Privacy Policy

This Privacy Policy explains how Elentor Inc. (“Vozante”, “we”, “us”) collects, uses, stores, and discloses information when you use our platform at vozante.com and its subdomains. It also describes your rights and how to exercise them.

We designed Vozante with privacy in mind. We collect only what we need to operate the Service, keep it secure, and bill you accurately.

1. Who We Are

Elentor Inc. is a Delaware corporation. Our principal contact for privacy matters is privacy@vozante.com.

2. Information We Collect

Account data

When you register, we collect your name, email address, password (stored only as a one-way hash), business name, and role. We may also record your IP address, user agent, and session timestamps to keep the account secure.

Payment data

When you subscribe, Paystack or Flutterwave collects your payment method details directly — we never see or store your card number, bank details, or mobile money PIN. We receive only a transaction reference, the amount charged, and a masked identifier of your payment method.

Call and message data

When your AI handles a voice call or WhatsApp conversation, we process:

• The caller or sender’s phone number
• The content of what they say or type
• Transcripts of voice notes and calls
• The AI’s response
• Call duration, time, and status

This data is stored so you can review conversations and so we can compute your billing. It is NOT used to train any AI model by us or, where we control it, by our subprocessors.

Demo and lead-capture data

When you try the live AI demo on vozante.com or fill out a related contact form on our site, we ask for and store:

• Your name, email address, and phone number (in international format)
• Your country (auto-detected, you can change it)
• Your explicit consent to be contacted for follow-up about your interest in Vozante
• Your optional preference to receive a transcript of your demo conversation by email

For abuse prevention, we also temporarily store:

• A cryptographic hash of your IP address (one-way, salted SHA-256 — we never store your raw IP)
• Your browser’s user agent string
• The page or link that referred you to the form
• An anti-bot verification score from hCaptcha, which protects the form from automated abuse

When the in-browser voice demo becomes available, we will also record the audio and a transcript of your conversation with the AI for the duration of the session (capped at ninety seconds). At launch this feature is single-tenant and your conversation is with our own demo AI agent — not a customer’s deployment. We will update this Policy with specific notice before voice recording goes live.

We use this information to:

• Contact you about your interest in Vozante
• Send you a transcript of your demo (only if you opted in)
• Prevent abuse and fraud of the demo (rate limiting, captcha verification, cost caps)
• Understand which countries our demo is most useful in

Retention for demo data is ninety (90) days from the date you submit the form — much shorter than account data. After ninety days, the entire record is automatically deleted. You can also request earlier deletion at any time by emailing privacy@vozante.com with the email address you submitted.

Usage data

We keep aggregate logs of API calls, errors, and performance metrics to keep the Service running reliably.

3. How We Use Your Information

• To provide the Service: route calls, generate AI replies, synthesize voice
• To bill you accurately according to your plan and usage
• To secure the Service: detect abuse, prevent fraud, investigate incidents
• To communicate with you: service announcements, billing receipts, support responses
• To comply with legal obligations such as tax reporting and lawful law-enforcement requests

We do not sell your personal information or the personal information of callers who reach you through our platform. We do not use your call content or AI agent configuration for advertising.

4. Legal Bases (GDPR / NDPR / Kenya DPA)

Where the law requires one, we rely on the following legal bases to process personal data:

• Contract: to deliver the Service you signed up for
• Legitimate interests: to keep the Service secure and to improve reliability
• Legal obligation: to comply with tax, accounting, and law-enforcement requirements
• Consent: where you explicitly opt in, e.g. to marketing emails

5. Third-Party Processors

To deliver the Service, we share specific data with the following sub-processors. Each one is bound by a contract to protect your data and use it only for the purpose stated below.

• Twilio (USA) — telephony routing, call status callbacks
• DIDWW (Ireland) — phone number provisioning in African countries
• Deepgram (USA) — speech-to-text transcription of voice notes and calls
• OpenAI (USA) — large language model responses (we use the API with the ‘no training’ default setting)
• ElevenLabs (USA) — text-to-speech voice synthesis
• Paystack (Nigeria / Ireland) — card and bank transfer processing
• Flutterwave (USA / Nigeria) — card, M-Pesa, and mobile money processing
• Vercel (USA) — application hosting
• Railway (USA) — database hosting
• Resend (USA) — transactional email delivery
• hCaptcha / Intuition Machines (USA) — anti-bot verification on public forms

These providers may be located outside your country. When we transfer personal data out of the European Economic Area, United Kingdom, Nigeria, or Kenya, we rely on Standard Contractual Clauses or equivalent safeguards approved by the relevant regulator.

6. Data Retention

We retain your data as follows:

• Account data: for as long as your account is active, plus ninety (90) days after cancellation
• Call/message content: twelve (12) months by default, configurable in your dashboard settings
• Demo and lead-capture data: ninety (90) days from submission
• Billing records: seven (7) years, as required by US, Nigerian, and Kenyan tax law
• Security logs: ninety (90) days

When retention periods expire, data is deleted or fully anonymized. You may request earlier deletion; see “Your Rights” below.

7. Security

We protect your data with:

• TLS 1.2+ encryption for all data in transit
• Encryption at rest on our hosting providers’ infrastructure
• Password hashing with bcrypt
• JWT-based session authentication with short lifetimes
• Role-based access control inside the application
• Tenant-scoped data isolation so one client cannot see another’s records
• Regular dependency audits and automated security updates

No system is perfectly secure. If we discover a security incident that affects your data, we will notify you within seventy-two (72) hours as required by NDPR, Kenya DPA 2019, and GDPR.

8. Your Rights

Depending on where you live, you have some or all of the following rights:

• Access: get a copy of the personal data we hold about you
• Correction: ask us to fix inaccurate information
• Deletion: ask us to delete your data (subject to legal retention requirements)
• Portability: get your data in a machine-readable format
• Objection: object to processing based on legitimate interests
• Withdrawal of consent: withdraw any consent you previously gave
• Complaint: lodge a complaint with your local data protection authority (NITDA in Nigeria, ODPC in Kenya, ICO in the UK, your national DPA in the EU)

To exercise any of these, email privacy@vozante.com. We’ll respond within thirty (30) days.

9. Cookies

We use strictly necessary cookies to keep you signed in and to remember your dashboard preferences. We do not use advertising or tracking cookies.

10. Children

Vozante is not directed to children under eighteen (18). We do not knowingly collect personal data from children. If you believe a child has given us data, please contact us and we will delete it.

11. Changes to This Policy

When we change this Privacy Policy, we post the updated version here and update the “last updated” date. Material changes will be announced by email or dashboard notice at least fourteen (14) days in advance.

12. Contact

Privacy-related questions or requests can be directed to privacy@vozante.com.