Privacy Policy

1. Introduction

VocUI ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide when you:

• Create an account (email address, name)
• Subscribe to our services (billing information)
• Contact us for support
• Use our chatbot and AI features

Automatically Collected Information

When you access our services, we may automatically collect:

• Device information (browser type, operating system)
• Log data (IP address, access times, pages viewed)
• Usage data (features used, chatbot activity, and account activity)

3. How We Use Your Information

We use the collected information to:

• Provide, operate, and maintain our services
• Process transactions and send related information
• Send administrative information and updates
• Respond to inquiries and offer support
• Monitor and analyze usage patterns
• Improve our services and develop new features
• Protect against fraudulent or illegal activity

4. AI Responses and Third-Party AI Providers

When you use our chatbot and AI features, your input data is processed to generate responses and run the service. We want you to know:

• Your input data is used solely to deliver the requested service
• We do not use your input data to train our AI models
• Conversation data and related account data may be stored in your workspace for service functionality
• You can remove workspace data and request account deletion through our support channels

To provide AI-powered features, your input data is transmitted via encrypted API calls to third-party large language model (LLM) providers. The current list of LLM sub-processors — including each provider's jurisdiction and applicable cross-border transfer safeguards — is maintained at vocui.com/sub-processors. These providers process your input solely to generate responses and, where contractually available, are bound not to use your data to train their foundation models. We do not grant these providers persistent access to your data. Please refer to the linked registry for the current list and to each provider's published privacy policy for further details on how they handle data received through their APIs.

5. Connected Calendar Services

Our chatbots can take appointment bookings on your behalf. To prevent double-bookings and keep your personal calendar in sync, you may optionally connect a third-party calendar account. Today we support Google Calendar and CalDAV-based calendars (Apple iCloud, Nextcloud, Fastmail, Mailcow, and other CalDAV-compatible services). Connecting a calendar is always opt-in, and you can disconnect at any time.

Google Calendar — OAuth scope and use

When you choose to connect your Google Calendar, we request the https://www.googleapis.com/auth/calendar.events scope. This is the narrowest Google scope that supports both reading your busy windows and writing appointment events to your primary calendar. We do not request full calendar, calendar.readonly, or any other Google Calendar scope. We use this access for exactly two purposes:

• Busy-time check: — We read the start and end times of your existing events for the next 60 days via the Google Calendar freebusy.query API. The chatbot uses these to avoid offering visitors a slot that conflicts with one of your existing events.
• Booking write-back: — When your chatbot creates a booking, we write a corresponding event to your primary Google Calendar so it appears alongside your other commitments. If the booking is cancelled, we delete the corresponding Google event.

What we do not access

We do not read event titles, descriptions, attendees, locations, attachments, or any other event metadata beyond start and end times. We do not access calendars other than your primary calendar. We do not access any other Google services (Gmail, Drive, Contacts, and so on).

What we store

• Google account email: — So you can recognise the connected account in your dashboard.
• Refresh token: — Envelope-encrypted via HashiCorp Vault Transit. Used to obtain short-lived access tokens for the freebusy and event-write API calls. Never logged, never returned in API responses, never visible from your dashboard.
• Event ID mappings: — The Google event IDs we ourselves created (so cancellation can find and remove them), plus a 60-day rolling cache of busy-window start and end times reconciled into the booking engine. We do not store event content.

Disconnection and data deletion

You can disconnect Google Calendar at any time from your VocUI dashboard. When you disconnect, we immediately revoke the OAuth refresh token at Google, remove the encrypted credential from our database, stop the Google push-notification watch channel, and remove the busy-window blocked periods we created from the booking engine. You can additionally revoke our access directly at myaccount.google.com/permissions.

Limited Use disclosure

VocUI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically:

• We use Google user data only to provide or improve user-facing features prominent in the requesting application — the chatbot booking flow you connected
• We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users
• We do not use Google user data for serving advertisements
• No human at VocUI reads Google user data unless we have your affirmative agreement for specific messages, the data is required for security purposes (for example, investigating abuse), or the data has been aggregated and anonymised

CalDAV calendars (Apple iCloud, Nextcloud, Fastmail, Mailcow)

For CalDAV-based accounts, you provide a server URL, username, and password (or app-specific password). We envelope-encrypt the password via HashiCorp Vault Transit, hand the credentials to our Easy!Appointments scheduling backend which performs the read/write sync, and never expose the credentials in API responses or logs. CalDAV connections are subject to the same data-handling, retention, and deletion principles described above for Google Calendar, scoped to what those servers expose to authenticated clients.

6. Data Sharing and Disclosure

We may share your information in the following circumstances:

• LLM Providers: — Your input data is sent via encrypted API calls to our active LLM sub-processors to generate AI-powered content. The current list is published at /sub-processors (see Section 4).
• Payment Processor: — Billing and payment information is transmitted to Stripe via their secure API for transaction processing. Stripe acts as an independent data controller for payment data. See Stripe’s privacy policy for details.
• Connected Calendar Providers: — When you optionally connect a Google Calendar or CalDAV calendar, your refresh token (Google) or password (CalDAV) is envelope-encrypted via HashiCorp Vault Transit and used to make API calls on your behalf. See Section 5 for the full data-handling description.
• Hosting and Infrastructure: — Your data is stored and processed on infrastructure we operate on OVH (database, authentication, and application hosting). OVH provides server hosting only and does not access your application data.
• Legal Requirements: — When required by law, regulation, legal process, or enforceable governmental request, or to protect our rights, property, or safety
• Business Transfers: — In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
• With Your Consent: — When you have given us explicit permission to share your information

In all cases, data is shared via secure, encrypted connections (TLS/HTTPS). We do not sell your personal information to any third party.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption in transit (TLS 1.2+) and encrypted credential storage at rest via HashiCorp Vault Transit
• Regular security assessments
• Access controls and authentication
• Secure EU data centers (OVH)

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

• Account data: — Retained until you delete your account
• Generation history: — Retained until you manually delete it or close your account
• Chat sessions and messages: — Retained until you delete them or close your account
• Connected calendar credentials: — Retained while the connection is active. The refresh token (Google) or encrypted password (CalDAV) and our event-ID mappings are deleted within 30 days of disconnection.
• Usage and log data: — Retained for up to 12 months for analytics and security purposes
• Billing records: — Retained as required by applicable tax and financial regulations

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance).

9. International Data Transfers

Our services and third-party providers operate in various countries, including the United States. If you are accessing our services from outside the United States, your data may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers maintain facilities.

We ensure that such transfers comply with applicable data protection laws by implementing appropriate safeguards, including standard contractual clauses and data processing agreements with our providers. By using our services, you acknowledge that your data may be transferred internationally.

10. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate data
• Request deletion of your data
• Export your data
• Opt-out of marketing communications

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. The types of cookies we use include:

• Essential cookies: — Required for authentication, session management, and core functionality. These cannot be disabled.
• Analytics cookies: — Help us understand how visitors interact with our services so we can improve them.
• Preference cookies: — Remember your settings and preferences (e.g., theme, language).

You can manage or disable non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of our services. We do not use cookies for third-party advertising.

12. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: [email protected]