Privacy Policy

Last updated: August 20, 2025
Previous versions of this document are available upon request.

Data Controller Information

V17 Labs
Karur, Tamil Nadu, India
Email: info@vocallab.io
Phone: +91-9385472493
Website: https://vocallab.io

      Our Privacy Promise: Your audio data never leaves your device. VocalLab
      processes all audio locally in your browser - we cannot access, store, or transmit your
      recordings, microphone input, or audio files. records in WAV format and processes all audio locally in your browser.
    

🌍 Global Payment Processing

We use trusted payment processors based on your location and optimal routing:

Global customers: Paddle or Creem as Merchant of Record (handles international compliance)
Regional optimization: Razorpay for enhanced local payment experience (currently available for Indian billing addresses)

Your payment data is processed securely by these trusted partners and is never stored on our servers.

1. Information We Collect

1.1 Audio Data (We DON'T Collect This)

We never collect, store, or transmit:

Your audio recordings or files
Microphone input or voice data
File names or audio metadata
Any audio content whatsoever

Technical Note: While we request microphone permission for recording, all audio processing happens locally in your browser using the Web Audio API. Your recordings are saved to your browser's local storage and can be downloaded as WAV files. No audio data is sent to our servers.

Recording Format: VocalLab records in uncompressed WAV format at 48kHz sample rate. Recordings are stored temporarily in your browser until you download or delete them.

1.2 Account Information

When you create an account, we collect:

Email address (required for account creation)
Display name (optional)
Authentication data (encrypted passwords)
Account creation and last login dates
Subscription status and billing information

1.3 Payment Information

We use location-based payment processing:

Location	Payment Processor	Data Collected	Privacy Policy
India	Razorpay	Transaction ID, payment status, billing address	Razorpay Privacy Policy
Global	Paddle (Merchant of Record)	Customer ID, subscription data, tax information	Paddle Privacy Policy
Global	Creem (Merchant of Record)	Customer ID, subscription data, tax information	Creem Privacy Policy

Regional Pricing: Subscription prices vary by region:

India: ₹199/month or ₹1,999/year
International: $4.99 or $1.99 USD/month (based on country)

Indian prices include taxes. International prices may have taxes added at checkout.

Important: We do not store complete payment card information. This is handled securely by our payment processors.

1.4 Usage Analytics (With Your Consent)

Only with your explicit consent, we collect personal usage data. This data is pseudonymous, meaning it is linked to a user ID but does not directly expose information like your name or email in the analytics logs.

Data Type	Purpose	Examples
Feature Usage	Improve popular features and user experience	Which effects you use, session duration, feature clicks
Performance Metrics	Fix bugs and optimize application performance	Loading times, error rates, browser compatibility
Technical Information	Ensure compatibility across devices	Browser type, operating system, screen resolution
Geographic Data	Understand user distribution	Country and city-level location (no precise location)
Session Recordings	Identify UI/UX issues and fix bugs	Available only with explicit consent for debugging UX issues. These recordings never capture audio, passwords, or sensitive input. Session recording is disabled by default and requires explicit opt-in.

1.5 Essential Data (Always Collected - No Consent Required)

For basic app functionality and security (Legitimate Interest under GDPR), we collect minimal anonymous data:

Critical error reports (crash logs, stack traces)
Basic performance metrics (page load times, API response times)
Authentication status (logged in/out, but not user identity)

This data is collected anonymously without user identification when you have not consented to full analytics.

Legal basis: These are necessary for the legitimate operation and security of our service and do not require your consent.

1.6 Analytics Collection Modes

VocalLab operates PostHog analytics in two modes:

Landing Page (Public Website):

Anonymous visitor tracking with heatmaps and pageviews
No user identification
Standard marketing analytics (similar to Google Analytics)
No consent required (Legitimate Interest for marketing)

Application (/app route):

Light Mode (Default): Only anonymous error monitoring and system health
Full Mode (With Consent): Feature usage, session recordings, user identification
You control which mode through the consent modal when starting the audio system
Your choice persists across sessions and can be changed in Settings

2. Legal Basis for Processing (GDPR)

We process your personal data based on:

Contract Performance: Account management and service delivery
Legitimate Interest: Service improvement, security, and technical support
Consent: Optional analytics and marketing communications
Legal Obligation: Compliance with applicable laws and regulations

3. How We Use Your Information

Service Delivery: Provide VocalLab recording features and maintain your account
Payment Processing: Route payments to appropriate processors based on your location
Customer Support: Respond to questions, troubleshoot issues, and provide assistance
Service Improvement: Analyze usage patterns to enhance recording features and performance (with your consent)
Security: Protect against unauthorized access, fraud, and abuse
Communication: Send important service updates and notifications
Legal Compliance: Meet legal obligations and enforce our terms

Note: We only analyze how you use VocalLab's interface and features - never your actual audio recordings or voice data.

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:

4.1 Service Providers

Supabase: Authentication, database hosting, and backend services
Razorpay (India only): Payment processing and subscription management for Indian customers
Paddle (Global): Merchant of Record services for international customers
Creem (Global): Merchant of Record services for international customers
PostHog: Analytics platform (only with your consent) and Error Monitoring.

