This policy explains how VOPIX collects, uses, and protects your personal information.
1. Information We Collect
We collect information you provide directly:
Account data: email address, password (hashed), and subscription status.
Agent configuration: your agent's name, personality, language preferences, and timezone.
Messages: conversations between you and your AI agent, across all channels (web, Telegram, WhatsApp).
Workspace files: files you store in your agent workspace (skills, documents, scripts).
Integration credentials: API keys and OAuth tokens for third-party services you connect (Slack, Gmail, GitHub, etc.). These are stored encrypted using AES-256-GCM and are never readable by VOPIX staff.
Channel identifiers: Telegram chat ID and WhatsApp number, if you link those channels.
We also collect automatically:
Usage data (API calls, message counts, storage consumed) for billing and quota enforcement.
IP addresses and request logs for security and abuse prevention, retained for 30 days.
2. How We Use Your Information
To provide and operate the VOPIX service, including running your AI agent on your behalf.
To process billing and enforce plan limits.
To send service-critical notifications (quota warnings, security alerts). We do not send marketing emails unless you opt in.
To improve the platform. We do not use your conversation content to train AI models.
3. Data Storage and Security
Your data is stored on servers in the European Union. We use industry-standard security measures including:
Encrypted connections (TLS 1.2+) for all data in transit.
AES-256-GCM encryption for all stored credentials and OAuth tokens.
Hashed passwords (bcrypt) — we cannot recover your password.
Role-based access controls — production data is accessible only to authorized personnel for operational purposes.
4. Third-Party Services
VOPIX integrates with third-party services at your direction. When you connect an integration (e.g. Gmail, Slack), we store the credentials you provide and use them solely to execute actions you or your agent request. We do not share your credentials with any other party.
We use the following infrastructure providers:
PostgreSQL for primary data storage.
Stripe for payment processing. We do not store card numbers.
Meta (WhatsApp Cloud API) and Telegram Bot API for message delivery.
AI providers (configurable per user): your messages are sent to the AI provider you select to generate replies.
5. Data Retention
Active account data is retained for as long as your account exists.
Conversation messages are retained indefinitely unless you delete them.
Upon account deletion, all personal data, messages, workspace files, and credentials are permanently deleted within 30 days.
Access logs are retained for 30 days.
6. Your Rights
You have the right to:
Access — request a copy of the data we hold about you.
Deletion — request deletion of your account and all associated data.
Portability — export your conversation history and workspace files at any time from your account settings.
Correction — update your account information at any time.
VOPIX uses a single HttpOnly session cookie for authentication token refresh. We do not use tracking, advertising, or analytics cookies.
8. Children's Privacy
VOPIX is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it promptly.
9. Changes to This Policy
We may update this policy occasionally. We will notify you by email and by a notice in the app at least 14 days before material changes take effect.