Privacy policy.

Vocatech is a business phone service. To make the service work we collect: the phone numbers you dial and that dial you, the content of your calls and text messages (so we can record and transcribe them), and the usual account information (your name, email, billing address).

We do not sell any of this to anyone. We do not share it with advertisers. We use it to run your phone system, to show you Reports, to power your Callpop and Textdock, and to comply with law and carrier rules.

Your content belongs to you. If you leave, we export what we have and delete our copies on request.

If your business is a HIPAA-covered entity (medical practice, therapy group, home care agency), see our HIPAA BAA page for additional safeguards.

Account and billing information: name, company, email, phone number, billing address, payment method.

Call metadata: phone numbers, timestamps, routing segments, duration, device, extension, disposition.

Call content: recordings of calls where recording is enabled, machine-generated transcripts and AI summaries of those recordings.

Message content: SMS, MMS, and WhatsApp messages sent or received on Vocatech numbers, including attachments.

Contacts: customer records you upload or push through the API.

Portal and website usage: login events, admin actions, browser and device information, IP address, referrer, pages viewed.

To operate the service: route calls, deliver messages, store recordings, generate transcripts and summaries, surface Callpop context, populate Reports.

To support you: identify your account, answer support tickets, troubleshoot problems, and improve the product based on real usage.

To bill you: generate invoices, process payments, manage plan changes.

To stay compliant: with United States carrier rules (10DLC, CNAM, 911), with tax authorities, with law enforcement when presented with a lawful request.

We do not use your content to train general-purpose AI models that are shared with other customers. AI inference is performed per-call, with outputs returned only to your account.

We share your data only with subprocessors that are contractually required to use it solely to deliver the Service to you. The most important is Google Cloud Platform (hosting and Vertex AI for AI call summaries, covered under our Google Cloud HIPAA BAA). The voice platform itself runs on Cisco BroadWorks.

Additional operational vendors handle transactional email, fax, payment processing, and similar back-office work. They are listed in the executed Business Associate Agreement for HIPAA-covered customers and available on request under NDA. Call transcription runs on Vocatech-controlled Google Cloud infrastructure and is not sent to any third-party AI provider.

We do not sell, rent, or share your data with advertisers. We do not build profiles of your end customers for marketing. We do not engage in cross-context behavioral advertising.

If another company acquires Vocatech, your data moves with the service, under the same terms you agreed to here.

Vocatech keeps call recordings, voicemails, transcripts, AI summaries, message content, and call metadata for at least one year, and longer where customer configuration or law requires. Where we have a specific legal floor we have to honor:

• Audit logs of PHI access are retained for six (6) years (HIPAA minimum, 45 CFR §164.316(b)(2)(i)).

• Account and billing records are retained as required for tax and legal purposes (typically seven years after account close).

On request we will delete content we are not required by law to keep.

Access: export your call history, recordings, transcripts, and contacts from the Portal or through our API.

Correction: account information is editable from the Portal.

Deletion: call support to close the account and request deletion of retained content we are not required to keep.

Portability: the API lets you pull your data in standard formats.

To exercise any right, email office@vocatech.com with the request and the email address on your account. We respond as soon as practical, in accordance with applicable law.

California residents: We do not sell or share personal information for cross-context behavioral advertising. There is nothing for us to opt you out of, but if you want this confirmed in writing, email office@vocatech.com.

Other states: Residents of Virginia, Colorado, Connecticut, Utah, and Texas have similar rights. Same email applies.

Encryption. Traffic is encrypted in transit (TLS 1.2 or higher; TLS 1.0 and 1.1 refused). Recordings, transcripts, and message content are encrypted at rest (AES-256, Google-managed keys via Cloud KMS).

Access controls. Production access is limited to engineers and support staff who need it to operate the service. Single sign-on with two-factor authentication is required. All access is logged.

Audit logging. All access to customer data is logged. Audit logs are written to immutable, write-once archive storage with 6-year retention.

Network security. All inbound admin/SSH/RDP access requires Identity-Aware Proxy. Production services run with minimum-necessary permissions; service-account keys are disabled. Default-deny firewalls.

Hosting. We run on Google Cloud Platform in the United States. We do not transfer customer data outside the United States except where a customer specifically requests it.

