← Voix

Privacy Policy

Effective 2026-05-21

Voix ("the Service") is operated by John Afinni trading as Future_AI_Lab, Barcelona, Spain. This policy explains what data Voix collects, why, how it is protected, and the rights you have over it.

We have written this in plain language. If something is unclear, email privacy@voixapp.org and we will explain.

1. What we collect

  • Account data: your name and email address, supplied by Clerk when you sign up.
  • Gmail data: when you connect your Gmail account, we request the gmail.readonly scope. We read recent emails on demand to produce your briefing. We do not store the full content of your emails in our database. We store a short ranked summary (subject lines, sender, our score) for each briefing you generate so we can show you history.
  • OAuth refresh token: we store one Google OAuth refresh token per user so Voix can re-authenticate to Gmail without asking you to sign in again. The token is held in our Supabase database, encrypted at rest, and never exposed to your browser.
  • Usage metrics: we record when you generate a briefing, how many emails were read, which model was used, which voice was used. We use this to monitor cost and reliability.
  • Rate-limit records: a row per briefing call, keyed by your Clerk user id, used only to enforce the per-hour briefing cap.

2. What we do not collect

  • We do not download or store attachments.
  • We do not store the full email body in our database.
  • We do not share your data with advertisers, data brokers, or third-party marketing services.
  • We do not use your email content to train AI models. Email text sent to Anthropic for ranking is processed under the zero-data-retention terms of the Anthropic API. Anthropic does not train on your data.
  • We do not access another user's data on your behalf.

3. Why we need each Gmail scope

  • gmail.readonly — restricted scope. Voix reads up to the last 10 messages in your Primary inbox each time you press Brief me. We need read access to extract the subject line, sender, and a short body excerpt for ranking. Without this scope Voix cannot tell you what is in your inbox.
  • gmail.send — restricted scope (planned for Phase 1). When Voix drafts replies for you, this scope lets you approve a draft and have Voix send the reply on your behalf, from your own Gmail account, without copy-pasting into Gmail. Each send is triggered by an explicit user action (button click or voice command); Voix never sends emails autonomously.

We minimise scope: we do not request gmail.modify, gmail.labels, or full mail.google.com, even though those would unlock additional features, because gmail.readonly plus gmail.sendis enough to deliver Voix's value.

4. Where your data lives

  • Supabase (Frankfurt, EU region) stores your account row, OAuth refresh token, briefing summaries, rate-limit records.
  • Vercelhosts the Voix application. Server logs are retained per Vercel's default policy.
  • Clerk manages your sign-in identity (name + email) under their own privacy terms.
  • Anthropic processes the ranking and reply-drafting prompts. The Anthropic API enterprise terms prohibit training on our customer data.
  • Google Cloud Text-to-Speechsynthesises the spoken briefing from the transcript. Google's standard API terms apply and Google does not train on our requests.

5. Encryption

  • All traffic to Voix uses TLS 1.2 or higher.
  • All database storage uses AES-256 encryption at rest, managed by Supabase.
  • OAuth refresh tokens are stored in a dedicated table accessible only by the Voix server using a service-role key. The service-role key never reaches the browser.

6. How long we keep your data

  • While your account is active: we keep account data, OAuth tokens, and briefing summaries for as long as you choose to use Voix.
  • If you delete your account: all rows associated with your Clerk user id are removed from our database within 30 days. Backups age out within a further 60 days. After 90 days no copy remains.
  • Audit logs of access: kept for 90 days. Retained in the rare case of a security incident investigation.

7. Your rights (GDPR + CCPA)

If you are in the EU, the UK, or California, you have the following rights and we will honour them regardless of where you live:

  • Access: request a copy of your data.
  • Correction: request we fix inaccurate data.
  • Deletion: request we erase your data.
  • Portability: request your data in a machine-readable format.
  • Objection: object to specific processing.
  • Withdraw consent: revoke Gmail access at any time via your Google account settings. Voix will lose access immediately and your row in the gmail_tokens table will be invalidated on the next briefing attempt.

To exercise any of these rights, email privacy@voixapp.org. We will respond within 30 days.

8. Security incidents

If we detect a personal-data breach affecting your account, we will notify you and any required regulator within 72 hours of discovery, as required by GDPR Article 33.

9. Children

Voix is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact privacy@voixapp.org and we will delete it.

10. Changes to this policy

We will update this page when our practices change. The effective date at the top of this page reflects the most recent revision. For material changes we will notify active users by email at least 30 days before the change takes effect.

11. Contact

Operator: John Afinni, trading as Future_AI_Lab, Barcelona, Spain.
Privacy questions, data-access requests, and deletion requests: privacy@voixapp.org.
EU Data Protection Authority for complaints: Agencia Española de Protección de Datos (aepd.es).