Privacy Policy

Votra AI Inc. ("Votra AI," "we," "us," or "our") is committed to protecting the privacy and security of our business customers and the end users who interact with our platform. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our website (https://votra.ai), our AI-powered voice and messaging services, our payment features, and any related products or services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Business Customer Information

• Account & Billing: business name, contact name, email, phone number, business hours, service catalog, and billing information necessary to provide the Services.
• Configuration Data: your cancellation policies, no-show fee amounts, deposit requirements, service pricing, and staff calendars, provided so the AI can act on your behalf.
• Payout Information: when you enable payment features, your business banking and identity verification details are collected and maintained by our payment processor (see Section 4). Votra AI does not store full banking credentials on our systems.

1.2 End-User Information

• Contact & Appointment Details: name (if provided), phone number, and the date, time, service, and provider associated with each appointment.
• Communication Data: call audio recordings, transcripts, and SMS/text message content exchanged through the platform. This data is used to deliver the Services, improve quality, and maintain evidence of consent.
• Payment Information: where a business customer has enabled card-on-file, deposits, or pay-by-text, your payment card is collected directly by our payment processor through a secure, hosted form. Votra AI does not receive or store your full card number, expiration date, or security code. We retain only a non-sensitive reference token, the card brand, and the last four digits to support authorized charges and receipts.

1.3 Information Collected Automatically

• Usage Data: IP address, browser type, pages visited, and referring URL when you interact with our website.
• Device Information: device type, operating system, and identifiers collected through standard web analytics.

2. How We Use Information

• To provide, maintain, and improve the AI voice and messaging Services, including appointment booking, rescheduling, and cancellation.
• To send transactional SMS messages on behalf of our business customers, including confirmations, reminders, card-save links, payment links, and receipts.
• To process authorized transactions — including deposits, no-show fees, and post-service payments — under the cancellation and payment policies set by each business customer.
• To maintain call recordings and transcripts for quality assurance, dispute resolution, and compliance obligations.
• To communicate with business customers about their account, billing, and service updates.
• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To comply with legal obligations and enforce our Terms of Service.

3. SMS/Text Messaging

This section applies specifically to end users who receive SMS/text messages through our platform.

3.1 Consent

SMS messages are sent only to end users who have provided consent — typically verbally during a call with our AI agent, or by initiating contact with a business via its published phone number. Consent is recorded and retained for verification purposes.

3.2 Message Types & Frequency

Messages are transactional and tied to appointment activity. Depending on the business customer's configuration, you may receive:

• Appointment confirmations and reminders
• Rescheduling or cancellation updates
• A secure link to save a payment card, where required by the business's policy
• Payment links and receipts at the conclusion of your appointment
• No-show or cancellation fee notifications, where applicable

Message frequency varies. Message and data rates may apply depending on your mobile plan.

3.3 No Sharing of Mobile Information

We do not sell, rent, share, or disclose your mobile phone number or SMS opt-in data to third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with the service providers necessary to deliver messages and payments, and only to the extent required for that purpose.

3.4 Opting Out

You may opt out at any time by replying STOP to any message. You will receive a single confirmation of your opt-out and no further messages from that business unless you opt back in by replying START. Reply HELP for support, or contact support@votra.ai.

4. Service Providers & Sharing

We do not sell your personal information. We share information only in the following circumstances:

• With the Business You Book With: appointment details, contact information, and related communications are shared with the business customer on whose behalf the appointment was made, as this is necessary to deliver the Service.
• Service Providers: we rely on a limited set of vetted service providers to operate the Services, including our telephony and messaging provider (Twilio), our speech-processing provider (Deepgram), our conversational AI provider (OpenAI), our payment processor (Square), and our cloud infrastructure provider (Amazon Web Services). These providers are bound by contractual obligations to protect information and to process it only on our instructions.
• Legal Requirements: we may disclose information when required by law, valid legal process, or to protect the rights, property, or safety of Votra AI, our customers, or others.
• Business Transfers: information may be transferred in connection with a merger, acquisition, or sale of assets, subject to continued protection under this Privacy Policy.

5. Payments & Card Data

Votra AI integrates with a PCI DSS Level 1 certified payment processor to handle all card transactions. Payment card details are entered directly into the processor's secure hosted form and are never transmitted through or stored on Votra AI's systems in their full form. We retain only a non-sensitive reference, the card brand, and the last four digits — sufficient to present receipts, process charges authorized under a business's cancellation or payment policy, and manage refunds.

End users authorize charges to a saved card at the time the card is saved, in accordance with the business's published cancellation and payment policy. You may request removal of a saved card at any time by contacting the business or emailing privacy@votra.ai.

6. Data Security

We maintain administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and at rest, role-based access controls, credential management, signed webhook verification for payment events, and logical isolation of each business customer's data. We regularly review our security program and are committed to continually hardening our controls. No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to provide the Services, meet our legal and contractual obligations, resolve disputes, and enforce our agreements. Retention schedules vary by data type:

• Call recordings and transcripts: retained for a minimum of five (5) years to support TCPA consent requirements and dispute resolution.
• Appointment and transaction records: retained for the duration of the business relationship and for the period required by applicable tax, accounting, and consumer-protection laws.
• Payment references: retained while a card is on file and thereafter only as required to service refunds, chargebacks, and recordkeeping obligations.

You may request deletion of your personal information by contacting privacy@votra.ai. We will respond within thirty (30) days, subject to legal exceptions that require continued retention.

8. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: request correction of inaccurate or incomplete information.
• Deletion: request deletion of your personal information, subject to legal exceptions.
• Portability: request a machine-readable copy of information you have provided to us.
• Opt-Out of Messaging: reply STOP to any SMS, or use the unsubscribe link in any marketing email.
• Non-Discrimination: we will not discriminate against you for exercising any of these rights.

To exercise any of these rights, contact privacy@votra.ai. We will verify your request and respond within thirty (30) days.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will take appropriate steps to remove it.

10. International Users

Votra AI operates from the United States. Information we collect is processed and stored in the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored in, and processed in a jurisdiction with different data protection laws than your own.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last Updated" date above and, where appropriate, through additional notice. Your continued use of the Services after any such change constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us: