Privacy Policy

1. Introduction

Welcome to VoxSoma ("Company," "we," "us," or "our"). We are committed to protecting your privacy and ensuring you have a positive experience on our website and with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI-powered personalized sleep audio service.

VoxSoma is operated by a sole proprietor based in Lithuania, European Union. We comply with the General Data Protection Regulation (GDPR) and all applicable EU data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

• Email Address: Collected for newsletter subscriptions, service updates, and order communication
• Payment Information: Processed through Stripe; we do not store complete payment card details
• Personal Goals/Intentions: The text you provide describing what you'd like your affirmations to focus on
• Voice Recordings (Special Category Data): If you choose the own-voice option, you send us an audio recording of yourself reading your 7 affirmations. Voice recordings may constitute biometric data under GDPR Article 9. We process this data only with your explicit consent (GDPR Article 9(2)(a)), obtained before you submit your recording. See Section 2.3 for details.

2.2 Voice Recording — Special Category Data (GDPR Article 9)

Your voice recording is treated as potentially biometric/special category data. The following protections apply:

• Legal Basis: Explicit consent (GDPR Article 9(2)(a)), obtained before you submit your recording
• Purpose Limitation: Your voice recording is used solely to produce your personalized audio session. It is not used for identification, profiling, marketing, training AI models, or any other purpose.
• Storage: Voice recordings are encrypted at rest and stored on secure EU-based servers
• Retention: Your recording is retained only as long as needed to produce your audio session. After production, raw recordings are deleted within 30 days unless you request a new cycle
• Your Rights: You may withdraw consent and request deletion of your voice recording at any time by emailing hello@voxsoma.com
• Alternative: You may choose a synthetic voice option and avoid submitting any voice recording

2.3 Information Collected Automatically

• Analytics: Cloudflare analytics collect IP addresses, browser type, pages visited, and time spent on site
• Cookies: We use Cloudflare's analytics cookies to understand usage patterns
• Usage Data: Information about which sleep audio cycles you access and your interaction patterns

3. GDPR Compliance

As a business operating in the European Union, VoxSoma complies with the General Data Protection Regulation (GDPR) and all applicable EU data protection laws. Our legal bases for processing your data include:

• Explicit Consent (Article 9(2)(a)): For processing voice recordings (special category/biometric data) and newsletter subscriptions
• Contract Performance (Article 6(1)(b)): To provide our audio service and deliver your order
• Legal Obligation (Article 6(1)(c)): To comply with applicable EU laws including tax and consumer protection
• Legitimate Interest (Article 6(1)(f)): To improve our service and prevent fraud, balanced against your rights

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our personalized sleep audio service
• Process payments through Stripe for your subscription (€39/cycle)
• Send newsletters and service updates (with your consent)
• Analyze usage patterns to enhance our offering
• Communicate with you regarding your account or service
• Comply with legal obligations
• Prevent fraud and ensure security

5. Data Sharing and Third Parties

We only share your data with trusted third-party service providers who assist us in operating our website and providing our services:

5.1 Stripe (Payment Processing)

• Processes all subscription payments for VoxSoma
• Stripe's privacy policy: https://stripe.com/privacy
• Payment data is transmitted securely and is not stored on our servers

5.2 Cloudflare (Hosting and Analytics)

• Hosts our website and provides analytics services
• Cloudflare's privacy policy: https://www.cloudflare.com/privacy/
• Collects analytics data for site performance and security

6. Cookies

We use cookies for analytics purposes only through Cloudflare. These cookies help us understand how visitors use our site and improve our service. You can control cookie preferences in your browser settings. Disabling cookies may affect the functionality of our website.

• Cloudflare Cookies: Analytics and performance monitoring
• Session Cookies: To maintain your login session

7. Data Retention

We retain your personal data only as long as necessary to provide our service and comply with legal obligations:

• Email Addresses: Retained until you unsubscribe from our newsletter
• Voice Recordings: Deleted within 30 days after your personalized audio session is produced. If you order a new cycle, the previous recording is deleted when the new one is submitted
• Affirmation Text: Retained while you are an active customer; deleted upon request
• Payment Data: Retained by Stripe according to their retention policies
• Analytics Data: Retained by Cloudflare according to their policies (typically 30-90 days)

8. Your GDPR Rights

As an EU resident, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Delete your personal data ("Right to be Forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Opt-out of certain data processing
• Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise any of these rights, please contact us using the information below.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is completely secure. We cannot guarantee absolute security of your information.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your GDPR rights, or have concerns about our data practices, please contact us:

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by updating the "Last Updated" date at the top of this policy. Your continued use of VoxSoma following such modifications constitutes your acceptance of the updated Privacy Policy.

12. Governing Law

This Privacy Policy is governed by the laws of Lithuania and the European Union, including the GDPR. Any disputes arising from or relating to this policy shall be subject to the jurisdiction of Lithuanian courts.