Privacy Policy

Last Updated: December 8, 2025

1. Introduction

Voxara AI ("Voxara," "we," "our," or "us") is committed to protecting your privacy and handling your personal information with care, transparency, and in accordance with applicable law. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit our website at voxara.ca, use our AI voice receptionist services, or interact with us in any capacity.

We are a Canadian business operating from British Columbia, Canada, and we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and other relevant Canadian privacy laws. For customers in healthcare industries, we also maintain compliance with the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

By using our Services or providing us with your personal information, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services or provide us with your personal information.

2. Scope and Application

This Privacy Policy applies to:

• Website Visitors: Individuals who visit voxara.ca or interact with our online content
• Customers: Businesses and individuals who register for accounts and subscribe to our AI voice receptionist services
• End Users: Individuals who call businesses using our Services and whose voice data is processed through our platform
• Prospective Customers: Individuals who request demos, consultations, or information about our Services
• Business Contacts: Individuals we communicate with for business purposes, including vendors, partners, and service providers

This Privacy Policy does not apply to third-party websites, applications, or services that may be linked from our website or integrated with our Services. We encourage you to review the privacy policies of any third-party services you use.

3. Information We Collect

We collect various types of information depending on how you interact with our Services:

3.1 Information You Provide Directly

Account Registration Information: When you create an account, we collect your name, business name, email address, phone number, billing address, and payment information.

Profile and Configuration Data: Information you provide to customize your AI receptionist, including business hours, services offered, pricing information, appointment availability, greeting scripts, and industry-specific settings.

Communication Information: When you contact us for support, inquiries, or demos, we collect your name, email address, phone number, company information, and the content of your communications.

Payment Information: Credit card numbers, billing addresses, and payment method details necessary to process subscription fees. Note that payment card information is processed securely through our PCI-DSS compliant payment processors and is not directly stored on our servers.

3.2 Information Collected Through Use of Services

Call Recordings and Transcripts: Our Services record and transcribe phone conversations between the AI receptionist and callers to your business. These recordings capture voice data, conversation content, and metadata including call duration, time, date, and caller phone number.

Caller Information: Personal information provided by callers during conversations, which may include names, phone numbers, email addresses, appointment preferences, service requests, health information (for medical practices), addresses, and other information relevant to the caller's inquiry.

Appointment and Booking Data: Scheduling information including appointment dates, times, services requested, and any notes or preferences provided during booking.

Lead and Customer Data: Information about leads and customers generated through calls, including qualification status, inquiry details, follow-up requirements, and any data entered into your CRM or business systems through our integrations.

Usage Data: Information about how you use the Services, including feature usage, login frequency, configuration changes, and interaction patterns.

3.3 Automatically Collected Information

Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.

Log Data: Server logs that record technical information about your interactions with our website and Services, including access times, pages viewed, links clicked, and error messages.

Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to collect information about your browsing behavior, preferences, and interactions with our website. See Section 9 (Cookie Policy) for detailed information.

Analytics Data: Aggregated and anonymized data about website traffic, user demographics, popular features, and service performance collected through analytics tools such as Google Analytics.

3.4 Information from Third Parties

Integration Data: Information from third-party services you connect to our platform, including calendar systems (Google Calendar, Outlook), CRM platforms, communication tools, and business management software.

Business Verification Data: Information from business databases, credit bureaus, or verification services used to verify your business identity and creditworthiness.

Referral Information: If you are referred by a partner, affiliate, or another customer, we may receive information about you from that source.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Provide and Improve Services

• Operating our AI voice receptionist platform and delivering core functionality
• Processing and routing phone calls to appropriate responses or actions
• Recording, transcribing, and storing call data for your business records
• Managing appointments, bookings, and calendar integrations
• Qualifying leads and collecting customer information on your behalf
• Integrating with your CRM, calendar, and other business tools
• Training and improving our AI models to enhance accuracy, natural language understanding, and service quality
• Developing new features, capabilities, and industry-specific solutions

4.2 Account Management and Customer Support

• Creating and maintaining your account
• Authenticating your identity and preventing unauthorized access
• Processing payments and managing billing
• Providing customer support and responding to your inquiries
• Troubleshooting technical issues and resolving service problems
• Sending account-related notifications, service updates, and security alerts

4.3 Communication and Marketing

• Responding to your requests for information, demos, or consultations
• Sending promotional emails about our Services, features, and special offers (with your consent where required)
• Conducting surveys and collecting feedback to improve our Services
• Providing industry insights, best practices, and educational content
• Marketing our Services to prospective customers

You may opt out of promotional communications at any time by following the unsubscribe instructions in our emails or contacting us at hello@voxara.ca. Please note that even if you opt out of marketing communications, we will still send you transactional and service-related messages.

