Privacy Policy

1. INTRODUCTION

This Privacy Policy ("Policy") explains how Actual Voice Inc. ("Actual Voice," "we," "us," or "our") collects, uses, stores, and protects information when you use our voice feedback platform (the "Service").

1.1 Applicability

This Policy applies to:

• Respondents: Individuals who record voice feedback (employees, customers, patients, students, etc.)
• Customers: Organizations that use our Service to collect feedback
• Visitors: Anyone who visits our website

1.2 Our Commitment

We believe privacy is a competitive advantage, not just a compliance requirement. This Policy explains our practices in plain language with specific technical commitments.

2. INFORMATION WE COLLECT

2.1 Voice Recordings (Temporary)

When you record voice feedback through the Service:

Data Collected:

• Audio recording (60-90 seconds, .wav or .webm format)
• Recording timestamp
• Device information (browser type, operating system)
• Session metadata (which prompt you are responding to, which feedback question)

Retention: Audio files are automatically deleted after processing, typically within 10-15 seconds of upload. We extract insights from the audio (see Section 2.2 below), then permanently delete the recording.

Legal Significance: Under many privacy laws, voice recordings may be considered "biometric identifiers." By deleting the audio files promptly, we minimize this classification and your privacy risk.

2.2 Extracted Voice Features (Permanent)

Before deleting audio, we extract the following features for analysis:

Text-based Data:

• Transcript (word-for-word text of what you said)
• Detected themes (topics you mentioned, e.g., "service," "quality," "workload")
• Sentiment analysis (positive, negative, neutral tone)

Emotion-based Data:

• Emotion scores and sentiment analysis generated by OpenAI's audio API
• Tone and prosodic features (pitch variation, speaking pace, pauses)
• Emotional intensity indicators (energy level, conviction, engagement)

Acoustic-based Data:

• Prosodic features: pitch, speaking pace, pause patterns, volume
• Voice quality indicators (but NOT biometric voiceprints)

Derived Metrics:

• VDI (Voice Dynamics Index): composite score combining sentiment, intensity, and conviction
• Embedding vector (768-dimensional mathematical representation used for pattern recognition)

Data NOT Stored:

• Raw audio files (deleted after processing, typically 10-15 seconds after upload)
• Biometric voiceprints that could identify you across platforms
• Your name, email, or employee ID
• IP addresses (beyond temporary processing logs that are deleted within 7 days)

2.3 Metadata

We collect limited metadata to organize responses:

• Question ID (which feedback campaign you are responding to)
• Response ID (unique identifier for your specific response)
• Timestamp (when you recorded)
• Category (e.g., "Employee Engagement," "Customer Experience," "Student Feedback")
• Organization ID (links your response to the organization that requested feedback)

Important: Metadata does NOT include your personal identifiers (name, email, employee ID) unless your organization explicitly adds these and you consent.

2.4 Customer Account Information

If you represent an organization using the Service, we collect:

• Account registration details (name, email, company name)
• Billing information (credit card via Stripe; we do not store card numbers)
• Usage data (number of questions created, responses received, features used)
• Support communications (emails, chat transcripts)

2.5 Website Analytics

We use standard web analytics (Google Analytics, Vercel Analytics) to understand how people use our website:

• Pages visited
• Time on site
• Referral source
• Device type and browser

We do NOT link website analytics to voice feedback responses.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Use: Providing Insights to Organizations (Data Processor Role)

When an organization requests feedback through the Service, we process voice responses on their behalf to generate insights.

Processing Activities:

• Transcribe voice recordings
• Detect emotions and themes
• Calculate aggregate metrics (VDI, sentiment trends, patterns)
• Display insights to the organization's authorized users

Information Disclosed to Organizations:

• Aggregated themes across multiple responses (e.g., "32 mentions of service speed")
• Synthesized patterns (e.g., "People value: prompt service, friendly staff, clean facilities")
• Emotional trends (e.g., "Overall sentiment: +78, trending up 5 points")
• VDI metrics (sentiment, intensity, conviction across groups or time periods)

Information NOT Disclosed to Organizations:

• Individual audio recordings (deleted immediately after processing)
• Individual transcripts attributed to specific respondents (anonymized)
• Direct quotes from specific people (we show synthesized patterns only)
• Who said what (minimum 5+ responses required before showing segmented insights)

Note: The organization that requested your feedback determines how they use these insights. We provide the analysis platform; they determine the context and application.

3.2 Secondary Use: Product Improvement and Model Training (Independent Controller Role)

We use anonymized, aggregated voice features to improve the Service for all users across all contexts.

Specific Uses:

• Train AI models to better detect emotions, themes, and sentiment patterns
• Calibrate VDI algorithms for more accurate analysis
• Develop new features (e.g., trend prediction, automated pattern recognition)
• Create cross-industry benchmarks (e.g., "Average sentiment score in hospitality: +72")
• Research and publish aggregate insights (e.g., "State of Voice Feedback 2026" report)

Prohibited Uses:

• Sell your data to third parties (we are not a data broker)
• Use your data for advertising or marketing to you
• Train general-purpose AI models unrelated to our Service
• Share organization-specific insights with other organizations
• Re-identify individuals from anonymized datasets

Important: This secondary use applies to anonymized data only. We cannot (and do not attempt to) trace training data back to individual respondents or specific organizations.

