VoxConnectSign in

Privacy Policy

Last updated: 2 March 2026

1. Introduction

Longworths Holdings UK Limited, trading as VoxConnect ("we", "us", "our"), is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and share personal data when you use the VoxConnect platform ("Service").

We are registered as a data controller with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Data Controller

The data controller for the purposes of this Privacy Policy is:

  • Company: Longworths Holdings UK Limited (trading as VoxConnect)
  • Company No.: 16248412
  • Registered office: 45 Fitzroy Street, Fitzrovia, 4th Floor, Silverstream House, London, W1T 6EB
  • Email: privacy@voxconnect.io

3. What Data We Collect

3.1 Account Data

When you create an account, we collect:

  • Name and email address
  • Organisation name and business details
  • Contact information (phone number, address)
  • Billing information (processed by Stripe/GoCardless; we do not store full card numbers)

3.2 Usage Data

When you use the Service, we automatically collect:

  • Call metadata (timestamps, duration, phone numbers dialled/received)
  • Platform usage analytics (pages visited, features used)
  • Technical data (IP address, browser type, device information)
  • API usage and rate limiting data

3.3 Call Data

When calls are processed through the Service, the following data may be collected depending on your configuration:

  • Call recordings (audio files)
  • Call transcriptions (text)
  • AI agent interaction logs
  • Caller/recipient phone numbers
  • Call sentiment analysis data

3.4 Knowledge Base Data

If you upload documents to your knowledge base, we store those documents and their vector embeddings to enable AI retrieval-augmented generation (RAG).

4. How We Use Your Data

We process personal data for the following purposes and lawful bases:

PurposeLawful Basis (Article 6 UK GDPR)
Providing and operating the ServicePerformance of a contract (Art. 6(1)(b))
Processing payments and billingPerformance of a contract (Art. 6(1)(b))
Sending service-related communicationsLegitimate interests (Art. 6(1)(f))
Improving the Service and fixing issuesLegitimate interests (Art. 6(1)(f))
Preventing fraud and abuseLegitimate interests (Art. 6(1)(f))
Complying with legal obligations (Ofcom, ICO, tax)Legal obligation (Art. 6(1)(c))
Marketing communications (with consent)Consent (Art. 6(1)(a))

5. Data Sharing

We share personal data with the following categories of recipients:

  • Payment processors: Stripe and GoCardless process your payment information under their own privacy policies
  • AI model providers: When your AI agents process calls, conversation data is sent to the LLM, TTS, and STT providers you have configured (e.g., OpenAI, Anthropic, Google, ElevenLabs, Deepgram). You provide your own API keys and are the controller for this data sharing
  • Infrastructure providers: We use cloud hosting and storage services to operate the platform
  • Telephony providers: SIP trunk providers and number providers process call routing data
  • Professional advisors: Legal, audit, and accounting professionals as needed
  • Law enforcement: Where required by law or court order

We do not sell your personal data to third parties. We do not use your call data to train AI models.

6. International Data Transfers

Some of the third-party AI model providers you configure may process data outside the UK. When this occurs:

  • You are responsible for ensuring that your chosen providers offer adequate safeguards (such as UK International Data Transfer Agreements, Standard Contractual Clauses, or processing in countries with UK adequacy decisions)
  • Our own infrastructure is hosted within the UK/EEA. We use appropriate safeguards for any transfers outside this region

7. Data Retention

We retain personal data only for as long as necessary:

  • Account data: retained for the duration of your subscription plus 30 days after termination for data export
  • Call recordings: retained according to your configured retention settings, with a default of 90 days. You may configure shorter or longer periods depending on your legal requirements
  • Call transcriptions and logs: retained for up to 12 months or as configured
  • Billing records: retained for 7 years as required by HMRC
  • Complaint records: retained until the complaint is fully resolved, including any CISAS adjudication, plus a further 12 months

8. Data Security

We implement appropriate technical and organisational measures including:

  • Encryption in transit (TLS 1.2+) for all data
  • Encryption at rest (AES-256) for sensitive data including API keys and recordings
  • Tenant isolation ensuring each organisation's data is separated at the database level
  • Role-based access control (RBAC) within each tenant
  • Regular security monitoring and logging
  • Secure authentication via OAuth 2.0 and optional SSO (SAML/OIDC)

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you
  • Right to rectification: request correction of inaccurate data
  • Right to erasure: request deletion of your data where there is no compelling reason for continued processing
  • Right to restrict processing: request that we limit how we use your data
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects

To exercise any of these rights, contact us at privacy@voxconnect.io. We will respond within one month.

10. Cookies

We use essential cookies to operate the Service (session management, authentication). We do not use third-party tracking or advertising cookies. Essential cookies do not require consent under PECR.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

12. Data Breaches

In the event of a personal data breach, we will notify the ICO within 72 hours where the breach is likely to result in a risk to individuals' rights and freedoms. We will also notify affected individuals without undue delay where the breach is likely to result in a high risk.

13. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the Information Commissioner's Office:

We would appreciate the opportunity to address your concerns directly before you approach the ICO. Please contact us at privacy@voxconnect.io.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and update the "last updated" date above.