Privacy Policy

Last updated: 27 May 2026 · Version 1.0

In short We collect the minimum needed to run your card and bill you. We don't sell your data. We don't train AI on your content. We use three vendors — Firebase (auth + database), Stripe (payments), Anthropic (AI) — each contractually bound to handle your data only on our instructions.

1. What we collect

Account data — your email address and Firebase user ID. That's it. We do not store passwords (we use magic-link sign-in).
Card content — the name, role, company, bio, phone numbers, social links and image you publish. You choose what to share; we publish exactly what you confirm.
Subscription data — your Stripe customer ID, subscription ID, plan, current period end, and seat count. We do not store your credit card number — Stripe holds it.
Tap analytics (Pro) — when someone taps your NFC card we record the timestamp, the intent chip they picked, and the CTA they clicked. We do not capture their IP, browser fingerprint, or any personal identifier.
Service logs — standard request logs (timestamp, path, status code, anonymised IP truncated to /24) kept for 30 days for security and debugging, then deleted.

2. Why we collect it

To run the service you signed up for (contract).
To bill you and prevent fraud (contract + legitimate interest).
To show you analytics about your own card (contract).
To keep the service secure (legitimate interest).
To respond to you when you write to us (contract + legitimate interest).

We never collect data to sell it. We never sell or rent your data to third parties for marketing.

3. AI processing

When you record voice, upload a photo, or type into the wizard, that input is sent to Anthropic (the maker of Claude) for the limited purpose of producing your bio and intent-aware introductions. Per Anthropic's terms with us, your input is not used to train Anthropic's models and is retained only as long as required to process the request.

4. Who else sees your data

Firebase / Google Cloud — email-link auth, Firestore database, Cloud Storage for legacy card images. Data is stored in us-central1 by default.
Stripe — payment card processing, subscription state, tax handling. Card data never reaches our servers.
Anthropic — Claude API for AI bio and intent generation.
Apple PassKit — only when you choose "Add to Apple Wallet". Apple receives your pass content because that's what the pass is.
Resend — sends the one-off welcome email when you claim your handle. Optional; can be disabled.

We have signed Data Processing Addenda with each of the above. We do not transfer your data to any other third party for any other purpose.

5. International transfers

Voca is operated globally. Your data may be processed in the United States and other jurisdictions where our service providers operate. Where required by law (EU/UK GDPR), transfers rely on Standard Contractual Clauses or equivalent safeguards in our vendors' Data Processing Addenda.

6. Your card is public by design

The whole point of Voca is that you share voca.yolife.us/u/<your-handle> with people you meet. Anything you put on your card is visible to anyone who has that URL. Don't put information on your card that you don't want shared widely. We do not index your handle for search engines unless you explicitly opt in (coming soon).

7. Your rights

You have the right to:

Access the personal data we hold about you.
Correct inaccurate data — edit anytime from your dashboard.
Delete your account and your card. Email [email protected] — we action requests within 30 days.
Export your data in a portable format (JSON).
Object to processing that relies on legitimate interest.
Lodge a complaint with your local data protection authority if you believe we've handled your data improperly.

8. Cookies and similar technologies

We use localStorage on our domain to remember your sign-in state, your preferred language, and a cached Pro flag for instant UI. We do not use third-party tracking cookies. We do not use analytics platforms that follow you across the web.

9. Children

Voca is not intended for users under 13 (or 16 in the EU/EEA). We do not knowingly collect data from children. If you believe a child has signed up, write to us and we'll delete the account.

10. Data retention

Active cards: kept while your account is active.
Subscription records: kept for 7 years after termination to comply with tax and accounting law.
Service logs: 30 days.
Cancelled accounts: hard-deleted within 30 days of your deletion request, subject to legal retention obligations on subscription records.

11. Security

All traffic is encrypted in transit (TLS 1.2+). Firestore data is encrypted at rest. Magic-link emails are single-use and expire. Cloud Run secrets (API keys) live in Google Secret Manager and are scoped to the service account. We're a small team — if you spot a vulnerability, please email [email protected] and we'll respond within 5 working days.

12. Changes

If we change this Policy in a way that materially affects your rights, we'll email active subscribers and post a notice on this page at least 30 days before the change takes effect.

13. Contact

Questions, requests, or complaints: [email protected].