Privacy Policy

Last updated: 2026-04-22

Summary

VoxBooster processes voice audio locally on your PC. Voice data is never uploaded to our servers. What we do store: your account (email, hashed password), subscription status, device fingerprints (for license enforcement), and payment records from gateways.

1. Who we are

The data controller is [LEGAL ENTITY NAME] (“we”), registered at [COMPANY ADDRESS], contact privacy@voxbooster.com.

2. Data we collect

Account data. Email, name (optional), hashed password (Argon2id), preferred language, country inferred from IP at signup.

Subscription data. Plan, status, billing period dates, the payment gateway you used (Stripe / crypto / Kiwify / PIX manual / gift card), and a record of each payment (amount, currency, timestamp, last 4 digits of the card where applicable — never the full card number, which stays with the gateway).

Device data. A one-way hash of your hardware fingerprint (CPU ID + motherboard serial + primary MAC + Windows install ID + disk serial → SHA-256), OS version, client version, last-seen IP + country. Used to enforce device limits and prevent trial abuse.

Audio data. None is transmitted to us. All voice transformation runs locally on your Windows PC. We never receive your microphone stream or any derivative of it.

Usage analytics. Aggregated, cookie-less page metrics via Cloudflare Web Analytics on voxbooster.com (no cross-site tracking). The Windows client does not phone home beyond the periodic license heartbeat described below.

License heartbeat. The Windows client sends a heartbeat every 30 minutes to api.voxbooster.com containing your license token, hardware hash, and IP. This is necessary to detect revocation, device sharing, and fraud.

3. How we use your data

  • Operate your account and authenticate logins;
  • Process and record payments;
  • Enforce license terms and device limits;
  • Respond to support requests;
  • Send transactional emails (account confirmation, payment receipts, cancellation notices);
  • Send marketing emails only with opt-in consent, which you can withdraw any time.

We do not sell your personal data and we do not use it to train AI models.

4. Legal bases (GDPR / LGPD)

  • Contract performance — processing required to deliver the subscribed Service (account, billing, license enforcement);
  • Legal obligation — tax and financial record retention;
  • Legitimate interest — fraud prevention, device abuse detection;
  • Consent — marketing emails, optional analytics beyond essentials.

5. Sharing

We share personal data only with:

  • Payment gateways (Stripe, Kiwify, Coinbase Commerce, NOWPayments) — to process your payments. They are independent data controllers for their own records;
  • Email provider (Resend) — to deliver transactional and opt-in marketing email;
  • Error tracking (Sentry) — crash and error diagnostics, with PII scrubbing enabled;
  • Cloudflare — edge delivery, DDoS protection, WAF;
  • Neon — managed Postgres hosting (US-East AWS region).

We do not share with advertisers.

6. International transfers

Data is stored primarily in AWS US-East (Neon) and on Cloudflare’s global edge. For EEA/UK users, transfers outside the EEA are made under the EU Standard Contractual Clauses.

7. Retention

  • Account data: kept while your account exists, plus 5 years for tax/accounting compliance after deletion;
  • License heartbeat log: 90 days, then purged;
  • Webhook event log: 2 years (financial records);
  • Marketing consent: retained as long as you remain opted in.

8. Your rights

Under GDPR, LGPD, and similar laws you can request:

  • Access to the personal data we hold about you;
  • Rectification of inaccurate data;
  • Erasure of your account and associated personal data (“right to be forgotten”);
  • Data portability (a machine-readable export);
  • Restriction of processing or objection to legitimate-interest processing;
  • Withdrawal of consent for marketing at any time.

Use the Delete account action in your dashboard or email privacy@voxbooster.com. We respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority (ANPD in Brazil; your national DPA in the EEA; the ICO in the UK).

9. Cookies

We use a strictly necessary cookie named session for authentication. No advertising or cross-site tracking cookies are set.

10. Security

Passwords are hashed with Argon2id. TLS is enforced end-to-end. Secrets are stored in Cloudflare Workers Secret Store and Neon’s encrypted-at-rest storage. We audit accesses to production data.

In the event of a personal data breach affecting your rights, we will notify you and the competent authority within 72 hours where required by law.

11. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children under 13.

12. Changes

We may update this Policy. Material changes will be announced via email to active users at least 15 days before taking effect.

13. Contact

privacy@voxbooster.com — Data Protection Officer (or the designated representative) at [COMPANY ADDRESS].

Disclaimer. This document is a template. Before operating in production you must review it with qualified counsel in each jurisdiction where you offer the service (Brazil: LGPD + CDC; EU/UK: GDPR; US: state-level privacy laws). VoxBooster is not a law firm.