Privacy & Security Policy

Last updated: April 5, 2026

1. Overview

At VoiceGPT (operated by Footprint-AI, 信誠金融科技股份有限公司), we take the privacy and security of your data seriously. This policy describes what data we collect, how we use it, and the measures we implement to protect it.

2. Data We Collect

When you use the VoiceGPT service, we may collect the following types of data:

• Voice data: Audio recordings of your voice input during conversations with AI agents.
• Conversation transcripts: Text transcriptions of your voice input and AI agent responses.
• Conversation metadata: Session duration, timestamps, language used, call phase, and interaction patterns.
• Emotion and sentiment data: Audio-based emotion classification results (if enabled by the merchant).
• Account information: Name, email address, and authentication credentials (if you create an account).
• Device information: Browser type, operating system, device type, and microphone diagnostics for troubleshooting.
• Identity verification data: Information you provide during KYC (Know Your Customer) flows, such as name, phone number, or ID verification details.

3. How We Use Your Data

• Service delivery: Processing your voice input through speech-to-text, AI language models, and text-to-speech to provide conversational responses.
• AI performance improvement: Using anonymized conversation data, transcripts, and voice samples to train, fine-tune, and improve our AI models, speech recognition accuracy, and response quality.
• Quality assurance: Reviewing conversation logs to monitor service quality, detect issues, and improve the user experience.
• Analytics: Generating aggregated, anonymized analytics for merchants (e.g., call volume, sentiment trends, common inquiries).
• Security: Detecting and preventing abuse, fraud, prompt injection attacks, and other security threats.
• Legal compliance: Fulfilling legal obligations, responding to lawful requests, and protecting our rights.

4. AI Training & Data Usage

To continuously improve our AI voice agents, we may use your data in the following ways:

• Conversation transcripts and voice recordings may be used to improve speech recognition models, language understanding, and response generation.
• Data used for AI training is anonymized and de-identified to the extent technically feasible.
• We do not sell your personal data or voice recordings to third parties.
• Merchants who deploy VoiceGPT agents may have access to conversation logs for their own customers, subject to their own privacy policies.

5. Data Protection

• Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms.
• Data isolation: Each merchant tenant's data is logically separated to prevent unauthorized cross-tenant access.
• Data retention: We retain your data only for as long as necessary to provide the Service, fulfill the purposes described in this policy, or as required by law. Anonymous conversation data may be retained longer for AI training purposes.

6. Authentication & Access Control

• We support OAuth 2.0 authentication via trusted providers (Google).
• Role-based access control (RBAC) is enforced across all platform resources.
• Session tokens have limited lifetimes and are rotated regularly.
• Embedded (iframe) access uses time-limited, cryptographically signed tokens.

7. Infrastructure Security

• Our services are hosted on enterprise-grade cloud infrastructure with physical security controls.
• Network access is restricted using firewalls and security groups.
• Systems are regularly patched and updated to address known vulnerabilities.
• We employ monitoring and alerting systems to detect anomalous activity.

8. Application Security

• We follow secure coding practices and conduct regular code reviews.
• Input validation and output encoding are applied to prevent injection attacks.
• AI security guards detect and block prompt injection, social engineering, and information extraction attempts in real time.
• Policy guards ensure AI responses comply with defined business rules and compliance requirements.
• Dependencies are regularly audited for known vulnerabilities.

9. Your Rights

Under applicable data protection laws, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate personal data.
• Request deletion of your personal data, subject to legal retention requirements.
• Opt out of AI training data usage by contacting us.
• Withdraw consent for data processing (which may affect your ability to use the Service).

10. Incident Response

In the event of a security incident:

• We will investigate and contain the incident promptly.
• Affected users will be notified in accordance with applicable laws and regulations.
• We will take corrective actions to prevent recurrence.
• A post-incident review will be conducted to improve our security posture.

11. Third-Party Services

We use third-party services for speech processing (e.g., Google Cloud Speech-to-Text, Google Cloud Text-to-Speech) and AI inference (e.g., Google Gemini). Your data may be processed by these providers in accordance with their respective privacy policies. We carefully evaluate the security and privacy practices of all third-party services integrated into our platform.

12. Compliance

We are committed to complying with applicable data protection laws and regulations, including but not limited to the Personal Data Protection Act of the Republic of China (Taiwan).

13. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes by posting the updated policy on this page.

14. Contact Us

For privacy or security-related inquiries, to exercise your data rights, or to report a vulnerability, please contact us at kafeido@footprint-ai.com.