Privacy Policy

Last updated: January 15, 2026

1. Introduction

Welcome to Voiact ('we,' 'us,' or 'our'). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered voice assistant service for Trello management.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and password when you register, or profile information when you sign in with Google
• Payment Information: Payment details are collected and processed by Paddle.com Market Limited ('Paddle'), our Merchant of Record. We do not store your full credit card details on our servers. Paddle may collect your payment method, billing address, and transaction history.
• Communication Data: Voice commands, text messages, and other content you send through our service via Telegram

2.2 Voice and Audio Data

• Voice messages sent through Telegram are transcribed using AI speech recognition
• Transcriptions are processed to understand and execute your commands
• We do not permanently retain raw voice recordings after processing
• Transcribed text may be temporarily stored for command execution and service improvement

2.3 Information Collected Automatically

• Usage Data: Information about how you use our service, including command history, features used, and request counts
• Device Information: Device type, operating system, browser type, and IP address
• Cookies: We use cookies and similar tracking technologies to track activity on our service and maintain your session

2.4 Third-Party Data

• Trello Data: We access your Trello boards, lists, and cards only to perform actions you explicitly request. Access tokens are stored encrypted.
• Telegram Data: Your Telegram user ID, username, and messages sent to our bot
• Google Account: If you sign in with Google, we receive your email address and basic profile information (name, profile picture)
• Google Workspace Data: If you connect Google Workspace (Coming Soon), we may access your Gmail, Google Calendar, and Google Drive data only to perform actions you explicitly request. Access tokens are stored encrypted.
• Microsoft 365 Data: If you connect Microsoft 365 (Coming Soon), we may access your Outlook and Calendar data only to perform actions you explicitly request. Access tokens are stored encrypted.

3. How We Use Your Information

We use your information to:

• Provide, operate, and maintain our service
• Process your voice and text commands to manage your Trello boards
• Manage your account and subscription
• Send you service-related communications and updates
• Improve and personalize our service based on usage patterns
• Detect, prevent, and address technical issues, fraud, and abuse
• Comply with legal obligations

4. Data Sharing and Disclosure

4.1 Payment Processing (Paddle)

We use Paddle.com Market Limited as our Merchant of Record for payment processing. This means:

• Paddle is the seller of record for all paid subscriptions
• Paddle collects and processes your payment information directly
• Paddle handles billing, invoicing, tax collection (VAT/sales tax), and refunds
• Paddle is an independent data controller for payment-related data
• For payment data practices, see Paddle's Privacy Policy

4.2 Other Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our service:

• Trello (Atlassian): To create and manage cards, lists, and boards on your behalf using OAuth authentication
• Telegram: To receive and send messages through their bot platform
• Amazon Web Services (AWS): For AI processing (Amazon Bedrock with Claude) to understand your natural language commands, and for cloud infrastructure
• Google: For OAuth authentication if you choose to sign in with Google
• Google Workspace: To access Gmail, Google Calendar, and Google Drive on your behalf (Coming Soon)
• Microsoft 365: To access Outlook and Calendar on your behalf (Coming Soon)

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government requests).

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

• All data is encrypted in transit using TLS 1.2 or higher
• Sensitive data, including Trello, Google Workspace, and Microsoft 365 access tokens, is encrypted at rest using industry-standard encryption (Fernet/AES-128-CBC)
• We use OAuth 2.0 and OAuth 1.0a for secure third-party authentication
• Access to personal data is restricted to authorized personnel only
• We never store your Trello, Telegram, Google, or Microsoft passwords
• Database access is restricted and monitored
• Regular security reviews and updates are performed

6. Data Retention

We retain your personal information as follows:

• Account data: Retained while your account is active and for a reasonable period afterward for legal compliance
• Command history: Retained for service improvement and may be deleted upon request
• Voice recordings: Not permanently stored; only transcriptions are temporarily retained
• Payment records: Retained by Paddle according to their data retention policies and legal requirements

You can request deletion of your account and associated data at any time through your account settings or by contacting us.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (right to be forgotten)
• Data Portability: Request transfer of your data in a machine-readable format
• Restrict Processing: Request that we limit how we use your data
• Withdraw Consent: Withdraw your consent for data processing at any time
• Opt-Out: Opt-out of marketing communications
• Object: Object to processing of your personal data

To exercise these rights, please contact us at info@voiact.com. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by relevant authorities
• Adequacy decisions where applicable
• Appropriate security measures for all transfers

9. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover that we have collected information from a child under 16, we will delete it promptly.

10. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential Cookies: Required for the service to function (authentication, security, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how you use our service to improve it

You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using some features of our service.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page
• Updating the 'Last updated' date at the top
• Sending you an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. GDPR Compliance (EU Users)

For users in the European Economic Area (EEA), we process your data under the following legal bases:

• Contract: Processing necessary to provide our service to you
• Legitimate Interest: Processing for fraud prevention, security, and service improvement
• Consent: Where you have given explicit consent
• Legal Obligation: Processing required to comply with law

You have the right to lodge a complaint with your local Data Protection Authority.

13. KVKK Compliance (Turkey)

For users in Turkey, we comply with the Personal Data Protection Law (KVKK). You have additional rights under this regulation, including:

• Right to learn whether your data is processed
• Right to request information about processing
• Right to learn the purpose of processing and whether it is used appropriately
• Right to know third parties to whom your data is transferred
• Right to request correction, deletion, or destruction of data
• Right to object to automated decision-making
• Right to compensation for damages arising from unlawful processing

You may lodge a complaint with the Personal Data Protection Authority (KVKK Kurumu).

14. Contact Us