Privacy Policy

Last updated: 19-01-2026

1. Legal Entity

This Privacy Policy applies to the services provided by:

  • Legal entity: HSR Agency
  • Trade name: Vocito.ai
  • Legal form: Sole proprietorship (eenmanszaak)
  • Registered in: The Netherlands
  • Contact: keanu@vocito.ai

2. Applicability

This Privacy Policy applies to:

  • Business users (B2B)
  • Individual users (B2C)
  • All users worldwide

By accessing or using the Services, you acknowledge and accept this Privacy Policy.

3. Categories of Data Processed

3.1 Account & Business Information

  • Names, email addresses, company details
  • Authentication credentials
  • Billing and subscription information

3.2 Call & Communication Data (User-Configurable)

Depending on user configuration, the platform may process:

  • Call metadata
  • Call recordings
  • Transcripts
  • AI-generated summaries, classifications, and outputs

Recording, transcription, and storage are strictly user-controlled.

3.3 Technical & Usage Data

  • IP address
  • Device identifiers
  • Browser and system data
  • Logs, timestamps, and platform interaction data

4. Artificial Intelligence Processing

Vocito.ai uses AI technologies for:

  • Speech-to-text transcription
  • Natural language analysis
  • Call summarization
  • Lead qualification and decision support

Data may be used to improve, train, and optimize AI systems, unless explicitly restricted by the user.

5. Purpose of Processing

Data is processed for:

  • Service delivery and execution
  • AI-powered automation workflows
  • Platform optimization and security
  • Legal, regulatory, and compliance obligations

6. Data Retention

All data retention periods are fully configurable by the user.

Vocito.ai does not enforce default retention beyond what is technically required to operate the Services.

7. Third-Party Subprocessors

Vocito.ai relies on third-party infrastructure and subprocessors, including but not limited to:

  • Telnyx (telephony infrastructure)
  • OpenAI (AI processing)
  • ElevenLabs (voice synthesis)
  • Supabase (database and authentication)
  • Paddle (payment processing)

Each subprocessors processes data under contractual confidentiality and security obligations.

8. Legal Basis (GDPR)

Processing is based on:

  • Contractual necessity
  • Legitimate interest
  • User consent (where applicable)
  • Legal obligations

9. Security

We apply technical and organizational security measures aligned with industry standards.

No system can guarantee absolute security.

10. User Rights

Users may request access, correction, or deletion of data by contacting:

keanu@vocito.ai

Requests may be limited where legally permissible.

11. Policy Updates

We reserve the right to modify this Privacy Policy at any time.

Continued use constitutes acceptance of changes.