Legal Basis: Legitimate interest (improving our product for all users) balanced with strong privacy protections (anonymization, purpose limitation, deletion of sensitive identifiers).

4. HOW WE PROTECT YOUR PRIVACY

4.1 The Audio Deletion Process

Process Overview:

1. You finish recording → Audio uploaded to encrypted cloud storage (AWS S3)
2. Processing begins immediately → Whisper API transcribes, OpenAI Audio analyzes emotion, GPT-4 extracts themes
3. Features extracted → Data saved to database (transcript, emotions, themes)
4. Audio file deleted → Automated deletion immediately after processing, typically 10-15 seconds after upload
5. Audit log created → Every deletion is logged with file ID and timestamp

Failsafes:

• S3 lifecycle policy: Backup deletion after 1 hour (if automated job fails)
• Monitoring alerts: Operations team notified immediately if deletion job fails
• Automated retry: If initial deletion fails, system retries every 5 minutes
• Public dashboard metric: "Audio files currently stored: 0" (visible to all customers)

Sub-processor Retention:

• OpenAI (Whisper): 30-day API logs (metadata only, not audio)

4.2 Anonymization Standards

We use multiple layers to prevent re-identification of individual respondents:

Layer 1: Aggregation Thresholds

• Segmented insights only shown when 5+ people respond in that segment (configurable higher by the organization)
• Below threshold → Only broader aggregate data shown
• Organizations can increase threshold (10, 15, 20) based on their sensitivity requirements, but never decrease below 5

Layer 2: No Direct Quotes

• We never show direct quotes or "representative examples" from individual responses
• Instead, we synthesize patterns across many responses
• This eliminates re-identification via context clues

Layer 3: No Individual Access

• Organizations cannot view individual transcripts or responses through the platform
• API endpoints return aggregates only
• No export function for individual-level data

Layer 4: Time Aggregation

• Responses aggregated over time periods (daily, weekly, monthly)
• No timestamp precision that would allow triangulation

Layer 5: Segment Combination

• When multiple filters are applied, we enforce higher thresholds
• System prevents "narrowing down" to small groups

4.3 Encryption and Security

In Transit:

• TLS 1.3 encryption for all data transfers
• HTTPS everywhere

At Rest:

• AES-256 encryption for database (Supabase default)
• Encrypted backups

Access Controls:

• Role-based access (only authorized personnel can access databases)
• Two-person approval required for engineering access to production data
• Admin audit logs (track what organization administrators accessed)

Security Practices:

• Annual penetration testing (starting Month 6)
• SOC 2 Type II certification (target: Month 12-18)
• Regular security audits
• Incident response plan

5. DATA SHARING AND THIRD PARTIES

5.1 Sub-Processors (Third-Party Service Providers)

We use the following sub-processors to operate the Service:

5.2 Data Transfers Outside Canada

Some of our sub-processors are located in the United States. Data transfers to the US are subject to:

• Standard Contractual Clauses (SCCs) per GDPR requirements
• Privacy Shield frameworks (where applicable)
• Sub-processor commitments to data protection standards

If you are in Canada or EU and have concerns, contact us: privacy@actualvoice.ai

5.3 Prohibited Data Sharing

We do NOT share data with:

• Advertisers or marketing companies
• Data brokers
• Social media platforms
• Your organization's competitors
• Any third party for purposes unrelated to providing the Service

Exception: We may share data if legally required (court order, subpoena, regulatory request). We will notify you unless prohibited by law.

6. DATA RETENTION

After Account Closure:

• Customer account data deleted within 90 days
• Anonymized, aggregated data may persist (used for benchmarking, model training)
• Individual responses can be deleted on request (see Section 7)

7. YOUR RIGHTS AND CHOICES

You have the following rights regarding your voice feedback data:

7.1 Right to Access

You may request a copy of your data, including:

• Transcript of your voice responses
• Emotion scores and VDI metrics
• Themes extracted from your feedback
• Metadata (timestamps, question IDs)

How to Request: Email privacy@actualvoice.ai with subject line "Access Request"

Response Time: Within 30 days

7.2 Right to Deletion

You may request deletion of your voice response:

• We will delete your transcript, emotion scores, and themes from our production database
• Anonymized data in training datasets may persist (it cannot be traced back to you)
• We will notify your organization that your response has been removed

How to Request: Email privacy@actualvoice.ai with subject line "Deletion Request"

Response Time: Within 30 days

Note: If you are an EU resident, this is your "Right to Erasure" under GDPR.

