← Back to Sign in

Privacy Policy

Last updated: March 2025

1. Introduction

Voxco ("we", "our", or "us") operates the Voxco Number Ordering Portal (the "Service"). We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable privacy laws.

This policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding your data.

2. Data Controller

The data controller responsible for your personal data is Voxco. For any questions about this policy or your data, please contact your account manager or the domain and web manager.

3. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, company name (if provided), and password (stored in hashed form).
  • Authentication data: session identifiers and login timestamps to operate the Service securely.
  • Order and usage data: phone number orders, uploaded documents related to orders, and activity necessary to provide the Service.
  • Communications: any optional message you provide when signing up or when contacting us.

We do not use your data for automated decision-making or profiling that significantly affects you.

4. Legal Basis and Purposes

We process your personal data on the following legal bases:

  • Contract: to create and manage your account, process orders, and deliver the number ordering and management services you request.
  • Consent: where you have given clear consent (e.g. when signing up, you agree to this Privacy Policy and our use of cookies as described below).
  • Legitimate interests: to improve the Service, ensure security, and communicate important service-related information, where such interests are not overridden by your rights.
  • Legal obligation: where we must retain or disclose data to comply with applicable law.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, including to satisfy legal, accounting, or reporting requirements. Account and order data are retained while your account is active and for a reasonable period after closure or as required by law. You may request erasure of your data subject to our legal retention obligations.

6. Your Rights (GDPR and UK GDPR)

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten"), subject to legal exceptions.
  • Restriction: request that we limit how we use your data in certain circumstances.
  • Data portability: receive your data in a structured, machine-readable format where applicable.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Complaint: lodge a complaint with a supervisory authority (e.g. in the EU/EEA or UK).

To exercise these rights, please contact your account manager or the domain and web manager. We will respond within the timeframe required by applicable law (e.g. one month under GDPR).

7. International Transfers

Your data may be processed in countries outside the European Economic Area (EEA) or the UK, including by our service providers (e.g. hosting and authentication). Where we transfer data to such countries, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, or other mechanisms recognised by GDPR/UK GDPR.

8. Cookies and Similar Technologies

We use cookies and similar technologies that are strictly necessary to operate the Service (e.g. session and authentication cookies). These are essential for the website to function and do not require your consent under applicable cookie laws.

We may use optional cookies (e.g. for analytics or preferences) only with your consent. You can manage your cookie preferences via the cookie banner when you first visit the site. For more detail on the cookies we use, see the cookie banner and the table below.

PurposeTypeDuration
Session / authenticationStrictly necessarySession or as set by provider
Cookie consent preferenceStrictly necessary1 year

9. Third-Party Processors and Hosting

We use the following types of service providers to run the Service. They act as data processors and are bound by contract to protect your data:

  • Hosting: The site is hosted on Vercel. Vercel is GDPR compliant and processes data in accordance with applicable data protection laws. See Vercel's privacy and compliance information for details.
  • Authentication and database: We use Supabase for authentication and database services. Supabase processes data in line with its DPA and privacy commitments.
  • Fonts: We may load fonts from Google Fonts; relevant requests are made to Google's servers. Google's privacy policy applies to such requests.

We do not sell your personal data to third parties.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure connections (HTTPS), access controls, and secure handling of credentials.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date. If changes are material, we may notify you by email or through the Service. We encourage you to review this policy periodically.

12. Contact

For any questions about this Privacy Policy, your personal data, or to exercise your rights, please contact the domain and web manager or your Voxco account manager.

← Back to Sign in