VoiceLayer Legal
Dashboard

Data & privacy

Privacy Policy

VoiceLayer is operated by Hastkari LLC. · Effective June 7, 2026

This Privacy Policy explains how Hastkari LLC (“VoiceLayer,” “we,” “us”) collects, uses, shares, and protects personal information. It covers our website, dashboard, and account relationship. Personal data contained in calls, recordings, and transcripts that customers process through the Services (“Customer Data”) is governed by our Data Processing Addendum, summarized in Section 1.

1. Our role

  • We are a controller for personal information about our website visitors, account holders, and billing and marketing contacts — for example, your name, email, and usage of our site and dashboard.
  • We are a processor (or sub-processor)for Customer Data that a customer submits or generates through the Services, including call audio, recordings, transcripts, and call metadata. We process Customer Data only on the customer’s instructions under the Data Processing Addendum; the customer is the controller and is responsible for the legal basis, notices, and consents for that data.
If you are an End User (for example, someone who received or placed a call handled by a VoiceLayer customer) and you have a request about your personal data, please contact the business you interacted with — they control that data. We will assist that business as its processor.

2. Information we collect (as a controller)

  • Account information: name, email, organization, and authentication data, managed through our authentication provider, Clerk.
  • Billing information: plan, usage, and transaction records; payment-card details are handled by our payment processor, not stored by us.
  • Usage, device, and log data: actions in the dashboard, IP address, browser and device information, diagnostic and error data (via Sentry), and product-analytics data (via PostHog).
  • Communications: messages you send us for support, sales, or feedback.
  • Cookies and similar technologies: as described in our Cookie Notice.

3. How we use information

As a controller, we use personal information to:

  • provide, operate, secure, and improve the Services and our website;
  • authenticate users and manage accounts and organizations;
  • process payments and prevent fraud and abuse;
  • provide support and respond to your requests;
  • send service, security, and (where permitted) marketing communications; and
  • comply with law and enforce our agreements.

4. We do not train AI on your call content

We do notuse Customer Data — including call recordings, transcripts, prompts, or Output — to train or improve our own or any third party’s foundation or generative models, except where the Customer opts in. We may use Customer Data to operate, secure, debug, and maintain the Services (which does not include model training), consistent with Section 6.1 of the Terms of Service. Where a Customer uses its own model, speech-to-text, text-to-speech, or telephony provider (BYOK), that provider processes data under its own retention and training policies, which the Customer is responsible for.

5. How we share information

  • Sub-processors: with service providers that process data on our behalf, listed on our Sub-processor List, under contracts that restrict their use of the data.
  • Legal and safety: to comply with law, respond to lawful requests, and protect the rights, safety, and property of VoiceLayer, our users, and others.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
  • With your direction or consent: including integrations you enable.

We do not “sell” personal information, and we do not “share” it for cross-context behavioral advertising, as those terms are defined under U.S. state privacy laws, and we exchange no consideration for personal information.

6. Data retention

  • Customer Data (recordings, transcripts, metadata) is retained for the life of your account by default, or for the period the customer configures, and is deletable on request.
  • On account termination, we make Customer Data available for export for 30 days, delete stored Customer Data within 30 days, and purge it from backups within 60 days.
  • Account, billing, and log data is retained only as long as needed for the purposes above and to meet legal, tax, and security obligations.

7. Your privacy rights

7.1 U.S. state privacy rights (including Texas)

Depending on your state — including under the California Consumer Privacy Act (CCPA), the Texas Data Privacy and Security Act (TDPSA), and the laws of Colorado, Connecticut, Virginia, and Utah, among others — you may have the right to know, access, correct, delete, and obtain a portable copy of your personal information, and to opt out of sale, sharing, and targeted advertising and certain profiling. We do not sell or share personal information. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), on our website. We will not discriminate against you for exercising these rights.

7.2 GDPR / UK GDPR rights

If you are in the EEA, UK, or Switzerland, you may have the right to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent and lodge a complaint with a supervisory authority. Our legal bases are performance of a contract, our legitimate interests in operating and securing the Services, consent (where applicable), and compliance with law.

7.3 How to exercise your rights

Email us at [email protected]. We will verify and respond as required by law. If your request concerns Customer Data for which a VoiceLayer customer is the controller, we will refer you to, or act on the instructions of, that customer.

8. International data transfers

We are based in the United States and host Customer Data in the United States. Where we process personal data of individuals in the EEA, UK, or Switzerland, we rely on appropriate safeguards, including the Standard Contractual Clauses and equivalent mechanisms, as set out in the Data Processing Addendum.

9. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and tenant isolation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children

The Services are not directed to children under 13, and we do not knowingly collect their personal information as a controller. Customers must not submit the personal information of children except as permitted by the Acceptable Use Policy and applicable law.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice.

Contact

Questions about this document? Reach us at [email protected] or write to Hastkari LLC, [Hastkari LLC — registered address, Texas, USA].