Introduction
Voiceter.ai, Inc. ("Voiceter.ai", "we", "us", or "our") is a Delaware corporation operating an AI-powered voice survey platform at voiceter.ai. We replace traditional human-operated CATI (Computer-Assisted Telephone Interviewing) call centres with an automated AI voice agent platform that conducts market research surveys by telephone on behalf of our enterprise clients.
This Privacy Policy explains how we collect, use, disclose, and protect personal data from:
- Platform Users — individuals who create accounts, manage workspaces, and operate the Voiceter.ai platform (typically employees of our enterprise clients and market research agencies);
- Survey Respondents — individuals who receive or initiate telephone calls conducted through our platform; and
- Website Visitors — individuals who visit voiceter.ai and related subdomains.
We are committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, the Turkish Personal Data Protection Law (KVKK) No. 6698, the Telephone Consumer Protection Act (TCPA) (US), and applicable data protection laws in all jurisdictions where we operate.
Data Controller Identity
| Legal Entity | Voiceter.ai, Inc. |
| Jurisdiction | Delaware, United States |
| Registered Address | Registered Agent Address, Delaware, USA |
| Principal Place of Operations | Istanbul, Turkey & London, United Kingdom |
| Privacy Contact | privacy@voiceter.ai |
For EU/EEA data subjects, Voiceter.ai, Inc. acts as the data controller for platform user data. For survey respondent data, our enterprise clients are typically the data controller and Voiceter.ai acts as a data processor on their behalf under a Data Processing Agreement (DPA).
Data We Collect
3.1 Platform Users (Account Holders)
When you register for and use the Voiceter.ai platform, we collect:
Identity & Contact Data
- Full name, email address, job title, company name
- Profile photo (optional)
- Phone number (for account security and notifications)
Account & Credentials Data
- Username, hashed password
- Multi-factor authentication (MFA) tokens
- Single Sign-On (SSO) tokens and OAuth credentials
Billing & Payment Data
- Subscription plan details, payment method type (card type, last 4 digits)
- Billing address, VAT/tax identification number
- Invoice history and usage records
- Voiceter.ai does not store full card numbers — payment processing is handled by our PCI-DSS-certified payment processor
Usage & Platform Activity Data
- Platform actions, feature interactions, project configurations
- Survey questionnaire content, campaign settings, target audience uploads
- Audit log events (who did what, when)
- API keys created and API call history
Technical Data
- IP address, browser type and version, device type and operating system
- Session identifiers, access timestamps
- Log files and error reports
3.2 Survey Respondents
When individuals participate in voice surveys conducted through our platform, we collect:
Call Data
- Telephone number dialled (provided by our client)
- Call metadata: date, time, duration, call outcome (completed, refused, no answer, etc.)
- Caller ID and telephony routing data
Survey Response Data
- Verbal responses captured during the interview (audio recording, where consent has been obtained)
- Transcribed text of responses generated by our AI voice system
- Survey answers stored in structured format per the questionnaire design
Consent Data
- AI disclosure acknowledgement (respondents are informed they are speaking with an AI agent)
- Recording consent status (accepted, declined)
- Opt-out requests and Do Not Call (DNC) instructions
- Timestamp, telephone number, and session ID for all consent events
Audio Recordings
- Call audio files, where recording consent has been obtained and the survey project is configured to record
- Stored securely in encrypted AWS S3 storage
- Subject to client-defined and platform-default retention policies (default: 12 months)
3.3 Website Visitors
When you visit voiceter.ai or related subdomains:
- IP address and approximate geolocation (country/city level)
- Browser and device information (User-Agent string)
- Pages visited, referral source, time on page
- Cookie data (see Section 10 and our Cookie Policy)
- Contact form submissions (name, email, company, message)
Legal Basis for Processing
We process personal data only where we have a lawful basis to do so. The following table summarises our processing activities and their legal bases under GDPR (Article 6) and, where applicable, KVKK.
