Privacy Policy

How we collect, use, and protect your personal data.

Last updated: January 29, 2026

1. Introduction & Scope

Axisco Limited (Company No. 719359), trading as AxisVoice ("AxisVoice," "we," "us," "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered voice platform and services.

We process personal data in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other applicable data protection legislation.

Controller/Processor Role

For self-serve sign-ups, website visitors, and direct marketing, AxisVoice acts as a Data Controller. For enterprise accounts where AxisVoice processes data on behalf of a customer, AxisVoice acts as a Data Processor. Where we act as a processor, our Data Processing Addendum (DPA) governs in the event of any conflict with this Privacy Policy.

Data Controller

Axisco Limited t/a AxisVoice
Company No. 719359 • VAT IE4394050GH
Barnacoille, Kilmacanogue, Co. Wicklow, A98H009, Ireland
privacy@axisvoice.com

2. Data Protection Principles

We adhere to the following GDPR data protection principles:

1

Lawfulness, Fairness & Transparency

Data is processed lawfully, fairly, and transparently.

2

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes only.

3

Data Minimisation

We collect only data that is adequate, relevant, and limited to what is necessary.

4

Accuracy

Data is kept accurate and up to date.

5

Storage Limitation

Data is retained only for as long as necessary.

6

Integrity & Confidentiality

Data is processed securely with appropriate technical and organisational measures.

3. Data We Collect

We collect the following categories of personal data:

3.1

Identity Data

First name, last name, username, and avatar image.

3.2

Contact Data

Email address, telephone number, billing address, and business address.

3.3

Technical Data

IP address, browser type and version, time zone setting, operating system, device type, unique device identifiers, and other diagnostic data collected automatically when you access our services.

3.4

Usage Data

Information about how you use our platform, including page views, features accessed, session duration, and interaction patterns. We use PostHog (EU-hosted) for product analytics.

3.5 AI Voice & Communications Data

If you enable our voice AI features or connect telephony, we may process:

  • Audio recordings of phone calls handled by AxisVoice
  • Transcripts generated from call audio
  • Call metadata (caller ID, duration, timestamps, call disposition)
  • Interaction logs and AI-generated summaries
Important: Our Customers are responsible for obtaining all required notices and consents from their callers before calls are processed by our AI system.

3.6 Caller Data

When our Customers receive calls through our platform, we process personal data about their callers on their behalf. This "Caller Data" may include:

  • Caller name and phone number(s)
  • Date of birth (if collection is enabled by the business)
  • Address information (if collection is enabled)
  • Gender (inferred from voice, if enabled)
  • Any other information the caller provides during the call
Important: For Caller Data, our customer (the business using AxisVoice) is the Data Controller. AxisVoice acts as a Data Processor. Callers should contact the business they called to exercise their data protection rights regarding this data.
3.7

Financial Data

Payment card details and billing information processed via Stripe. We do not store full card numbers on our systems; all payment processing is handled by our PCI-DSS compliant payment processor.

3.8

Marketing & Communications Data

Your preferences for receiving marketing communications and your communication history with us.

3.9

Sensitive Personal Data

We do not seek to collect sensitive categories of personal data (e.g., health information, racial or ethnic origin, political opinions) unless strictly necessary and with your explicit consent.

4. How We Use Your Data & Legal Bases

We process your personal data for the following purposes:

PurposeLegal Basis (GDPR)
Provide and maintain our servicesContractual Necessity
Process payments and invoicingContractual Necessity
Respond to enquiries and provide supportLegitimate Interest
Improve platform features and user experienceLegitimate Interest
Send service updates and notificationsContractual Necessity
Send marketing communicationsConsent
Detect fraud and ensure securityLegitimate Interest
Comply with legal and regulatory requirementsLegal Obligation

Note on AI Training

We have explicitly opted out of data training with our primary voice AI providers. Your customer call data is NOT used to train general foundation models. We do not use your Communications Data to train third-party AI systems.

5. Who We Share Data With

We may share personal data with the following categories of recipients:

Sub-processors

Third-party service providers bound by data processing agreements. See our Trust Center for a complete list. View list →

Professional Advisers

Lawyers, auditors, accountants, and insurers who provide professional services to us.

Regulatory Authorities

Government bodies, regulators, and law enforcement where required by law or to protect our legal rights.

Business Transfers

In connection with a merger, acquisition, or sale of assets. We will notify you of any such change.

We do not sell your personal data.

We do not share personal data for cross-context behavioural advertising.

