Privacy Policy
How Voxial collects, processes and protects your personal data,
in compliance with the GDPR. Updated on 22/04/2026.
Voxial is an AI-powered phone answering platform, developed and operated by Influentbutton, Lda., headquartered at Parque Tecnológico de Óbidos, Rua da Criatividade, Edifício Centrais, 2510-230 Óbidos, Portugal.
For the purposes of the General Data Protection Regulation (GDPR — EU Regulation 2016/679), Influentbutton, Lda. is the Data Controller for data collected through the website voxial.pt and the portal at app.voxial.pt.
DPO / Privacy contact: privacidade@voxial.pt
We collect personal data in the following situations:
| Source | Data collected |
|---|---|
| Contact form / demo request | Name, e-mail, company, phone (optional), message |
| Account creation / checkout | Name, e-mail, phone, billing address, VAT number |
| Platform usage | Call records, transcriptions, Assistant configurations, interaction data |
| Payment (Stripe) | Card data processed directly by Stripe — we do not access the full card number |
| Website browsing | IP address, browser type, pages visited (via analytics cookies — see section 8) |
We do not intentionally collect special category data (health, ethnic origin, religion, etc.). If such data appears in call content, it is processed under the terms of the contract with the Client.
Your data is used exclusively for the purposes listed below:
- Service provision — operating the platform, processing calls, generating transcriptions and reports
- Contract management and billing — issuing invoices, collecting payments via Stripe, account communications
- Technical support — responding to help requests and diagnosing issues
- Security and fraud prevention — monitoring for anomalous activity
- Legal compliance — responding to regulatory and tax obligations
- Commercial communications — with your express consent, sending Voxial news and offers
Call content and your end customers' data is never used to train AI models, whether proprietary or by sub-processors.
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Contracted service provision | Performance of contract (Art. 6(1)(b)) |
| Billing and tax obligations | Legal obligation (Art. 6(1)(c)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Commercial communications | Consent (Art. 6(1)(a)) |
| Website analytics | Consent (Art. 6(1)(a)) or legitimate interest in aggregated metrics |
We do not sell or share personal data with third parties for their own commercial purposes. We use sub-processors to operate the service:
- Autocalls / AI Platform — call processing and language models (AWS EU servers)
- Stripe, Inc. — payment processing (PCI DSS Level 1 certified)
- Vendus (Vendus Online, Lda.) — certified electronic invoice issuance
- Amazon Web Services (AWS) — cloud infrastructure, eu-central-1 region (Frankfurt, Germany)
- SMTP providers — sending transactional e-mail notifications
All sub-processors are bound by a Data Processing Agreement (DPA) and operate within GDPR guarantees.
Data is hosted primarily on AWS servers in Germany (EU/EEA).
Certain AI components (third-party language models) may process data outside the EEA. In these cases, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.
You may request detailed information about current transfers by writing to privacidade@voxial.pt.
- Active account data — throughout the duration of the contract
- After cancellation — 30 days for Client export; then permanent deletion of operational data
- Invoices and tax data — 10 years (legal obligation)
- Security logs — 12 months
- Contact forms / leads — 24 months from last contact
The website voxial.pt uses cookies for:
- Strictly necessary cookies — session, language preferences, CSRF security (no consent required)
- Analytics cookies — visit metrics (consent required)
- Marketing cookies — retargeting and conversion (consent required)
You can manage your cookie preferences at any time via the cookie banner or your browser settings.
As a data subject, you have the following rights:
- Access — obtain confirmation and a copy of the data we process about you
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data ("right to be forgotten"), subject to legal obligations
- Restriction — restrict processing in certain circumstances
- Portability — receive your data in a structured format (CSV/JSON)
- Objection — object to processing based on legitimate interest
- Withdrawal of consent — at any time, without affecting prior processing
To exercise any right, contact us at privacidade@voxial.pt. We respond within a maximum of 30 days.
You also have the right to lodge a complaint with your national supervisory authority (e.g. the ICO in the UK, or the CNPD in Portugal at cnpd.pt).
We implement appropriate technical and organisational measures to protect your data:
- Encrypted communications with TLS 1.2+
- Data at rest encrypted (AES-256)
- Role-based access control (RBAC)
- Two-factor authentication available on the portal
- Continuous monitoring and audit logs
- Security incident response plan
In the event of a data breach posing a risk to data subjects, we will notify the supervisory authority within 72 hours and affected individuals without undue delay.
Voxial is an exclusively B2B service — we do not intentionally collect personal data from individuals under 18.
If you become aware that data from a minor has been provided, contact us immediately at privacidade@voxial.pt for immediate removal.
We may update this Privacy Policy to reflect legal, technological or service changes. When changes are material, we will notify Clients with at least 30 days' notice by e-mail.
The version in force is always the one published on this page, with the update date shown at the top.