Privacy Policy
VoiceForge Pro · Last updated: 29 April 2025
Who We Are and How to Contact Us
VoiceForge Pro ("we", "us", or "our") is the data controller responsible for your personal data when you use our Platform at voiceforge.pro.
Data Controller Contact
Email: hello@voiceforge.pro
Website: voiceforge.pro
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at hello@voiceforge.pro. For users in the European Economic Area, if we are required to appoint an EU representative under Article 27 GDPR, details will be updated here.
What Data We Collect and Why
A — Data You Provide Directly (Platform Users)
| Data Category | What We Collect | Why |
|---|---|---|
| Registration & Account | Full name, email address, business name, password (hashed), billing address | Contract performance; legal obligation (financial records) |
| Payment Information | Processed by our payment provider. We do not store full card details. | Contract performance |
| Agent Configuration | System prompts, knowledge base, training materials, voice preferences | Contract performance (operating your AI agents) |
B — Data Generated Through Platform Use
| Data Category | What We Collect | Why |
|---|---|---|
| Call Data | Caller phone numbers, call recordings (if enabled), transcripts, AI-generated summaries, structured extracted data, call duration & timestamps | Contract performance (call handling & dashboard services) |
| Usage & Analytics | Pages visited, feature usage, login timestamps, IP addresses, browser & device info, error reports | Legitimate interest (security, fraud prevention, platform improvement) |
C — Data Collected Automatically
We use cookies and similar tracking technologies on our website. Please see Section 9 for full details on our use of cookies.
Lawful Basis for Processing
We process your personal data under the following lawful bases under UK/EU GDPR:
| Legal Basis | Article | When We Use It |
|---|---|---|
| Contract Performance | Art. 6(1)(b) | Providing the Platform, managing your account, fulfilling contractual obligations |
| Legal Obligation | Art. 6(1)(c) | Tax law, financial regulations, court orders, regulatory requirements |
| Legitimate Interests | Art. 6(1)(f) | Platform improvement, security, fraud prevention, relevant communications |
| Consent | Art. 6(1)(a) | Marketing communications, non-essential cookies. You may withdraw consent at any time. |
How We Share Your Personal Data
We do not sell your personal data. We share it only in the circumstances described below.
4.1 — Service Providers (Data Processors)
- Twilio Inc. — Telephony; provisions telephone numbers and routes calls. (USA)
- OpenAI — AI; powers conversational AI responses via LLM inference. (USA)
- Anthropic — Alternative LLM provider for AI responses. (USA)
- ElevenLabs — Voice; generates AI voice output for agents. (USA)
- MongoDB Atlas — Database; secure storage of Platform data.
- Payment Provider — Billing; processes payment information. We do not store full card details.
All service providers are contractually bound to process data only on our instructions and in compliance with applicable data protection law.
Google Integrations and Data Access
VoiceForge Pro optionally integrates with Google services — specifically Google Calendar and Gmail — to provide appointment booking and call notification features. These integrations are entirely optional and are only activated when a user explicitly connects their Google account from within the VoiceForge Pro platform. VoiceForge Pro accesses Google user data solely through Google's official OAuth 2.0 authorisation flow, and only to the extent necessary to deliver the specific feature the user has enabled.
Google Calendar. VoiceForge Pro integrates with Google Calendar via OAuth 2.0 to enable AI voice agents to book appointments in real time during live phone calls. When a user connects their Google Calendar account, VoiceForge Pro reads the user's calendar availability to identify genuine free slots based on their configured working hours and existing commitments, and creates appointment events on the user's behalf when a caller confirms a booking. Each event contains the caller's name, phone number, and the nature of their request, as captured by the AI agent during the call. VoiceForge Pro does not read, store, modify, or delete the content of any existing calendar events beyond checking free and busy status. Calendar data is used exclusively in real time to serve the authenticated user during their active session and is not exported, shared with any third party, used for advertising, or used for any purpose other than creating the booking the user's agent has confirmed.
Gmail. VoiceForge Pro optionally integrates with Gmail via OAuth 2.0 to send call summary notifications and booking confirmation emails from the user's own Gmail address. When a user enables this feature, VoiceForge Pro uses the Gmail send permission exclusively to compose and deliver outbound emails on the user's behalf. These emails contain only information generated by VoiceForge Pro during the call — the caller's name, phone number, call summary, and any booking details — and are sent to the user's own inbox or to contacts the user has explicitly configured to receive notifications. VoiceForge Pro does not read, scan, index, search, or process any messages in the user's Gmail inbox or sent folder. We do not access message metadata, labels, threads, attachments, contacts, or any other Gmail data beyond what is strictly required to send the outbound notification. Gmail user data is not stored beyond what is necessary to deliver the notification, is not shared with any third party, and is not used for advertising, analytics, profiling, or any purpose other than delivering the notification the user has configured.
Revoking Access. Users may revoke VoiceForge Pro's access to their Google account — including both Google Calendar and Gmail — at any time by visiting myaccount.google.com/permissions and removing VoiceForge Pro from the list of connected applications. Upon revocation, VoiceForge Pro will immediately cease all access to the user's Google data. No Google user data is retained by VoiceForge Pro after access has been revoked. If you have any questions about how VoiceForge Pro handles your Google account data, please contact us at support@voiceforge.pro.
4.2 — Business Transfers
In the event of a merger, acquisition, or sale of our business, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and material changes to how your data is handled.