6. Data Storage, Transfers & Security

6.1 Data Residency

Our primary infrastructure is designed with EU data residency in mind:

Database (Supabase)Ireland, EU
Analytics (PostHog)Germany, EU
Application (Vercel)Hybrid (US/EU edge)

6.2 International Transfers

When we transfer personal data outside the EEA/UK, we rely on:

  • EU-US Data Privacy Framework (DPF) where the recipient is certified
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement (IDTA) for UK transfers
  • Supplementary technical and organisational measures as appropriate

6.3 Security Measures

Encryption in transit (TLS 1.2+) and at rest (AES-256)
Access controls and role-based permissions
Regular security assessments and penetration testing
Employee security training and confidentiality obligations
Incident response procedures and breach notification
SOC 2 Type II certified sub-processors

6.4 Incident Notification

If we become aware of a data breach affecting personal data, we will notify affected parties and relevant supervisory authorities without undue delay and within the timeframes required by applicable law (72 hours under GDPR where feasible).

7. Data Retention

We retain personal data only for as long as necessary. Retention periods are based on the nature and sensitivity of the data, processing purposes, legal requirements, and potential risk of harm.

Data TypeRetention Period
Account DataDuration of account + 6 years (tax/legal)
Call Recordings & TranscriptsPer your config (default: 90 days)
Usage AnalyticsIdentifiable: 24 months; Aggregated: indefinitely
Marketing DataUntil consent withdrawn or 3 years inactive

When data is no longer needed, it is securely deleted or anonymised.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to provide functionality and analyse usage:

Essential Cookies

Required for the platform to function (no consent required)

Analytics Cookies

Help us understand how you use our services (PostHog)

Preference Cookies

Remember your settings and preferences

For full details, see our Cookie Policy.

Do Not Track & Global Privacy Control: We honour GPC signals and DNT preferences where required by applicable law.

9. Your Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

Right to Access

Request copies of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your data ("Right to be Forgotten")

Right to Restriction

Request that we limit how we process your data

Right to Object

Object to processing, including for direct marketing

Right to Portability

Receive your data in a structured, machine-readable format

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent

We will respond to all legitimate requests within one month. If your request is complex, we may extend this by a further two months with prior notice.

Right to Lodge a Complaint: You may lodge a complaint with your local supervisory authority. For Ireland, this is the Data Protection Commission.

To exercise your rights, contact us at privacy@axisvoice.com.

10. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have additional rights:

Right to Know

Request disclosure of the categories and specific pieces of personal information we have collected

Right to Delete

Request deletion of your personal information, subject to certain exceptions

Right to Correct

Request correction of inaccurate personal information

Right to Opt-Out

We do not sell personal information or share it for cross-context behavioural advertising

Right to Limit Use

Limit use of sensitive personal information to what is necessary for services

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights

To exercise your California privacy rights, email privacy@axisvoice.com with subject line "California Privacy Rights Request."

11. Marketing Communications

We may send you marketing communications if you have:

  • Requested information or a demo from us
  • Purchased or subscribed to our services
  • Explicitly opted in to receive marketing communications

Opting Out

Unsubscribe via the link in any marketing email, email us at privacy@axisvoice.com, or update your preferences in account settings. Essential service communications cannot be opted out of.

12. Children's Privacy

AxisVoice is a business-to-business service and is not directed at children. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA) without appropriate parental consent. If we learn that we have collected such data, we will delete it promptly. If you believe we have collected such data, please contact us immediately.

13. Sub-processors

We use third-party service providers to deliver our services. All sub-processors are vetted for security and compliance and are bound by data processing agreements.

A complete, transparent list of our sub-processors—including their location, purpose, and entity type—is maintained in our Trust Center →

For international transfers to the United States, we rely on Data Privacy Framework (DPF) certifications or Standard Contractual Clauses (SCCs) to ensure GDPR compliance.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Post the updated Privacy Policy on this page
  • Update the "Last Updated" date at the top
  • Notify registered users via email if the changes are material
  • Obtain your consent to material changes where required by law

Your continued use of our services after modifications constitutes acknowledgment of the updated Privacy Policy. Prior versions are available upon request.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

By Email

privacy@axisvoice.com

By Post

Axisco Limited t/a AxisVoice
Barnacoille, Kilmacanogue, Co. Wicklow, A98H009, Ireland

We aim to respond to all enquiries within 5 business days.

This Privacy Policy is governed by the laws of Ireland, except where otherwise required by applicable data protection law.

Axis Voice