept until you delete them or close your account.
• Logs and analytics – kept for a limited time (typically 12–24 months) for troubleshooting and performance monitoring.
• Legal and financial records – kept as required by law (e.g., tax records).

When data is no longer needed, we securely delete or anonymise it.

7. International data transfers

We are a UK company, but many of our service providers (such as AWS and Stripe) may store or process data outside the UK and EEA, including the United States.

Where data is transferred internationally, we ensure safeguards are in place, such as Standard Contractual Clauses approved by the UK/EU. By using the Service, you acknowledge your data may be transferred to countries that may not have the same data protection laws as your home country, but always subject to these safeguards.

6. Sharing of information

We only share personal data where necessary:

• Service providers – hosting (AWS, Vercel), payment processing (Stripe), email delivery (e.g., SendGrid), analytics, error tracking. These providers act as processors under GDPR and only process data on our behalf.
• Legal requirements – if required by law, court order, or regulatory authority.
• Business transfers – if we are acquired, merge, or sell assets, your data may transfer as part of that transaction.
• With your consent – where you ask us to connect with third-party services or integrations.

We do not sell personal data to advertisers.

5. Cookies and tracking

• Enable core functions (authentication, account security).
• Analyse usage and performance.
• Deliver optional marketing (if you consent).

You can control cookies in your browser settings and via our Cookie Policy.

4. How we use the information

• Provide and operate the Service (including processing your audio into dictations).
• Process payments and subscriptions.
• Communicate with you (transactional messages, support, service updates, optional marketing).
• Personalise and improve the Service.
• Monitor, troubleshoot, and secure the Service.
• Comply with legal obligations.

We may also use aggregated or de-identified data for analytics and product development.

3. Why we use your data (our legal bases)

We use your data only when we have a lawful basis under UK GDPR:

• Contract – to provide the Service you requested (account setup, dictations, billing, support).
• Legitimate interests – to secure and improve the Service, prevent abuse, analyse usage, and market to existing customers.
• Consent – for optional activities such as sending you marketing emails or placing certain cookies. You can withdraw consent at any time.
• Legal obligation – to comply with tax, accounting, or regulatory requirements.

We do not sell your data.

2. What information we collect

We collect both personal data (information that identifies you or could identify you) and non-personal data (technical or statistical information).

2.1 Personal data you provide directly

• Account information – name, email address, password.
• Billing information – handled by our payment processor (e.g., Stripe). We do not store full payment card details ourselves.
• Support and correspondence – if you contact us by email or otherwise, we keep your communications.

2.2 Personal data we collect automatically

• Usage data – which features you use, actions you take, and how you interact with the Service.
• Device and connection data – IP address, browser type, device type, operating system, referring/exit pages, crash logs.
• Cookies and tracking – we and our partners use cookies, pixels, and similar technologies for analytics, functionality, and (if you consent) marketing. See our Cookie Policy for details.
• Log files – we record non-identifying data such as IPs, timestamps, and error events.

2.3 Data you upload

When you use the Service, you may upload audio files and generate dictations (“User Content”). Audio is not stored unless required for support or a feature you enable; dictation text is stored so you can access and manage it.

2.4 Information from others

• Third-party services – if you connect external accounts or services (for example, through an integration), we may receive data from those services depending on your settings.
• Service providers – we may receive technical or analytical data from providers (e.g., error tracking, analytics).

We do not knowingly collect sensitive categories of data (e.g., health, political views, religion) and you should not upload such data to the Service.