1. What Data We Collect
- Account data: Email address, name, and profile picture when you sign up via Google OAuth.
- Usage data: Messages you paste for reply generation, selected tones, generated replies, and session history.
- Payment data: Processed securely by Lemon Squeezy. We store your subscription ID but never your card details.
- Analytics data: Page views, feature usage, and anonymous interaction data via PostHog.
- Feedback data: Any feedback, NPS scores, or feature votes you submit.
2. How We Use Your Data
- To provide and improve the Voxa service, including AI reply generation.
- To enforce usage limits and manage your subscription.
- To send transactional emails (welcome emails, subscription confirmations).
- To improve our AI models and product based on anonymized usage patterns.
- We never sell your data to third parties.
3. Third-Party Services
- Supabase: Database and authentication (hosted in the EU).
- Lemon Squeezy: Payment processing (PCI-DSS compliant).
- Google Gemini: AI model for reply generation.
- PostHog: Product analytics (self-hostable, GDPR-aware).
- Sentry: Error tracking and monitoring.
- Resend: Transactional email delivery.
- Upstash: Rate limiting via Redis.
- Notion: Internal feedback and voting storage.
4. Data Retention
Your reply sessions and account data are retained as long as your account is active. When you delete your account, all associated data is permanently deleted within 30 days. Analytics data is anonymized and may be retained for up to 12 months for product improvement purposes.
5. Your Rights
- Access: You can view all your data in the History and Settings pages.
- Delete: You can delete your account and all data from Settings → Danger Zone.
- Export: Contact us to request a full export of your data.
- Correction: Update your profile information at any time.
- Portability: Request your data in a machine-readable format.
6. Contact
For privacy-related questions or requests, contact us at privacy@voxa-app.com.