Privacy Policy
The short version: your customers' feedback is parsed in your browser and never reaches our servers — we only hold the handful of account details we need to run your subscription.
Placeholders to finalise. Items in [square brackets] — the legal entity, registered address, and the "last updated" date — are awaiting sign-off and will be confirmed before this policy is published. This page is intended to be accurate about how the product works today; the wording is still under legal review.
Last updated: [DATE — to be finalised] · Applies to: the VoC web app, marketing site, and account dashboard.
1. Who we are & what this covers
VoC is a self-serve, white-label platform for EU omni-channel retailers. You drop in customer-feedback exports — Trustpilot, Bazaarvoice, NPS surveys, Google reviews, App Store and Play Store, and similar — and VoC builds a branded, interactive Voice-of-the-Customer dashboard and a board-ready deck, in minutes.
This policy explains what personal data we process when you use VoC, why, and the rights you have. It is written to be read, not just filed — plain language first, the legal detail underneath.
The data controller for your account data is [LEGAL ENTITY NAME — to be finalised], [registered address — to be finalised], an EU-based company. Questions? Email privacy@voc.app or use our contact page.
A note on roles
For the customer feedback you analyse, you are the controller and VoC is — by design — barely a processor at all, because that content never leaves your browser (see §3). For your account and billing data, VoC is the controller. Our role for each kind of data is set out below.
2. What we collect
We keep this deliberately small. The only personal data on our servers is what we need to give you an account and take payment.
| What | Why we have it | Where it lives |
|---|---|---|
| Account email address | To create your login, send essential service emails (e.g. password resets, billing receipts), and contact you about your account | Our database (Cloudflare D1) |
| Password — stored only as a salted PBKDF2 hash | To let you sign in securely. We never store, and cannot recover, your actual password | Our database |
| Brand-kit settings | Your logo, colours, and labels so your dashboards and decks come out on-brand | Our database |
| Usage & billing metadata | Subscription status, seat count, plan, trial dates, invoice history — to run your subscription and prevent abuse | Our database + Stripe (see §6) |
| Session token — stored only as a SHA-256 hash | To keep you logged in securely between visits (see §5) | Our database; cookie in your browser |
3. What we do not collect — your customers' feedback
This is the part that matters most, so we'll be blunt about it.
The customer-feedback files you upload are parsed entirely inside your browser. The comment text — and any personal data inside it — is never sent to, stored on, or seen by VoC's servers. All the heavy lifting (parsing the exports, computing the dashboard, building the deck) happens locally, on your machine, while you watch.
- We do not receive your customers' names, emails, review text, ratings, or any other feedback content.
- We have no copy of it to lose, leak, sell, or hand over.
- If you close the tab, that data is gone from the page — it was never anywhere else.
Because that processing is local, you remain the controller of your customers' data and decide how it is handled. Our Data Protection & GDPR page explains the architecture in more detail, including how exports and any optional features are handled.
4. Legal bases for processing
Under Article 6 of the GDPR, we rely on the following bases for the account data described in §2:
| Processing | Legal basis |
|---|---|
| Creating and running your account; authenticating logins; delivering the service you signed up for | Performance of a contract — Art. 6(1)(b) |
| Taking payment and keeping invoice/tax records | Contract — Art. 6(1)(b); and legal obligation for retained records — Art. 6(1)(c) |
| Keeping the service secure, preventing fraud and abuse, and basic product analytics on our own usage data | Legitimate interests — Art. 6(1)(f) |
| Sending optional product news or marketing email, where applicable | Consent — Art. 6(1)(a); withdrawable at any time |
Where we rely on legitimate interests, we have weighed them against your rights and freedoms, and you can object at any time (see §9).
5. Cookies & sessions
We don't run advertising trackers, and we don't sell behavioural data. Our cookie use is functional and minimal.
