Last Updated: April 2026
Voz AI collects data exclusively for the purpose of operating, improving, and securing the Voz AI platform. This includes interaction transcripts, caller IDs, audio recordings (where legally permitted and configured), and user analytics. When integrating with Point of Sale (POS) and CRM systems (e.g., Clover, Square, OpenTable, SevenRooms), we collect and store OAuth 2.0 access tokens and location identifiers. These credentials are encrypted at rest and used explicitly to retrieve menu inventory, sync orders, and manage restaurant operations on your behalf.
By connecting Voz AI to your POS system (e.g., Clover, Square), you authorize us to read inventory data (items, modifiers, tax rates), read merchant settings, and write order data to your POS platform. We access this data via secure, authenticated REST APIs. Voz AI does not store sensitive cardholder data (PCI-DSS restricted information). Payment processing is explicitly handled by your existing merchant processors via tokenized references where applicable.
For European customers, core application data is stored in the EU Data Region (Frankfurt). Voz AI acts as a Data Processor under GDPR guidelines. You, the client, act as the Data Controller in respect to your guests' personal data. We provide tools for you to honor Data Subject Requests, including the right to erasure (“Right to be Forgotten”).
To deliver our services, Voz AI employs trusted third-party sub-processors. These include Cloudflare (Edge Computing & Security), Supabase (Database Hosting), Retell AI / ElevenLabs (Conversational AI), Twilio (Telephony), and Stripe (Internal Payment Processing). All sub-processors are bound by strict Data Processing Agreements (DPAs).
Guest profiles and historical booking records are retained for the active duration of your subscription. OAuth tokens and integration data are immediately revoked and deleted upon manual disconnection inside the Voz AI dashboard or account termination. Upon account termination, all associated data is permanently deleted within 30 days unless legal compliance requires otherwise.
Under the California Consumer Privacy Act (CCPA) and CalOPPA, California residents have the right to request access to, deletion of, and information about the personal data we collect. We do not sell personal information to third parties. We comply with "Do Not Track" signals and do not track, plant cookies, or use advertising when a DNT browser mechanism is in place.
Voz AI's services are intended strictly for B2B hospitality merchants and general audiences. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 13, and no part of our service is directed to children under 13.
For any privacy-related inquiries, data access requests, or to obtain our full Data Processing Agreement, please contact our Data Protection Officer at support@lavozai.com.