Privacy Policy

Effective: 23 March 2026

1. Who We Are

Voqu.ai is operated by InferShift Ltd, a company registered in England and Wales.

  • Company name: InferShift Ltd (trading as Voqu.ai)
  • Company number: 16315093
  • Registered address: 128 City Road, London, United Kingdom, EC1V 2NX
  • Data protection contact: privacy@voqu.ai

InferShift Ltd is the data controller for the personal data of our business customers. When our customers use Voqu to handle phone calls for their business, InferShift Ltd acts as a data processor on behalf of the customer (who is the data controller for their callers’ data).

2. About This Policy

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website (voqu.ai) and the Voqu platform (app.voqu.ai). It applies to two categories of individuals:

  • Business users — people who create a Voqu account and use the platform to manage AI voice agents for their business.
  • Callers — people who call a business that uses Voqu to handle its phone calls.

We are committed to protecting your personal data and being transparent about how we use it. This policy is written in plain English and is designed to be easy to understand.

3. Information We Collect — Business Users

When you create an account and use the Voqu platform, we collect the following information:

Account information

  • Email address (required for registration and communication)
  • Full name (optional, used for personalisation)
  • Password (stored securely using one-way hashing — we cannot see your password)

Payment information

  • Payment card details are collected and processed securely by our payment processor. We do not store your full card number on our servers.
  • Subscription plan, billing cycle, and payment history

Service configuration

  • Phone numbers purchased through the platform
  • Voice agent configurations including prompts, instructions, and voice preferences
  • Integration settings and credentials (encrypted at rest)

Usage and preferences

  • Call volumes, minutes used, and dashboard analytics
  • Display preferences such as theme and timezone
  • Notification preferences

4. Information We Collect — Callers

When you call a business that uses Voqu to handle its phone calls, the following information may be collected during the call:

  • Voice recordings — audio of the phone call
  • Conversation transcripts — text generated from the audio
  • Your phone number (caller ID)
  • Call metadata — date, time, duration, and call outcome
  • Any information you voluntarily provide during the call, such as your name, email address, or appointment details

This data is collected during phone calls to businesses that use the Voqu service. The business you called is the data controller for this information, and Voqu processes it on their behalf.

5. How We Use Your Information

We only use your personal data where we have a lawful basis to do so under the UK General Data Protection Regulation (UK GDPR). The table below sets out the purposes for which we process personal data and the lawful basis for each.

Account creation and management

  • Data used: email, name, password
  • Lawful basis: Performance of a contract (Article 6(1)(b)) — necessary to provide you with the Voqu service

Payment processing

  • Data used: payment details, billing information
  • Lawful basis: Performance of a contract (Article 6(1)(b)) — necessary to process your subscription payments

AI voice agent service delivery

  • Data used: voice recordings, transcripts, call metadata
  • Lawful basis: Legitimate interests (Article 6(1)(f)) — necessary to provide the AI voice agent service to our business customers and their callers

Call recording and transcription

  • Data used: voice recordings, conversation transcripts
  • Lawful basis: Legitimate interests (Article 6(1)(f)) — quality assurance, service improvement, and providing call records to our business customers

Appointment booking and SMS notifications

  • Data used: contact information provided during calls, phone number
  • Lawful basis: Legitimate interests (Article 6(1)(f)) — fulfilling requests made by callers during conversations

Service improvement and analytics

  • Data used: aggregated and anonymised usage data
  • Lawful basis: Legitimate interests (Article 6(1)(f)) — improving the quality and reliability of our service

Security and fraud prevention

  • Data used: technical data, access logs
  • Lawful basis: Legitimate interests (Article 6(1)(f)) — protecting our systems and users from unauthorised access

Tax and accounting

  • Data used: billing records, transaction history
  • Lawful basis: Legal obligation (Article 6(1)(c)) — compliance with HMRC tax record-keeping requirements

6. Third-Party Service Providers

We use a limited number of trusted service providers to operate the Voqu platform. All of our service providers process and store data exclusively within UK-based data centres. Each provider is bound by a data processing agreement and is required to protect your data to the standards set out in this policy.

Our service providers fall into the following categories:

  • Cloud hosting provider — hosts our infrastructure within the UK
  • Database and authentication provider — securely stores user accounts, call records, and recordings within the UK
  • Payment processor — handles subscription billing and payment processing
  • Telephony provider — provides phone number provisioning, call routing, and SMS delivery
  • AI language model provider — processes and generates conversational responses during calls
  • Voice synthesis provider — generates natural-sounding speech for AI voice agents
  • Real-time voice processing provider — handles voice call infrastructure (audio is processed in real-time and not stored by this provider)
  • Appointment scheduling provider — manages calendar integration and appointment booking
  • Enterprise database provider — provides database connectivity services where customers use this integration

A full list of our specific sub-processors is available upon request. Please contact privacy@voqu.ai.

7. International Data Transfers

All personal data is processed and stored within the United Kingdom.

Our service providers operate UK-based data centres and are contractually required to process your data within the UK. We do not transfer your personal data outside the United Kingdom.

If this position changes in the future, we will update this policy and ensure appropriate safeguards are in place — such as the UK International Data Transfer Agreement (IDTA) or the UK extension to the EU-US Data Privacy Framework — before any transfer occurs.

If you have questions about where your data is stored, please contact privacy@voqu.ai.

8. Cookies and Similar Technologies

We use a minimal number of cookies and similar technologies, limited to what is strictly necessary to operate our service:

  • Authentication cookies — strictly necessary to keep you logged in and maintain your session. These are essential for the service to function and do not require consent under the Privacy and Electronic Communications Regulations (PECR).
  • Theme preference — stored locally on your device (using localStorage) to remember your light or dark mode preference. This is not a cookie and does not require consent.

We do not use any third-party analytics, tracking, or advertising cookies. We do not use device fingerprinting or any other tracking technologies.

If we introduce non-essential cookies in the future, we will update this section and implement a consent mechanism before doing so.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. The specific retention periods for each type of data are set out below:

Account data (email, name, preferences)

  • Retained for the duration of your account plus 6 years after closure, in line with the Limitation Act 1980 for contractual claims.

Call recordings and transcripts

  • Basic plan: retained for 30 days from the call date
  • Advanced plan: retained for 90 days from the call date
  • Pro and Enterprise plans: retained for 12 months from the call date
  • After the retention period, recordings and transcripts are permanently deleted.

Call metadata (date, time, duration, status)

  • Retained for the duration of your account plus 6 years, for analytics and billing purposes.

Payment and billing records

  • Retained for 6 years from the date of the transaction, as required by HMRC.

Integration credentials

  • Retained until the integration is disconnected, plus 30 days for operational cleanup.

Inactive accounts

  • Accounts that have been inactive for 2 years are anonymised or deleted.

10. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at privacy@voqu.ai. We will respond within one calendar month.

Right to be informed

  • You have the right to know how your data is collected and used. This privacy policy fulfils that right.

Right of access

  • You can request a copy of the personal data we hold about you (a Subject Access Request). We will provide this free of charge within one month.

Right to rectification

  • You can ask us to correct any inaccurate or incomplete personal data.

Right to erasure

  • You can ask us to delete your personal data in certain circumstances, for example if the data is no longer necessary for the purpose it was collected, or you withdraw your consent.

Right to restrict processing

  • You can ask us to limit how we use your data while a concern is being resolved.

Right to data portability

  • Where processing is based on consent or contract and is carried out by automated means, you can request your data in a structured, commonly used, machine-readable format.

Right to object

  • You have an absolute right to object to the processing of your data for direct marketing purposes. You also have the right to object to processing based on legitimate interests — we will stop unless we can demonstrate compelling legitimate grounds.

Rights related to automated decision-making

  • You have the right not to be subject to solely automated decisions that produce legal or similarly significant effects. See section 11 for more details.

There is no fee for exercising your rights. We may charge a reasonable fee only if a request is manifestly unfounded or excessive. If we refuse a request, we will explain why and inform you of your right to complain to the ICO.

11. Automated Decision-Making

Voqu uses artificial intelligence to process phone calls on behalf of our business customers. This involves automated processing of voice data to generate conversational responses.

This call handling does not constitute solely automated decision-making that produces legal or similarly significant effects on callers. The AI agent handles routine enquiries such as answering questions, booking appointments, and taking messages. Callers can always request to be transferred to a human team member.

We do not use personal data for profiling or automated decision-making that would have legal or similarly significant effects on individuals.

12. Children’s Privacy

The Voqu platform is a business service. Account registration is restricted to individuals aged 18 or over who are authorised to act on behalf of a business.

Callers to businesses using Voqu may include individuals under 18. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will take steps to delete it promptly.

13. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it:

  • All data is encrypted in transit using TLS and encrypted at rest
  • Database-level access controls ensure that each customer can only access their own data
  • Sensitive credentials such as integration tokens are stored using encrypted vault storage
  • Authentication uses secure, industry-standard protocols
  • We regularly review and update our security practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours and, where required, notify affected individuals without undue delay.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

  • We will update the “Effective date” and “Last updated” dates at the top of this policy.
  • For material changes, we will notify business users via email or in-app notification before the changes take effect.
  • Continued use of the service after notification constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

15. Complaints

If you are unhappy with how we have handled your personal data, you have the right to complain. We encourage you to contact us first so that we can try to resolve your concern:

  • Internal complaint: email privacy@voqu.ai. We will acknowledge your complaint within 30 days and work to resolve it.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

16. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

  • Data protection enquiries: privacy@voqu.ai
  • General support: support@voqu.io
  • Post: InferShift Ltd, 128 City Road, London, United Kingdom, EC1V 2NX