Version 2026-06-09 · effective 2026-06-09

AIVoice Privacy Policy

How StarCloudIT processes account data, billing, AI assistant data, voice, chat, RAG documents, calendars, security logs and support requests.

For customer-configured assistant data, StarCloudIT usually acts as processor and the customer acts as controller toward its end users.

1. Controller and roles

StarCloudIT, Morszczukowa 3, 85-435 Bydgoszcz, Poland, is controller for account, billing, security, contact and support data. Contact: rs.starcloudit@gmail.com.

For customer assistant data, widgets, RAG documents, conversations and calendar integrations, the customer usually decides the purposes and StarCloudIT processes data on the customer's instructions.

2. Data categories

We process account and tenant data, team roles, security settings, sessions, passkeys, API key metadata, assistant configuration, chats, voice transcripts, messages, AI responses, tool calls and usage metrics.

Knowledge bases may include uploaded documents, crawled pages, text chunks, vector embeddings, collection revisions and search results. Calendar integrations may include OAuth tokens, calendar lists, events, availability and booking data.

Billing data includes Stripe customer IDs, subscriptions, invoices, taxes, payment status and billing metadata. Full card details are handled by Stripe.

3. Purposes and legal bases

We process data to provide the service, manage accounts, perform contracts, bill customers, provide support, secure the platform, prevent abuse, keep audit logs, comply with law and manage cookie/marketing consent.

Legal bases may include contract, legitimate interests, legal obligation and consent for optional analytics or marketing cookies.

4. AI providers and voice processing

AIVoice may send prompts, context, transcripts, documents, images, tool metadata or calendar data to configured AI providers such as Gemini, OpenAI, Anthropic or providers added in platform settings.

Voice data may be processed for transcription, spoken output, voice activity detection and session stability. Customers are responsible for notifying their end users where required.

5. Recipients, subprocessors and transfers

Data may be processed by hosting, database, vector storage, email, observability, support, payment, AI, calendar and security providers. Operational information is available on the subprocessors page.

Where data is transferred outside the EEA, we use available safeguards such as standard contractual clauses, region settings, access control and data minimization.

6. Retention, export and deletion

Conversation retention defaults to 30 days unless tenant settings, plan terms, law or security require a different period. API and security logs use limited operational retention, while billing data is retained as legally required.

Users may use data export, privacy settings and account deletion tools. Account deletion may include a short grace period before final deletion or anonymization.

7. Rights

You may request access, correction, deletion, restriction, portability, objection, withdrawal of consent and lodge a complaint with the Polish data protection authority.

If a request concerns data controlled by an AIVoice customer, we may forward it to that customer or ask you to contact the relevant controller.

8. Security

We use tenant isolation, access control, secret encryption, audit logs, provider-key boundaries, diagnostic redaction, abuse controls and malware scanning for supported uploads.

Security and privacy requests should be sent to rs.starcloudit@gmail.com.