Legal

Data Processing Addendum

Last updated: May 11, 2026

This DPA summarizes the intended processor terms for customers using Voz with personal data.

Roles

For workspace data submitted by customers, the customer acts as controller and Voz acts as processor.
For waitlist, billing, account, and security data, Voz may act as an independent controller.
The parties will cooperate to meet applicable GDPR obligations.

Processing scope

We process customer data to provide AI visibility tracking, reporting, alerting, support, security, and billing.
Processing may include brand names, domains, prompts, competitor names, user emails, and operational metadata.
Customers should avoid submitting sensitive personal data into prompts or workspace fields.

Security

Voz applies access controls, encrypted transport, hashed credentials, and operational safeguards appropriate for MVP scale.
Production secrets are not committed to source control.
Access to production data is limited to service operation and customer support needs.

Sub-processors

Voz may use hosting, database, email, billing, observability, and LLM providers to deliver the service.
Where required, sub-processors will be bound by data protection terms.
A current sub-processor list will be made available before general availability.

Deletion and return

Customers may delete workspace data through the product where supported.
Backups and logs may persist for a limited operational retention window.
We will assist with reasonable export or deletion requests during early access.

Initial operating version pending final legal review.