- Session cookie. When you sign in, we set one
httpOnly,SameSite,Securecookie that keeps you logged in. It holds a random session token. On our servers we store only a SHA-256 hash of that token — never the token itself — so even our own database can't be used to impersonate you. - No third-party advertising or cross-site tracking cookies.
- Local storage in your browser. While you work, the app may keep your in-progress analysis in your browser's local storage so a refresh doesn't lose your place. This stays on your device and is not transmitted to us. Clearing your browser data removes it.
Because our cookie is strictly necessary to provide a service you've asked for, it does not require a consent banner under the ePrivacy rules — but you're entitled to know it's there, so now you do.
6. Sub-processors
We keep our supplier list short on purpose. The companies below process limited account or billing data on our behalf, under data-processing agreements that include EU Standard Contractual Clauses where relevant.
| Sub-processor | What they do for us | Data involved |
|---|---|---|
| Cloudflare, Inc. | Hosting, edge delivery, and our database — Pages, Functions, and D1 (SQLite). The app is served and runs on Cloudflare's network. | Account email, hashed password, brand-kit settings, hashed session token, usage metadata |
| Stripe, Inc. | Subscription billing and payment processing. | Billing email, plan/subscription metadata, and payment details that you provide directly to Stripe — we never see or store full card numbers |
We'll keep this list current. If we add a sub-processor, we'll update this page; if it's a material change, we'll tell account holders in advance (see §11).
7. International transfers
We're EU-based and keep account data within the EU/EEA wherever we can. Some of our sub-processors are US-headquartered global companies (Cloudflare, Stripe) whose networks may process limited account or billing data outside the EEA.
Where data is transferred outside the EEA, it's covered by appropriate safeguards — principally the European Commission's Standard Contractual Clauses, incorporated into our agreements with those providers, plus their own technical and organisational measures. Remember that the data in scope here is account and billing metadata — not your customers' feedback, which never leaves your browser at all.
8. How long we keep things
- Account data — for as long as your account is active. If you close your account, we delete or anonymise your account data within a reasonable period (target: 30 days), except where we must keep something longer by law.
- Billing & invoice records — retained for the period required by EU tax and accounting law (typically up to 10 years, depending on jurisdiction).
- Session tokens — expire automatically; the hashed record is removed when a session ends or expires.
- Customer feedback — we hold none, so there's nothing to retain or delete on our side. It lives only in your browser and any exports you choose to save.
9. Your rights under the GDPR
For the account data we hold about you, you have the right to:
- Access — get a copy of the personal data we hold about you.
- Rectification — have inaccurate or incomplete data corrected.
- Erasure — ask us to delete your data ("right to be forgotten"), subject to legal retention duties.
- Portability — receive your data in a structured, commonly used, machine-readable format.
- Restriction — ask us to pause processing while a query is resolved.
- Objection — object to processing based on our legitimate interests, including any direct marketing.
- Withdraw consent — where we rely on consent, withdraw it at any time, without affecting prior processing.
How to exercise them
Email privacy@voc.app with your request. We'll verify it's really you, then respond within one month (we'll tell you if a complex request needs longer). There's no charge for a reasonable request. You also have the right to lodge a complaint with your local data protection supervisory authority — though we'd genuinely appreciate the chance to put things right first.
10. Children
VoC is a business tool, sold to and used by retail organisations and their staff. It is not directed at children, and we don't knowingly collect personal data from anyone under 16. If you believe a child has created an account, contact us at privacy@voc.app and we'll remove it.
11. Changes to this policy
We may update this policy as the product evolves or the law changes. When we do, we'll revise the "last updated" date above. For material changes — a new sub-processor, a new category of data, a change in legal basis — we'll give account holders advance notice by email or in the app before the change takes effect.
12. Contact
Privacy questions, data requests, or anything that doesn't sit right: privacy@voc.app. For general help, support@voc.app; for sales, sales@voc.app. You can also reach us via the contact page.
Related reading: our Data Protection & GDPR overview (the architecture, in detail) and our Terms of Service. New here? You can start a free 14-day trial — no credit card needed.