4.4 Security, Compliance, and Legal Obligations

• Detecting, preventing, and responding to fraud, security threats, or illegal activities
• Enforcing our Terms of Service and other policies
• Complying with legal obligations, court orders, and regulatory requirements
• Protecting our rights, property, and safety, as well as those of our customers and the public
• Conducting internal audits, quality assurance, and compliance reviews
• Maintaining business records and documentation as required by law

4.5 Analytics and Business Intelligence

• Analyzing usage patterns and service performance
• Conducting research and statistical analysis to understand customer needs
• Creating aggregated, anonymized, or de-identified data for analytics and reporting
• Measuring the effectiveness of our marketing campaigns and website
• Making business decisions about product development and resource allocation

5. Legal Basis for Processing (Where Applicable)

Under PIPEDA and applicable privacy laws, we process your personal information on the following legal bases:

• Consent: You have provided express or implied consent for us to collect, use, and disclose your personal information for specified purposes
• Contractual Necessity: Processing is necessary to fulfill our contractual obligations to provide the Services you have subscribed to
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as fraud prevention, security, service improvement, and internal administration, provided that such interests are not overridden by your privacy rights
• Legal Obligations: Processing is required to comply with applicable laws, regulations, court orders, or government requests

6. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

6.1 Service Providers and Business Partners

We engage trusted third-party service providers to assist with business operations, including:

• Cloud Hosting Providers: For secure data storage and server infrastructure
• Payment Processors: To process subscription payments and manage billing
• AI and Technology Partners: To provide AI models, natural language processing, and voice recognition capabilities
• Communication Services: For telephony infrastructure, call routing, and SMS messaging
• Analytics Providers: To analyze website traffic and service usage
• Customer Support Tools: To manage support tickets and customer communications
• Professional Services: Including legal, accounting, and consulting firms that assist with business operations

These service providers are contractually obligated to use your information only for the purposes of providing services to us and are required to maintain the confidentiality and security of your information.

6.2 Third-Party Integrations

If you choose to integrate our Services with third-party platforms such as Google Calendar, Outlook, CRM systems, or other business tools, we will share relevant information with those platforms as necessary to provide the integration functionality. You are responsible for reviewing and agreeing to the privacy policies of any third-party services you connect.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, your personal information may be transferred to the acquiring or successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.4 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, legal processes, or government requests
• Enforce our Terms of Service or other agreements
• Detect, prevent, or address fraud, security issues, or technical problems
• Protect the rights, property, or safety of Voxara, our customers, or the public
• Respond to emergency situations involving potential threats to health or safety

6.5 With Your Consent

We may share your information with third parties when you provide explicit consent for such sharing, such as when you authorize us to share information with a specific partner or for a particular purpose.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Account Data

We retain your account information, profile data, and subscription details for the duration of your active subscription and for a reasonable period thereafter to facilitate potential reactivation, resolve disputes, and comply with legal obligations. Typically, this means retaining data for up to 7 years after account closure, in accordance with Canadian business record-keeping requirements.

7.2 Call Recordings and Transcripts

Call recordings, transcripts, and associated caller data are retained for as long as your account is active and for a period determined by your industry and legal requirements. For general business customers, we retain call data for 2-3 years after your account is closed. For healthcare customers subject to HIPAA, retention periods may be longer as required by applicable regulations (typically 6-7 years).

You may configure retention settings within your account to automatically delete call recordings after a specified period, or you may request deletion of specific recordings at any time.

7.3 Aggregated and Anonymized Data

We may retain aggregated, anonymized, or de-identified data indefinitely for analytics, research, and service improvement purposes. This data cannot be used to identify individuals and is not subject to the retention limits described above.

7.4 Legal and Compliance Data

Information required for legal compliance, regulatory obligations, tax purposes, or dispute resolution may be retained for longer periods as required by applicable law.

8. Data Security

We take the security of your personal information seriously and implement comprehensive administrative, technical, and physical safeguards to protect against unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Security Measures

• Encryption: All data transmitted to and from our Services is encrypted using industry-standard TLS/SSL protocols. Call recordings and sensitive data are encrypted at rest using AES-256 encryption.
• Access Controls: We implement role-based access controls to ensure that only authorized personnel have access to personal information, and only to the extent necessary for their job functions.
• Authentication: Multi-factor authentication options are available to protect account access.
• Network Security: Firewalls, intrusion detection systems, and regular security monitoring protect our infrastructure.
• Regular Security Assessments: We conduct periodic security audits, vulnerability assessments, and penetration testing.

8.2 Organizational Security Measures

• Employee training on privacy and security best practices
• Confidentiality agreements for all employees and contractors
• Background checks for personnel with access to sensitive data
• Incident response plans and procedures for security breaches
• Regular review and updates of security policies and procedures

8.3 Data Storage Location

Our primary data storage infrastructure is located in Canada, utilizing secure cloud hosting providers with Canadian data centers. This ensures that your data is subject to Canadian privacy laws and remains within Canadian jurisdiction. In some cases, data may be processed or backed up on servers located in other jurisdictions with adequate data protection standards, but we maintain contractual safeguards to ensure appropriate protection.

8.4 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your account credentials and promptly notifying us of any suspected unauthorized access.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze site usage, and support marketing efforts.

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit.

9.2 Types of Cookies We Use

Essential Cookies: Necessary for the website to function properly, including session management, security, and load balancing. These cookies cannot be disabled without affecting website functionality.