| Processing Activity | Data Category | GDPR Legal Basis | KVKK Basis |
|---|---|---|---|
| Providing the platform service to account holders | Platform user data | Art. 6(1)(b) — Contract performance | Art. 5(2)(c) — Contract necessity |
| Billing and subscription management | Billing data | Art. 6(1)(b) — Contract performance | Art. 5(2)(c) — Contract necessity |
| Account security and fraud prevention | Identity, technical data | Art. 6(1)(f) — Legitimate interests | Art. 5(2)(f) — Legitimate interests |
| Platform analytics and improvement | Usage data | Art. 6(1)(f) — Legitimate interests | Art. 5(2)(f) — Legitimate interests |
| Marketing communications to prospects | Contact data | Art. 6(1)(a) — Consent | Art. 5(1) — Explicit consent |
| Compliance with legal obligations | All categories as required | Art. 6(1)(c) — Legal obligation | Art. 5(2)(ç) — Legal obligation |
| Conducting voice surveys (as processor) | Respondent data | Art. 6(1)(b)/(a) per client instruction | Per client instruction |
| AI disclosure and consent capture | Respondent consent data | Art. 6(1)(a) — Consent (or legitimate interests) | Art. 5(1) — Explicit consent |
| Audit logging (7-year retention) | Platform user actions | Art. 6(1)(c) — Legal obligation | Art. 5(2)(ç) — Legal obligation |
| Website analytics | Visitor data | Art. 6(1)(a) — Consent (cookie consent) | Art. 5(1) — Explicit consent |
Legitimate Interests: Where we rely on legitimate interests, we have conducted legitimate interest assessments (LIAs) and determined that our interests do not override the fundamental rights and freedoms of data subjects. You have the right to object to processing based on legitimate interests — see Section 8.
How We Use Your Data
Platform Users
- Provisioning and operating your account and workspaces
- Processing payments and issuing invoices
- Sending transactional notifications (account alerts, security notices, usage alerts)
- Providing customer support and responding to queries
- Improving the platform through aggregated usage analytics
- Sending product update communications (with your consent)
- Complying with legal and regulatory obligations
- Detecting and preventing fraud, abuse, and security threats
Survey Respondents
- Conducting the voice survey on behalf of our client
- Storing and delivering survey responses to the commissioning client
- Managing DNC lists and opt-out preferences
- Generating AI-powered quality scoring and compliance monitoring
- Providing transcripts and insights to the commissioning client
Website Visitors
- Displaying the website and its content
- Analysing traffic and improving website performance
- Responding to contact form submissions
- Marketing (where consent has been given via cookie consent)
How We Share Your Data
We do not sell personal data. We share data only as described below.
6.1 Cloud Infrastructure Provider
All platform data is hosted and processed on infrastructure provided by Amazon Web Services, Inc. (AWS). AWS acts as a sub-processor on our behalf under a Data Processing Agreement governed by EU Standard Contractual Clauses (SCCs) and, for Turkish personal data, a KVKK-compliant Standard Data Processor-to-Data Processor Agreement.
| Provider | Purpose | Data Types | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, storage, compute, and managed AI/ML services | All platform and respondent data | US (us-east-1 primary) |
We also engage other sub-processors (such as telephony and payment providers) to deliver specific elements of the Services. We do not publicly disclose the full list of operational sub-processors for security and confidentiality reasons. Enterprise customers may request details of sub-processors relevant to their data by contacting privacy@voiceter.ai. We will provide 30 days' notice of any material changes to sub-processors that affect personal data processing.
6.2 Our Enterprise Clients
Survey respondent data (responses, transcripts, call records) is shared with the enterprise client who commissioned the survey. Our clients are independent data controllers for that data. We process it only on their instructions under a Data Processing Agreement (DPA).
6.3 Legal Disclosures
We may disclose personal data if required to do so by law, court order, regulatory authority, or to protect the rights, safety, or property of Voiceter.ai or others.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the acquiring entity, subject to equivalent privacy protections.
International Data Transfers
Voiceter.ai, Inc. is incorporated in Delaware, USA. Personal data of EU/EEA, UK, and Turkish data subjects may be transferred to and processed in the United States, where our primary cloud infrastructure is located.
For EU/EEA and UK data subjects: For EU/EEA and UK data subjects: All transfers to third countries are governed by EU Commission-approved Standard Contractual Clauses (SCCs) — specifically Module 2 (Controller-to-Processor) and Module 3 (Processor-to-Processor) as applicable — in accordance with GDPR Article 46(2)(c).
For Turkish data subjects: For Turkish data subjects: All transfers of personal data outside Turkey are governed by a KVKK Standard Data Processor-to-Data Processor Agreement with our cloud infrastructure provider (AWS), in compliance with KVKK Article 9 and the KVKK Board's transfer framework.
No personal data is transferred to any third country without an appropriate transfer mechanism in place. To request a copy of our transfer safeguards, contact privacy@voiceter.ai.