4.3 — Legal Requirements
We may disclose personal data where required by law, court order, or regulatory authority, or to protect our legal rights, the safety of any person, or the integrity of the Platform.
4.4 — With Your Consent
We may share data with third parties where you have given your explicit consent.
International Data Transfers
Some of our service providers are located outside the United Kingdom and the European Economic Area. Where we transfer personal data internationally, we ensure appropriate safeguards are in place:
- Adequacy decisions by the UK Secretary of State or European Commission;
- Standard Contractual Clauses (SCCs) approved by the relevant authority;
- The UK International Data Transfer Agreement (IDTA) where applicable.
Transfers to Twilio, OpenAI, and Anthropic (all US-based) are protected by SCCs and/or the UK IDTA. You may request details of the specific safeguards in place for any transfer by contacting hello@voiceforge.pro.
How Long We Retain Your Data
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & Registration Data | Duration of account + 7 years after closure | Financial and tax record-keeping obligations |
| Call Recordings | 90 days from call date | Operational necessity; earlier deletion available in settings |
| Transcripts & Summaries | 12 months from call date | Operational necessity; configurable in account settings |
| Usage & Analytics Data | 12 months (identifiable); indefinitely (anonymised) | Platform improvement and security |
| Marketing Consent Records | Until withdrawal + 3 years | Compliance with PECR and GDPR accountability obligations |
When data is no longer required, we securely delete or anonymise it.
Your Rights Under GDPR
Under the UK GDPR and EU GDPR, you have the following rights. To exercise any right, contact us at hello@voiceforge.pro. We will respond within one month as required by law.
Right of Access (Art. 15)
Request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification (Art. 16)
Request correction of any inaccurate or incomplete personal data we hold.
Right to Erasure (Art. 17)
Request deletion of your personal data where it is no longer necessary or where you withdraw consent. Subject to legal exceptions.
Right to Restriction (Art. 18)
Request restriction of processing in certain circumstances, such as while accuracy is disputed.
Right to Portability (Art. 20)
Receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to Object (Art. 21)
Object to processing based on legitimate interests. We will cease unless we demonstrate compelling overriding grounds.
Automated Decisions (Art. 22)
Request human review of significant decisions made about you solely through automated means.
Withdraw Consent
Withdraw consent at any time where processing is based on consent. Withdrawal does not affect prior lawful processing.
Right to Lodge a Complaint
UK — Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
For users in the EU, you may contact the supervisory authority of your country of residence or place of work. We would appreciate the opportunity to address your concerns directly before you contact a supervisory authority.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration, or disclosure:
- Encryption of data at rest and in transit using TLS 1.2+ and AES-256;
- Access controls and role-based permissions limiting data access to authorised personnel;
- Secure hashing of passwords using industry-standard algorithms;
- Regular security assessments and penetration testing;
- Incident response procedures compliant with GDPR breach notification requirements.
Despite these measures, no method of transmission over the internet is 100% secure. In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law (within 72 hours of becoming aware where required).
Cookies
9.1 What Are Cookies. Cookies are small text files placed on your device when you visit our website. We use cookies to operate the Platform, remember your preferences, and analyse how users interact with our site.
9.2 — Types of Cookies We Use
| Cookie Type | Purpose | Legal Basis | Can Disable? |
|---|---|---|---|
| Strictly Necessary | Session management, login state, security (CSRF protection) | Legitimate interest / Contract | No |
| Functional | Language and dashboard preferences | Consent | Yes |
| Analytics | Understanding how users interact with the Platform to improve it | Consent | Yes |
9.3 Cookie Consent. When you first visit our website, you will be presented with a cookie consent banner. You may accept all cookies, reject non-essential cookies, or customise your preferences. You can change your preferences at any time via the cookie settings link in the footer of our website.
9.4 Managing Cookies. You can also control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Platform.
Children's Privacy
The Platform is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@voiceforge.pro and we will delete such data promptly.
Marketing Communications
11.1 We may send you marketing communications about our products, features, and offers where we have your consent or where we rely on the soft opt-in rule for existing customers under PECR.
11.2 Opting Out. You may opt out of marketing communications at any time by: (a) clicking the "unsubscribe" link in any marketing email; (b) contacting us at hello@voiceforge.pro; or (c) updating your preferences in your account settings.
11.3 Opting out of marketing will not affect transactional communications necessary for the operation of your account.
Data Processing Agreement (DPA)
12.1 Where you use the Platform to process personal data of your customers or other third parties (particularly through AI voice agents handling calls), we act as a data processor on your behalf and you act as the data controller.
12.2 Our Data Processing Agreement, incorporated by reference into our Terms of Service, governs this processing relationship and covers: the subject matter, duration, and nature of processing; types of personal data and categories of data subjects; your obligations as controller; our obligations as processor; and sub-processor arrangements.
12.3 By using the Platform for processing caller data, you confirm that you have a lawful basis for such processing, that you have provided appropriate notice to callers, and that you have the authority to appoint us as your data processor.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated Policy on our website with a new "Last updated" date and sending an email notification to your registered email address.
Your continued use of the Platform after the effective date of any change constitutes acceptance of the updated Policy. If you do not agree, you should cease using the Platform and contact us to close your account.
Contact and Complaints
For all data protection enquiries, to exercise your rights, or to raise a concern:
Data Protection Contact
Email: hello@voiceforge.pro
Website: voiceforge.pro
We aim to acknowledge all requests within 72 hours and respond substantively within one month as required by applicable law.