Analytics Cookies: Collect information about how visitors use our website, including pages visited, time spent, and error messages. We use this data to improve website performance and user experience. We use Google Analytics and similar services.

Functional Cookies: Remember your preferences and settings, such as language, region, or theme selection (light/dark mode).

Marketing Cookies: Track your browsing activity to deliver personalized advertisements and measure the effectiveness of marketing campaigns. These may be set by third-party advertising partners.

9.3 Managing Cookies

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies or alert you when cookies are being sent. Please note that disabling cookies may affect your ability to use certain features of our website.

To learn more about cookies and how to manage them, visit www.aboutcookies.org or www.allaboutcookies.org.

10. PIPEDA Compliance

As a Canadian business, we are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and its principles:

• Accountability: We are responsible for personal information under our control and have designated a Privacy Officer responsible for compliance.
• Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.
• Consent: We obtain your knowledge and consent for the collection, use, and disclosure of personal information, except where inappropriate.
• Limiting Collection: We collect only the information necessary for identified purposes.
• Limiting Use, Disclosure, and Retention: We use and disclose personal information only for the purposes for which it was collected, and we retain it only as long as necessary.
• Accuracy: We maintain accurate, complete, and up-to-date personal information.
• Safeguards: We protect personal information with security safeguards appropriate to its sensitivity.
• Openness: We make information about our privacy policies and practices readily available.
• Individual Access: You have the right to access your personal information and challenge its accuracy.
• Challenging Compliance: You may challenge our compliance with these principles.

11. HIPAA Compliance (Healthcare Customers)

For customers in the healthcare industry who handle Protected Health Information (PHI), we offer HIPAA-compliant services with enhanced security measures. If you are a healthcare provider subject to HIPAA regulations, the following provisions apply:

11.1 Business Associate Agreement

We will enter into a Business Associate Agreement (BAA) with you, as required under HIPAA, which establishes our obligations regarding the handling, use, and disclosure of PHI. The BAA supplements these terms and includes additional protections specific to healthcare data.

11.2 HIPAA Security Safeguards

For HIPAA-compliant services, we implement additional administrative, physical, and technical safeguards including:

• Enhanced encryption standards for PHI at rest and in transit
• Audit logging and monitoring of all access to PHI
• Breach notification procedures compliant with HIPAA requirements
• Regular risk assessments and compliance audits
• Workforce training on HIPAA privacy and security rules

11.3 Permitted Uses and Disclosures

We will only use and disclose PHI as permitted by your BAA, HIPAA regulations, and your authorization. We do not use PHI for marketing purposes or sell PHI to third parties.

12. Your Privacy Rights

Under PIPEDA and applicable privacy laws, you have the following rights regarding your personal information:

12.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your information in a commonly used format, subject to limited exceptions permitted by law.

12.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal information. If we agree that the information is inaccurate, we will correct it. If we disagree, we will note your request and correction request in our records.

12.3 Right to Deletion

You may request deletion of your personal information, subject to legal and contractual retention obligations. We will comply with deletion requests where we are not required to retain the information for legal, regulatory, or legitimate business purposes.

12.4 Right to Withdraw Consent

Where we process your information based on consent, you may withdraw that consent at any time. Please note that withdrawal of consent may affect our ability to provide certain Services to you.

12.5 Right to Object

You may object to certain uses of your personal information, including marketing communications and certain data processing activities. We will honor such objections subject to legal or contractual obligations.

12.6 Right to Data Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format for transfer to another service provider.

12.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@voxara.ca or through your account settings. We will respond to your request within 30 days. We may require verification of your identity before processing certain requests. There is no fee for most requests, though we may charge a reasonable fee for excessive, repetitive, or manifestly unfounded requests.

13. International Data Transfers

Our primary operations and data storage are located in Canada. However, some of our service providers and partners may be located in other countries, including the United States. When we transfer personal information outside Canada, we ensure that:

• The receiving jurisdiction provides substantially similar privacy protections as Canadian law, or
• We implement contractual safeguards, such as Standard Contractual Clauses, to ensure adequate protection, or
• We obtain your explicit consent for the transfer where required by law

Please note that personal information stored or processed outside Canada may be accessible to law enforcement and government authorities in those jurisdictions in accordance with local laws.

14. Children's Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at hello@voxara.ca.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the updated Privacy Policy on our website
• Send an email notification to the email address associated with your account for material changes
• Provide prominent notice on our website or through the Services

Material changes will be effective 30 days after we provide notice. Changes that are not material will be effective immediately upon posting. Your continued use of the Services after the effective date of changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Information and Privacy Officer

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us:

We aim to respond to all privacy inquiries within 30 days. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada:

17. Consent to Collection, Use, and Disclosure

By using our Services, visiting our website, or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.

If you provide us with personal information about other individuals (such as employees, business contacts, or end users who call your business), you represent that you have obtained all necessary consents from those individuals for us to collect, use, and disclose their information as described in this Privacy Policy.

This Privacy Policy is effective as of the date stated above and governs our collection, use, and disclosure of your personal information in accordance with applicable Canadian privacy laws.