Privacy Policy | Fidus Voice

1. Who We Are and How to Contact Us

Fidus Voice, Inc. ("Fidus Voice", "we", "us", or "our") is the data controller for personal data processed in connection with the Service. We are incorporated in Delaware, USA and operate the Service at fidusvoice.com.

Privacy enquiries and data subject requests: privacy@fidusvoice.com

If you are located in the European Union or the United Kingdom and wish to lodge a complaint, you also have the right to contact your local supervisory authority. EU residents may contact their national data protection authority (a full list is available at edpb.europa.eu). UK residents may contact the Information Commissioner's Office (ICO) at ico.org.uk.

2. What Data We Collect

2.1 Account data

Name, email address, hashed password, role, professional title, and organisation — collected when you register.

2.2 Session and speech data

This is the most sensitive data we process.

When you run a coaching session, we capture and transcribe your spoken words using Deepgram's speech-to-text service. Transcripts, session metadata (title, mode, duration, timestamps, scores), and AI-generated coaching cues and reports are stored on your account.

We do not use your speech or transcripts to train any AI model — ours or anyone else's.

2.3 Uploaded documents

Documents you upload (PDF, DOCX, PPTX, TXT) are stored and processed to extract key points that inform your coaching session.

2.4 Payment data

Subscription and billing transactions are handled by Stripe. We store your Stripe customer ID and subscription status only. We do not store, see, or have access to your payment card details.

2.5 Usage analytics

We use PostHog to collect anonymised usage events (e.g. pages visited, features used) to improve the Service. This data does not include the content of your sessions or transcripts.

2.6 Technical data

IP address, browser type, device type, and session tokens — collected automatically when you use the Service.

2.7 Legal consent records

Timestamps recording when you accepted our Terms of Use and Privacy Policy, and when you gave consent for Listener Mode.

3. Why We Process Your Data (Lawful Basis)

Purpose	Data used	Lawful basis (GDPR)
Provide the coaching service	Account, session, speech, documents	Contract
Process payments	Account, payment data	Contract
Send transactional emails (verification, password reset, receipts)	Email, account data	Contract
Improve the Service via analytics	Usage analytics, technical data	Legitimate interest
Record legal consent	Consent timestamps	Legal obligation
Send marketing emails	Email	Consent

4. Third-Party Processors

We share personal data with the following processors, each bound by a Data Processing Agreement with us. We do not sell your personal data to any third party.

Processor	Purpose	Data received	Location
Deepgram	Speech-to-text + TTS audio	Audio stream, coaching text	USA
OpenAI / Anthropic	AI coaching cues and reports	Transcripts, session context	USA
Stripe	Payment processing	Email, billing info	USA
PostHog	Product analytics	Usage events, IP address	USA
Akamai / Linode	Cloud hosting and storage	All stored data	EU (eu-central-1)

5. International Data Transfers

Our primary data storage is in the European Union (Linode eu-central-1). However, when we use Deepgram, OpenAI, Anthropic, Stripe, and PostHog — all of which are US-based companies — personal data (including transcripts) is transferred to the United States.

Where required by the EU General Data Protection Regulation (GDPR) or UK GDPR, these transfers are protected by the European Commission's Standard Contractual Clauses (SCCs) incorporated into our Data Processing Agreements with each provider. You may request a copy of the applicable safeguards by contacting us at privacy@fidusvoice.com.

6. Data Retention

Data type	Retention period
Account and profile data	Until account deletion, then deleted within 30 days
Session transcripts and reports	24 months from session date, or until account deletion
Uploaded documents	Until removed by user or account deletion
TTS audio files	Deleted when the associated session is deleted
Payment and billing records	7 years (legal and accounting requirements)
Analytics events	12 months rolling
Backup copies	Up to 2 years (overwritten by cleanup schedule)

When your account is deleted, we permanently delete all associated personal data (except payment records, which are retained for legal compliance) within 30 days.

7. Your Rights

Depending on your location, you have the following rights regarding your personal data. To exercise any of them, contact us at privacy@fidusvoice.com. We will respond within 30 days.

Access. Request a copy of the personal data we hold about you.
Correction. Request correction of inaccurate personal data.
Erasure. Request deletion of your personal data ("right to be forgotten"). You can also delete your account directly via Settings.
Portability. Request your data in a structured, machine-readable format. You can export your sessions directly from Settings → Data Export.
Restriction. Request that we restrict processing of your data in certain circumstances.
Object. Object to processing based on legitimate interest.
Withdraw consent. Where we rely on consent, withdraw it at any time (without affecting the lawfulness of processing before withdrawal).

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of the sale of personal information (we do not sell personal information). Voice recordings are treated as sensitive personal information under CPRA.

8. Cookies

We use two categories of cookies:

Strictly necessary. Session authentication tokens required for the Service to function. These cannot be disabled.
Analytics. PostHog cookies that help us understand how the Service is used. These are optional — you can decline them when the cookie banner appears, or change your preference at any time via the cookie settings link in the footer.

9. Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption in transit, AES-256 encryption at rest (Linode Object Storage), access controls, and regular security reviews. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and notify affected users without undue delay.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@fidusvoice.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before the changes take effect. The current version is always available at fidusvoice.com/privacy.

12. Contact

For any privacy-related enquiry or to exercise your rights:
privacy@fidusvoice.com

Fidus Voice, Inc.
Delaware, USA