Official Resource

Privacy Policy

Read the Loxia AI Privacy Policy to understand how we collect, use and protect your personal data.

Privacy Policy

Last Updated: May 22, 2025

This Privacy Policy describes how Loxia AI ("we", "us", or "our") collects, uses, stores and protects your personal data when you use Loxia AI (the "Service").

By using the Service, you agree to the terms of this Policy. If you do not agree, please stop using the Service immediately.

1. Data Controller

The data controller is: Loxia AI Email: legal@loxia.ai

2. Data We Collect

We collect the following categories of personal data:

Account Data: name, email address, hashed password, creation date, subscription status.

Voice & Call Data: phone numbers involved in calls, call recordings (audio and transcripts), call duration and direction (inbound/outbound), AI analysis results (sentiment, lead score).

Usage Data: pages visited, actions performed in the dashboard, browser type, IP address, locale settings.

Payment Data: handled exclusively by our payment processor (Stripe). We do not store card details.

Third-Party AI Processing: Voice conversations may be processed by OpenAI or ElevenLabs to generate AI responses. These providers act as data processors under agreements compliant with GDPR.

3. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract performance: to provide the Service you subscribed to.
  • Legitimate interest: to improve service quality, prevent fraud and ensure security.
  • Legal obligation: to comply with applicable laws.
  • Consent: for optional analytics and marketing communications, where you have explicitly opted in.

4. How We Use Your Data

  • Provide and operate the Service (AI voice agents, call routing, transcription)
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password reset, call summaries)
  • Improve AI model performance (aggregated, anonymised data only)
  • Comply with legal obligations and respond to lawful requests
  • Detect and prevent fraud and abuse

5. Data Retention

Category Retention Period
Account data Until account deletion + 30 days
Call recordings & transcripts 12 months from the date of the call
Payment records 7 years (legal obligation)
Server logs 90 days

You may request early deletion of your data at any time (see Section 8).

6. Data Sharing & Third Parties

We share your data only with:

  • OpenAI / ElevenLabs – AI voice processing (as data processors)
  • Twilio – Telephony infrastructure
  • Stripe – Payment processing
  • Hosting Provider – Infrastructure (servers located in the EU or EU-adequate countries)

We do not sell your personal data to any third party.

7. International Transfers

When data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.

8. Your Rights (GDPR / CCPA)

You have the right to:

  • Access – request a copy of your personal data
  • Rectification – correct inaccurate data
  • Erasure ("Right to be Forgotten") – delete your account and all associated data
  • Restriction – limit how we process your data
  • Data Portability – receive your data in a machine-readable format (JSON export available in Settings)
  • Object – object to processing based on legitimate interest
  • Withdraw consent – at any time, where processing is based on consent

To exercise your rights, use the Settings → Privacy section of the dashboard, or contact us at legal@loxia.ai. We will respond within 30 days.

California residents (CCPA): You additionally have the right to know what personal information is collected, to opt out of the sale of personal information (we do not sell data), and to non-discrimination for exercising your rights.

9. Cookies

We use only strictly necessary cookies required for authentication and security. We do not use third-party advertising or analytics cookies without your explicit consent. You can manage cookie preferences via the banner shown on first visit.

10. Voice Recording Disclosure

Loxia AI operates AI voice agents that may record and process voice calls for transcription, analysis and quality purposes. All calls are disclosed to callers at the start of the conversation, where this feature is enabled by the account operator, in compliance with applicable wiretapping and recording laws.

11. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted storage, HTTPS, access controls and regular security reviews.

12. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect data from minors.

13. Changes to This Policy

We may update this Policy. We will notify you by email or in-app notification at least 15 days before material changes take effect. Continued use of the Service after the effective date constitutes acceptance.

14. Contact

For any privacy-related enquiries: Loxia AI 📧 legal@loxia.ai