Reporting a security issue. If you discover a vulnerability in a Vocatech product, service, or website, email office@vocatech.com or see /.well-known/security.txt. We do not pursue legal action against researchers acting in good faith and within scope of normal coordinated disclosure practice.

We use first-party cookies to keep you logged in to the Portal and to remember your preferences.

We use a small amount of analytics (page views, error tracking) to understand what is working on the marketing site.

We do not use cross-site tracking, retargeting pixels, or advertising networks.

You can disable cookies in your browser. The marketing site will still work; the Portal requires cookies to keep you logged in. If your browser sends a Global Privacy Control (GPC) signal, we treat it as an opt-out request to the extent applicable law requires.

You have a right and we have a duty under federal law to protect the confidentiality of your CPNI. This notice is provided in accordance with the FCC's CPNI rules at 47 CFR §64.2008.

What CPNI is. Information about your phone service: who you call and who calls you, when calls happen, how long they last, the features you subscribe to, your service plan, and related billing details. CPNI does not include the content of your calls or messages — that is treated as Customer Content under the rest of this policy.

How we use it. We use CPNI to deliver the Service, bill you, provide support, detect and prevent fraud, comply with law, and (where federal law permits) market additional services in the same category as those you already subscribe to. We do not sell CPNI. We do not use CPNI to market services outside the category of services you already have without your express consent.

Your right to restrict. You may opt out of internal use of your CPNI for marketing additional Vocatech services. To opt out, email office@vocatech.com with the subject "CPNI opt-out". Your opt-out is honored immediately and permanently until you tell us otherwise. Opting out does not affect our ability to deliver the Service to you.

Authentication by phone. When you call support, we verify your identity before discussing CPNI (password, PIN sent to registered email/phone, or callback to a number on file). We will not disclose CPNI to anyone who cannot authenticate, except as required by law.

FCC complaints. You may file a complaint with the FCC at fcc.gov/consumer-complaints or 1-888-225-5322.

Vocatech responds to subpoenas, court orders, search warrants, and similar legal process from U.S. authorities, in accordance with applicable law. Send legal process to office@vocatech.com (PDF attached) or by mail to Vocatech, Inc., 5314 18th Avenue, Brooklyn, NY 11204.

What we require. Valid legal process from a court of competent jurisdiction. The type of process determines what we can produce: a subpoena gets basic subscriber info; a §2703(d) order gets non-content records; a search warrant supported by probable cause is required for stored content (recordings, message content, voicemail); a Title III wiretap order is required for live intercept.

Customer notification. Our policy is to notify affected customers of legal process seeking their information so they have an opportunity to challenge it, except where a non-disclosure order, gag order, or other applicable law prohibits notification, or where notification would create risk of harm.

Emergency disclosure. In emergencies involving imminent risk of death or serious bodily injury, we may voluntarily disclose limited information to law enforcement consistent with 18 U.S.C. §2702. To request emergency disclosure, email office@vocatech.com with "EMERGENCY" in the subject or call 718.395.1550.

Preservation letters. We accept §2703(f) preservation letters to preserve records for up to 90 days, renewable.

CALEA. Vocatech complies with the Communications Assistance for Law Enforcement Act and applicable lawful intercept obligations.

Foreign requests. Vocatech is a U.S. company storing data in the U.S. We require U.S. legal process. Foreign authorities should proceed through Mutual Legal Assistance Treaty (MLAT) channels.

Whether a call can be recorded, and what consent is required, varies by state and country. Configuring recording in compliance with applicable law is your responsibility.

Most states (and federal law) require one-party consent. Eleven states require all-party consent: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, Washington.

We provide tools to support compliance: per-extension recording toggles, an announcement option ("This call may be recorded"), and recording is opt-in (we do not record by default).

For the full Voice and Recording Policy, see /policies/voice-policy.

If you are a HIPAA-covered entity or a business associate of one, and you intend to use Vocatech to send, receive, store, or process Protected Health Information (PHI), you must execute a Business Associate Agreement with Vocatech before doing so.

See /policies/hipaa-baa for the BAA explainer, the list of HIPAA-Eligible Services, and how to execute.

Vocatech is a business service. We do not knowingly collect personal information from anyone under 13.

Updates to this policy are reflected on this page. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service constitutes acceptance of the current policy.

Email: office@vocatech.com

Phone: 718.395.1550

Mail: Vocatech Inc., 5314 18th Avenue, Brooklyn, NY 11204, USA