GDPR Compliance

Last updated: April 2026

1. Our Commitment

Voxalytics is committed to complying with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently in accordance with the regulation.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to provide our services to you under our Terms of Service.
  • Legitimate interest: Processing necessary for our legitimate business interests, such as improving our platform and preventing fraud.
  • Consent: Where you have given explicit consent for specific processing activities, such as marketing communications.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations.

3. Your Rights

Under the GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data in certain circumstances.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at privacy@voxalytics.com. We will respond within 30 days.

4. Data Controller

Voxalytics acts as a data controller for account and usage data. When you upload research data (e.g. interview recordings and transcripts), we act as a data processor on your behalf. You remain the data controller for your research data.

5. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. All our cloud infrastructure providers maintain adequate data protection certifications.

6. Data Protection Officer

For any questions or concerns about how we handle your data, or to exercise your rights under the GDPR, contact our Data Protection Officer at dpo@voxalytics.com.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes the GDPR. You may do so in the EU member state of your habitual residence, place of work, or place of the alleged infringement.