Your Rights
Rights Under GDPR (EU/EEA Data Subjects)
| Right | Description |
|---|---|
| Access (Art. 15) | Request a copy of the personal data we hold about you |
| Rectification (Art. 16) | Request correction of inaccurate or incomplete data |
| Erasure / Right to be Forgotten (Art. 17) | Request deletion of your personal data |
| Restriction (Art. 18) | Request that we limit processing of your data |
| Data Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing |
| Withdraw Consent (Art. 7(3)) | Withdraw consent at any time without affecting prior lawful processing |
| Lodge a Complaint | Complain to your local supervisory authority (see Section 8.4) |
Rights Under KVKK (Turkish Data Subjects)
Turkish data subjects have the right to:
- Learn whether their personal data is processed (KVKK Art. 11(a))
- Request information about the processing (Art. 11(b))
- Learn the purpose and whether data is used in accordance with purpose (Art. 11(c))
- Know the third parties to whom data is transferred (Art. 11(ç))
- Request correction of incomplete or incorrect data (Art. 11(d))
- Request deletion or destruction of data (Art. 11(e))
- Request notification of corrections/deletions to third parties (Art. 11(f))
- Object to automated processing decisions (Art. 11(g))
- Claim compensation for damage caused by unlawful processing (Art. 11(ğ))
8.1 How to Exercise Your Rights
Submit requests to: privacy@voiceter.ai
Or via the in-platform self-service tools at Settings → Account → Compliance → Data Subject Rights (for platform users).
We will respond within 30 days (GDPR) or 30 days (KVKK) from receipt of a verified request. We may request identity verification before processing your request.
8.2 Respondent Requests
If you are a survey respondent and wish to exercise data subject rights (e.g., deletion of your call record), contact us at privacy@voiceter.ai with your telephone number and the approximate date of the call. We will respond within 72 hours of verification to confirm receipt and processing timeline.
8.3 Withdrawal of Consent
For survey respondents, you may opt out of future calls at any time:
- Verbally during an interview by saying "remove me from your list" or equivalent
- By contacting privacy@voiceter.ai with your telephone number
We will add your number to our Do Not Call (DNC) list within 24 hours.
8.4 Supervisory Authority Complaints
- EU/EEA: You have the right to lodge a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.
- United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
- Turkey: Kişisel Verileri Koruma Kurumu (KVKK Board) — kvkk.gov.tr
Data Retention
| Data Category | Default Retention Period | Basis |
|---|---|---|
| Platform user account data | Duration of account + 24 months after closure | Contract, legal obligation |
| Billing records and invoices | 7 years from transaction date | Tax and legal obligation |
| Audit logs | 7 years (minimum, non-reducible) | Regulatory compliance (KVKK, GDPR) |
| Survey response data | Client-defined (default: 24 months from project completion) | Client instruction |
| Call audio recordings | Client-defined (default: 12 months from call date) | Client instruction |
| Consent records | 7 years from consent event | Legal obligation (KVKK Art. 12) |
| DNC/opt-out records | Indefinitely (to prevent re-contact) | Legal obligation |
| Website visitor logs | 13 months from collection | Legitimate interests |
| Marketing contact data | Until consent is withdrawn + 30 days | Consent |
Account owners can adjust retention policies for their workspace within the limits set by applicable law from Settings → Account → Compliance → Data Retention Policy.
AI Processing and Automated Decision-Making
Voiceter.ai uses artificial intelligence in the following ways:
- Voice Survey Conductor: An AI voice agent conducts telephone interviews. All respondents are informed that they are speaking with an AI agent at the start of each call.
- Transcription: AI transcribes spoken responses into text.
- Quality Scoring: AI automatically scores audio quality and respondent engagement.
- Questionnaire Generation: AI assists platform users in generating survey questionnaires (no respondent data is used in generation).
- Insights Generation: AI analyses aggregated survey results to surface themes and insights.
Security
We implement technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction:
Encryption at rest
AES-256 for all stored data
Encryption in transit
TLS 1.3 for all data transmission
Access control
Role-Based Access Control (RBAC) with principle of least privilege
Authentication
Multi-factor authentication (MFA) required for all platform accounts
Infrastructure
SOC 2-audited AWS infrastructure (us-east-1 region)
Monitoring
Real-time security monitoring and anomaly detection
Incident response
Data breach notification procedures in place (72-hour regulatory notification)
Despite these measures, no transmission over the internet or electronic storage is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@voiceter.ai.
Children's Data
Our platform and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If a survey is designed to include respondents under 18, the commissioning client is solely responsible for obtaining appropriate parental or guardian consent as required by applicable law. Platform accounts may not be created by individuals under 18.
If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. Contact privacy@voiceter.ai if you believe this has occurred.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a prominent notice on our website for 30 days
- Notify platform users via email and in-platform notification
Continued use of our platform or website after changes take effect constitutes acceptance of the updated policy. We recommend reviewing this page periodically.
Contact Us
For any questions, concerns, or requests related to this Privacy Policy or your personal data — including Data Processing Agreement (DPA) requests and data subject rights requests:
Mailing Address
Voiceter.ai, Inc. Registered Agent Address, Delaware, USA
This Privacy Policy is governed by the laws of the State of Delaware, USA, without prejudice to mandatory rights afforded to data subjects under GDPR, KVKK, and other applicable local laws.
© 2026 Voiceter.ai, Inc. All rights reserved.