4.2 Payment Processor Data Sharing

Data Controller Roles: V17 Labs acts as the Data Controller for your account and usage data. For the purposes of processing payments and handling tax compliance, our payment processors act as independent Data Controllers for the data they collect.

For global customers (Paddle):

Customer information for Merchant of Record compliance
Subscription data and billing cycles
Tax and regulatory information as required by law

For global customers (Creem):

Customer information for Merchant of Record compliance
Subscription data and billing cycles
Tax and regulatory information as required by law

For regional customers (Razorpay):

Name, email, and billing address for payment processing
Transaction amounts and subscription details
Customer ID for linking payments to your account

4.3 Legal Requirements

When required by law or court order
To protect our rights, property, or safety
To investigate fraud or security issues
In connection with legal proceedings

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business assets.

5. Payment Processing Details

5.1 Payment Processing

We automatically route payments through trusted processors based on your billing address:

Global processing: Handled through Paddle or Creem with comprehensive tax compliance
Regional optimization: Enhanced local payment experience through Razorpay

5.2 Payment Data Protection

All payment data is encrypted and processed by PCI DSS compliant processors
We never store complete credit card information
Transaction data is shared only with the relevant payment processor
All processors maintain separate privacy policies and security standards

5.3 Subscription Management

Global subscriptions: Managed through Paddle's or Creem's Merchant of Record platform
Regional subscriptions: Managed through Razorpay's system
Subscription status is synchronized with our database for service access

6. Data Storage and Security

Primary Database: Supabase with PostgreSQL backend
Location: Data stored securely in the United States and Europe
Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Regular Audits: Security assessments and penetration testing
Backup Systems: Automated encrypted backups with point-in-time recovery
Incident Response: Comprehensive data breach response plan

7. Data Retention

Account Data: Retained while your account is active plus 90 days after deletion
Payment Records: Retained per payment processor requirements and tax laws
Usage Analytics: Anonymized data retained for up to 2 years for analysis
Support Communications: Retained for 1 year for quality assurance
Security Logs: Retained for 6 months for security monitoring
Subscription Data: Retained as required by tax authorities (typically 7 years)

8. Your Privacy Rights

You have the following rights regarding your personal data:

8.1 Access and Portability

Data Access: Download a copy of your personal data
Data Portability: Export your data in a machine-readable format
Account Dashboard: View and manage your data through your account settings
Payment History: Access transaction history through our customer portal

8.2 Correction and Deletion

Data Correction: Update inaccurate information in your account
Account Deletion: Request complete deletion of your account and data
Right to be Forgotten: Request removal of specific personal data
Payment Data: Contact payment processors directly for payment-specific data deletion

8.3 Consent Management

Withdraw Consent: Opt-out of analytics collection at any time
Marketing Communications: Unsubscribe from non-essential emails
Cookie Preferences: Manage cookie and tracking preferences
Payment Preferences: Request changes to payment processing method

9. International Data Transfers and Compliance

9.1 Cross-Border Data Processing

VocalLab operates globally with data processing in multiple jurisdictions:

Primary Operations: Global (V17 Labs)
Database Hosting: Supabase (US regions)
Payment Processing: Global (Paddle/Creem) and Regional (Razorpay)

9.2 Data Protection Safeguards

Standard Contractual Clauses (SCCs) with all international processors
GDPR-compliant data processing agreements
Regular assessment of third-country data protection adequacy
Additional safeguards for sensitive data transfers

10. Third-Party Services and Privacy Policies

VocalLab integrates with these trusted third-party services:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Database & Authentication	Account data, preferences	Supabase Privacy
Razorpay (India)	Payment Processing	Billing info, transaction data	Razorpay Privacy
Paddle (Global)	Merchant of Record	Customer data, subscription info	Paddle Privacy
Creem (Global)	Merchant of Record	Customer data, subscription info	Creem Privacy
PostHog	Analytics (with consent for detailed tracking; basic anonymous error monitoring without consent) and Error Monitoring	Usage patterns, performance	PostHog Privacy

11. Children's Privacy

VocalLab is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it immediately and notify the child's parent or guardian if possible.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
Non-Discrimination: We won't discriminate against you for exercising these rights

13. Contact Information and Data Requests

13.1 General Privacy Inquiries

VocalLab Privacy Team
Email: info@vocallab.io
Phone: +91-9385472493
Address: Karur, Tamil Nadu, India
Response Time: We respond to all privacy requests within 7 days

13.2 Payment-Related Privacy Requests

For global customers (Paddle):

Contact us first at info@vocallab.io
For Merchant of Record requests: Paddle Support

For global customers (Creem):

Contact us first at info@vocallab.io
For Merchant of Record requests: support@creem.io

For regional customers (Razorpay):

Contact us first at info@vocallab.io
For payment-specific requests: grievances@razorpay.com

14. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will:

Notify you of material changes via email or through the service
Provide at least 30 days notice before significant changes take effect
Maintain previous versions for your reference
Never reduce your privacy rights without your explicit consent
Update payment processor information as needed

Data Protection Officer: For EU residents, you may also contact your local supervisory authority if you have concerns about how we handle your data.