7.3 Right to Correction

If we have incorrectly transcribed your response, you can request correction:

• We will update the transcript if technically feasible
• Emotion scores and themes may be regenerated based on corrected transcript

How to Request: Email privacy@actualvoice.ai with subject line "Correction Request"

7.4 Right to Object

You can object to:

• Your organization using the Service to collect feedback from you
• Your data being used for model training (we will honor this request)

How to Object: Contact your organization first (they control the feedback process), or email us at privacy@actualvoice.ai

7.5 Right to Data Portability

You may request your data in a machine-readable format (JSON, CSV):

• Transcripts, emotion scores, themes, VDI metrics
• We will provide within 30 days

How to Request: Email privacy@actualvoice.ai with subject line "Portability Request"

7.6 Right to Opt Out

You can opt out of future feedback requests:

• Organizations control who receives feedback requests
• Contact the organization directly to opt out
• We will honor opt-out requests if you contact us directly: privacy@actualvoice.ai

8. SPECIAL CONSIDERATIONS BY INDUSTRY

8.1 Employee Engagement (Workplace Feedback)

Additional Protections:

• Default anonymization threshold: 5+ responses for team-level insights
• Managers cannot access individual recordings or transcripts
• Organizations must comply with employment laws (NLRA, provincial labor laws)
• No retaliation policies enforced by organization (not Actual Voice)

Organization Responsibilities:

• Obtain consent before collecting feedback
• Not use feedback for retaliation or surveillance
• Maintain psychological safety

8.2 Healthcare (Patient Feedback)

Current Limitation: Healthcare customers can only collect feedback about experiences (e.g., check-in process, wait times, staff friendliness), NOT Protected Health Information (PHI) such as:

• Medical conditions, diagnoses, treatments
• Medications or procedures
• Specific doctor names in medical context

PHI Blocking: Our system automatically detects and blocks prompts that would elicit PHI.

HIPAA Compliance: Actual Voice is NOT currently HIPAA-compliant. Healthcare organizations must ensure prompts do not elicit PHI. Full HIPAA compliance (BAA, audit logs, etc.) planned for future release.

8.3 Education (Student Feedback)

FERPA Considerations (US Schools):

• Student responses are "education records" if they contain student identifiers
• Schools must obtain parental consent for students under 13 (COPPA)
• Anonymization threshold: 5+ students minimum

Age Restrictions: Service not intended for children under 13 without parental consent.

8.4 Hospitality & Retail (Customer Feedback)

Lower Anonymization Thresholds:

• Default: 3+ responses (lower retaliation risk for transactional feedback)
• Organizations can still increase threshold if desired

9. INTERNATIONAL USERS

9.1 Canadian Users (PIPEDA)

We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA):

• Consent obtained before collection
• Purpose specified and limited
• Data retained only as long as necessary
• You can access and correct your information
• You can file complaints with the Privacy Commissioner of Canada

9.2 US Users

California (CCPA/CPRA):

• Right to know what data we collect
• Right to delete data
• Right to opt out of "sale" (we do not sell data)
• Right to non-discrimination for exercising rights

Other US States: We comply with applicable state privacy laws (Virginia CDPA, Colorado CPA, etc.)

9.3 EU/UK Users (GDPR)

GDPR Applicability: If you are located in the European Union or United Kingdom, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and UK GDPR.

Legal Basis for Processing:

• Contract performance: Processing necessary to provide the Service to the organization
• Legitimate interest: Product improvement and model training, balanced with your privacy rights and our strong anonymization protections

Roles:

• Data Controller (primary): The organization that requested your feedback
• Data Processor: Actual Voice (processes data on behalf of the organization)
• Independent Controller: Actual Voice (for secondary use of anonymized data)

Your GDPR Rights:

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction
• Right to data portability
• Right to object
• Right to withdraw consent

How to Exercise Rights: Contact privacy@actualvoice.ai

Data Transfers: Some of our sub-processors are located outside the EU/UK (primarily in the United States and Canada). We ensure adequate protection through Standard Contractual Clauses (SCCs) and encryption measures.

Supervisory Authority: If you believe we have not complied with GDPR, you can lodge a complaint with your local Data Protection Authority.

10. CHILDREN'S PRIVACY

The Service is not intended for individuals under 13 (US) or 16 (EU) without parental consent.

• Organizations using the Service with minors must obtain parental consent
• We do not knowingly collect data from children without consent
• If we discover we have collected data from a child without consent, we will delete it immediately

Contact Us if you believe we have inadvertently collected data from a child: privacy@actualvoice.ai

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time.

When We Make Changes:

• We will post the new Policy on our website
• We will update the "Last Updated" date at the top
• For material changes, we will email customers 30 days in advance
• Continued use of the Service after changes constitutes acceptance

Material Changes Include:

• New data collection practices
• Expanded use of data beyond original purposes
• New sub-processors (we provide 30-day notice)
• Changes to deletion timelines or anonymization standards

12. CONTACT INFORMATION

Privacy Questions: privacy@actualvoice.ai

General Support: support@actualvoice.ai

Data Protection Officer: (to be appointed)

Mailing Address:

Response Time: We respond to privacy inquiries within 5 business days, and fulfill requests within 30 days.

13. REGULATORY AUTHORITIES

If you are not satisfied with our response to your privacy concerns, you can contact:

• Canada: Office of the Privacy Commissioner of Canada - https://www.priv.gc.ca
• California: California Attorney General - https://oag.ca.gov/privacy
• EU: Your local Data Protection Authority