GDPR Compliance

Last Updated: April 28, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and to organizations outside the EU that offer goods or services to individuals in the EU or monitor the behavior of EU residents.

The GDPR strengthens the rights of individuals regarding their personal data and aims to unify data protection regulations across the EU.

2. Our Data Protection Principles

VoiceGuardAI adheres to the following data protection principles:

• Lawfulness, fairness, and transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose limitation: We collect personal data only for specified, explicit, and legitimate purposes.
• Data minimization: We limit personal data collection to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
• Storage limitation: We keep personal data for no longer than necessary for the purposes for which it is processed.
• Integrity and confidentiality: We process personal data in a manner that ensures appropriate security.
• Accountability: We are responsible for and can demonstrate compliance with the GDPR.

3. Legal Basis for Processing

Under the GDPR, we must have a valid legal basis for processing personal data. We rely on the following legal bases:

3.1 Consent

Where required by law, we obtain your explicit consent to process your personal data. You have the right to withdraw this consent at any time.

3.2 Contractual Necessity

We process personal data when necessary to fulfill our contractual obligations to you, such as providing our voice scam detection service.

3.3 Legitimate Interests

We may process personal data based on our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include:

• Improving and developing our services
• Protecting our services against fraudulent activity
• Marketing our services to existing users

3.4 Legal Obligation

We may process personal data to comply with a legal obligation to which we are subject.

4. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

4.1 Right to Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

4.2 Right to Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.

4.3 Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

4.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

4.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

4.6 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, such as when the processing is based on legitimate interests or for direct marketing purposes.

4.7 Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

4.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided in the Contact Information section. We will respond to your request within one month, although we may extend this period by up to two additional months if necessary, due to the complexity or number of requests.

5. How We Process Your Data

5.1 Privacy by Design

VoiceGuardAI implements privacy by design through the following measures:

• User-initiated scanning: Voice analysis only occurs when you explicitly tap the "Scan Caller" button
• On-device processing: Voice analysis occurs locally on your device
• No call recording: We never record or store call audio
• Brief sampling: Only 2-3 seconds of speakerphone audio is analyzed
• Data minimization: We collect only what's necessary to provide the service
• Privacy controls: Easy-to-use settings to manage your data

5.2 Data We Collect

The personal data we collect may include:

• Account information (email address, name)
• Device information (device type, operating system)
• Usage data (features used, app interactions)
• Detection results (scam probability scores, without any call audio)

5.3 Purposes of Processing

We process your personal data for the following purposes:

• Providing and improving our user-initiated voice scan service
• Authenticating users and managing accounts
• Analyzing app performance and user experience
• Communicating with users about service updates
• Complying with legal obligations

6. International Data Transfers

VoiceGuardAI may transfer personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Adequacy decisions by the European Commission

You can request more information about these safeguards by contacting us using the information provided in the Contact Information section.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• The applicable legal requirements

In some circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

8. Data Security Measures

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of personal data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Regular backups and disaster recovery procedures
• Staff training on data protection and security

We regularly review and update these measures to ensure they remain appropriate to the risks associated with the processing of your personal data.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance statement and our privacy practices. If you have any questions about this statement or how we handle your personal data, please contact our DPO using the information provided in the Contact Information section.

10. Contact Information

If you have any questions, concerns, or requests regarding your personal data or this GDPR Compliance statement, please contact us at:

VoiceGuardAI
Attn: Data Protection Officer
Email: dpo@voiceguard.ai
PO Box 5109 Lacey, WA 98509

You also have the right to lodge a complaint with a supervisory authority. The supervisory authority in your EU member state is responsible for ensuring that organizations comply with the GDPR.