Privacy Policy

Voipcom AI is a business-to-business service that adds AI-generated transcripts, summaries, and action items to phone calls made through a NetSapiens-powered PBX. This policy explains what data we handle on your behalf, why we handle it, who we share it with, and how to exercise your rights over it. It applies to platform.voipcom.ai, the Voipcom AI Chrome extension, and any related APIs.

We wrote this in plain English on purpose. If anything is unclear, please email us and we'll fix it.

1. Who we are

Voipcom AI is operated by Voipcom (the "Service", "we", "us"). We act as a data processor for the business customer ("you", "your organization") that signed up for the Service. The end-users whose calls we analyze are your employees, agents, and customers. You are their data controller; we process their data only on your instructions.

2. What data we handle

To deliver the Service we process the following categories of data:

• Account credentials. The NetSapiens username and password your organization provides at the time of domain onboarding, used to authenticate to your NetSapiens deployment. Passwords are AES-256-GCM encrypted at rest and used only to obtain short-lived NetSapiens API tokens.
• End-user accounts. For each NetSapiens user we sync, we store: extension number, display name, email address (if present in NetSapiens), site, and department.
• Call metadata. For each call, the caller and callee phone numbers / extensions, direction (inbound / outbound / internal), start and end timestamps, duration, and the NetSapiens call ID.
• Call recordings. Audio recordings are stored by your NetSapiens provider, not by us. We hold the URL pointing at each recording so it can be processed; the audio itself is streamed directly from NetSapiens to our transcription subprocessor (see section 5) and is not persisted on Voipcom AI infrastructure.
• Transcripts and AI analysis. The text transcript produced from each recording, and the structured analysis (summary, sentiment, action items, technician notes, ticket notes, etc.) produced from that transcript.
• Browser-side session data (Chrome extension only). The extension stores in chrome.storage.local: a short-lived authentication token, the signed-in user's display name and extension, and a "scope" preference (Mine / My site / Domain). Nothing else. No analytics, no tracking, no third-party scripts.
• Server logs. Standard HTTP access logs (IP, path, status code, timing, request ID), retained for operational troubleshooting.

We do not collect:

• Browsing history outside platform.voipcom.ai.
• Keystrokes, screen contents, or microphone input.
• Precise location.
• Financial or payment-card data (billing is handled out-of-band).
• Special category data (health, biometric, etc.) — except to the extent it may incidentally appear in the content of a phone call.

3. How we use it

We use the data above only to:

• Authenticate users and authorize access to their own organization's calls.
• Transcribe and analyze phone calls (this is the core feature).
• Display calls, transcripts, and analyses in the extension and the admin / reseller web portals.
• Send transactional notification emails when a customer has configured the email integration (e.g. "your call has been analyzed").
• Operate, secure, monitor, and improve the Service.
• Meet legal and contractual obligations.

We do not sell personal data. We do not use call content, transcripts, or analyses to train AI models — yours or anyone else's. We do not show advertising.

4. The Chrome extension specifically

The Voipcom AI Chrome extension is the user-facing component. It is a thin client over our API at platform.voipcom.ai. Concretely:

• The extension only ever makes network requests to https://platform.voipcom.ai/*. The host_permissions in its manifest reflects exactly that — no other origin is accessible.
• Locally it stores: a JWT auth token, a minimal user record (name, extension, domain, role), and one preference (the calls-list scope). All of it can be cleared by signing out, removing the extension, or clearing your Chrome storage for it.
• It uses Chrome's storage, sidePanel, and alarms APIs. The alarms permission powers a once-per-minute background refresh that updates the toolbar badge with the count of calls currently being processed; it does not access the contents of the calls outside of that count.
• The extension contains no analytics, telemetry, third-party scripts, advertising SDKs, or remote code. All JavaScript ships in the extension package and is reviewable by Google before publication.

5. Who we share it with

We share data only with the following categories of recipients, and only to the extent necessary to operate the Service:

• Google LLC — Google Gemini API. Call recording URLs and the audio fetched at those URLs are sent to Gemini for speech-to- text transcription and analysis. Transcripts and the resulting structured analysis are returned and stored by us. Google's processing is governed by the Google Cloud Data Processing Addendum.
• DigitalOcean, LLC — application hosting and managed database / cache services. Data is stored in the United States.
• Twilio SendGrid — used only if your organization has enabled the email integration. SendGrid transmits the transactional email containing the call summary and transcript to the recipients you have configured.
• Your NetSapiens provider — we read your call metadata and recordings from your existing NetSapiens deployment via its API. The Service does not change your relationship with your PBX provider.

We will disclose data when legally compelled to do so (subpoena, court order). We will notify your organization's administrator first where permitted by law.

6. How long we keep it

• Call metadata, transcripts, and analysis — for the duration of your service contract. On contract termination or written deletion request, the data is removed from active systems within 30 days and from encrypted backups within 90 days.
• NetSapiens credentials — until you remove the relevant domain from the admin portal, or until contract termination.
• Server logs — typically 30 days.
• Browser-side extension state — until you sign out, uninstall the extension, or clear browser storage. Auth tokens expire automatically after 12 hours regardless.

7. Security

• All data in transit is encrypted with TLS 1.2+.
• Sensitive credentials (NetSapiens passwords, OAuth refresh tokens) are encrypted at rest with AES-256-GCM using a key held only by the application process.
• Database access requires TLS and is restricted to the production application's runtime; there is no public access to the database.
• Authentication tokens are short-lived JWTs (12 hours for end-users, 2 hours for platform administrators, 4 hours for resellers).
• Three independent authentication tiers (end-user / reseller / platform administrator) with separate signing secrets, so a compromise of one tier does not escalate to another.
• All code that mutates per-domain state holds a Postgres advisory lock, preventing concurrent writes on the same domain.

No system is perfectly secure. If you believe you have found a vulnerability, please email [email protected].

8. Your rights

Depending on where you live (GDPR in the EU/UK, CCPA in California, etc.) you may have the right to:

• Access the personal data we hold about you.
• Correct it if it is inaccurate.
• Delete it, subject to legitimate operational and legal retention.
• Receive it in a portable format.
• Object to processing, or withdraw consent where processing relies on consent.
• Lodge a complaint with your local data protection authority.

Because the Service is sold to businesses, end-users (e.g. employees whose calls are analyzed) should typically direct requests to their own employer first. We will respond promptly to verified requests from the business customer that controls the data, or — at our discretion — to an end-user where their employer is non-responsive and the request is plainly legitimate.

Send rights requests to [email protected].

9. Changes to this policy

We may update this policy as the product evolves or as the law requires. Material changes (new categories of data, new subprocessors, materially different uses) will be announced via email to administrators of customer organizations at least 14 days before taking effect. The "Last updated" date at the top of this page always reflects the current version.

10. Contact

Privacy questions and rights requests: [email protected]
Security reports: [email protected]
General support: [email protected]