Data & privacy
Privacy Policy
VoiceLayer is operated by Hastkari LLC. · Effective June 7, 2026
This Privacy Policy explains how Hastkari LLC (“VoiceLayer,” “we,” “us”) collects, uses, shares, and protects personal information. It covers our website, dashboard, and account relationship. Personal data contained in calls, recordings, and transcripts that customers process through the Services (“Customer Data”) is governed by our Data Processing Addendum, summarized in Section 1.
1. Our role
- We are a controller for personal information about our website visitors, account holders, and billing and marketing contacts — for example, your name, email, and usage of our site and dashboard.
- We are a processor (or sub-processor)for Customer Data that a customer submits or generates through the Services, including call audio, recordings, transcripts, and call metadata. We process Customer Data only on the customer’s instructions under the Data Processing Addendum; the customer is the controller and is responsible for the legal basis, notices, and consents for that data.
2. Information we collect (as a controller)
- Account information: name, email, organization, and authentication data, managed through our authentication provider, Clerk.
- Billing information: plan, usage, and transaction records; payment-card details are handled by our payment processor, not stored by us.
- Usage, device, and log data: actions in the dashboard, IP address, browser and device information, diagnostic and error data (via Sentry), and product-analytics data (via PostHog).
- Communications: messages you send us for support, sales, or feedback.
- Cookies and similar technologies: as described in our Cookie Notice.
3. How we use information
As a controller, we use personal information to:
- provide, operate, secure, and improve the Services and our website;
- authenticate users and manage accounts and organizations;
- process payments and prevent fraud and abuse;
- provide support and respond to your requests;
- send service, security, and (where permitted) marketing communications; and
- comply with law and enforce our agreements.
4. We do not train AI on your call content
We do notuse Customer Data — including call recordings, transcripts, prompts, or Output — to train or improve our own or any third party’s foundation or generative models, except where the Customer opts in. We may use Customer Data to operate, secure, debug, and maintain the Services (which does not include model training), consistent with Section 6.1 of the Terms of Service. Where a Customer uses its own model, speech-to-text, text-to-speech, or telephony provider (BYOK), that provider processes data under its own retention and training policies, which the Customer is responsible for.
6. Data retention
- Customer Data (recordings, transcripts, metadata) is retained for the life of your account by default, or for the period the customer configures, and is deletable on request.
- On account termination, we make Customer Data available for export for 30 days, delete stored Customer Data within 30 days, and purge it from backups within 60 days.
- Account, billing, and log data is retained only as long as needed for the purposes above and to meet legal, tax, and security obligations.
7. Your privacy rights
7.1 U.S. state privacy rights (including Texas)
Depending on your state — including under the California Consumer Privacy Act (CCPA), the Texas Data Privacy and Security Act (TDPSA), and the laws of Colorado, Connecticut, Virginia, and Utah, among others — you may have the right to know, access, correct, delete, and obtain a portable copy of your personal information, and to opt out of sale, sharing, and targeted advertising and certain profiling. We do not sell or share personal information. We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), on our website. We will not discriminate against you for exercising these rights.
7.2 GDPR / UK GDPR rights
If you are in the EEA, UK, or Switzerland, you may have the right to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent and lodge a complaint with a supervisory authority. Our legal bases are performance of a contract, our legitimate interests in operating and securing the Services, consent (where applicable), and compliance with law.
7.3 How to exercise your rights
Email us at [email protected]. We will verify and respond as required by law. If your request concerns Customer Data for which a VoiceLayer customer is the controller, we will refer you to, or act on the instructions of, that customer.
8. International data transfers
We are based in the United States and host Customer Data in the United States. Where we process personal data of individuals in the EEA, UK, or Switzerland, we rely on appropriate safeguards, including the Standard Contractual Clauses and equivalent mechanisms, as set out in the Data Processing Addendum.
9. Security
We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, and tenant isolation. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Children
The Services are not directed to children under 13, and we do not knowingly collect their personal information as a controller. Customers must not submit the personal information of children except as permitted by the Acceptable Use Policy and applicable law.
11. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice.
Contact
Questions about this document? Reach us at [email protected] or write to Hastkari LLC, [Hastkari LLC — registered address, Texas, USA].