← All legal documents

Privacy Policy

Last reviewed: 2026-05-11

Plain-English summary. The Vox app does not collect, transmit, or store your audio, transcripts, or any user content. The website collects only the data needed to operate it: aggregate page-views with no cookies and no IP addresses, and (if you buy) the billing information you give Stripe. The summary is informational; the numbered sections below are the binding text.

0. Who we are

This Site is operated by Resonance Logic, LLC (“we,” “us,” “Licensor”), a Delaware limited liability company and the publisher of Vox.

  • Postal address: 169 Madison Avenue, Ste 54237, New York, NY 10016, USA.
  • Email: vox@rizenhq.com for privacy questions; same address with the subject line “Legal Notice” for formal notices.

For the purposes of the EU/UK General Data Protection Regulation, Resonance Logic, LLC is the data controller for personal data processed through this Site. If we are required to designate an Article 27 representative for the EU or UK, that representative's details will appear here.

1. Scope

This Policy covers data we collect through the Vox website. It does not cover the Vox application itself, which is described in the EULA, because the application does not transmit user content to us.

2. Information we collect

Aggregate analytics. We use Vercel Analytics and Vercel Speed Insights to count page views and measure page performance. These tools are cookieless: no cookies are written to your browser, no cross-site identifiers are set, and no session replay or heatmap data is recorded. IP addresses are anonymised by a daily-rotating salted hash and are not retained as personal data. See Privacy & Security on the Site for a more detailed plain-English breakdown.

Custom product events. When you interact with the Site (clicking “Buy,” submitting a form, scrolling through a page), we record an event name and a small number of non-identifying properties (seat count, page name, scroll depth). These events are aggregated and not tied to a persistent identifier.

Email addresses you give us voluntarily. If you submit an email through a “Get notified” or “Contact sales” form, we transmit that address to our email tool (Resend) for the purpose of replying to you or notifying you of launch. The form discloses this at the point of collection.

Purchase data. If you buy a Commercial License, Stripe collects your billing email, billing address, VAT ID (where provided), and payment method. We read your billing email, company name and seat count from Stripe to issue your license PDF and to send transactional email about your subscription. We do not see your card number.

Subscription metadata. Once you purchase, Stripe stores a small amount of subscription metadata on our behalf: License ID, company name, billing email, plan, seat count, and renewal date. This is the complete record of your license — we do not maintain a separate customer database.

Download counter. Our public download counter on the home page is backed by a Supabase Postgres table that stores anonymised aggregate counts only: a daily increment with no IP address, user agent, or other identifier that could be linked to you.

Tokens for license re-download. When we email you a link to re-download your license PDF, the link contains a short-lived JSON Web Token (JWT) that lets the server look up your subscription. The token is not a persistent session identifier and is not used to track you across visits.

3. Information we do not collect

We do not:

  1. Use cookies, advertising pixels, fingerprinting, or third-party trackers on the Site.
  2. Run session replay or heatmap tools.
  3. Receive any content from the Vox application — no audio, no transcripts, no user dictionary entries.
  4. Sell or share your personal information for cross-context behavioural advertising. We do not engage in “sale” or “sharing” as those terms are defined under the California Consumer Privacy Act (as amended by the CPRA).

4. How we use the information (and why)

| Purpose | Data | Lawful basis (GDPR / UK GDPR) | | --- | --- | --- | | Process your purchase, issue and re-issue your license PDF | Billing email, company name, seat count, plan | Performance of a contract (Art. 6(1)(b)) | | Send transactional email (license delivery, cancellation confirmation) | Billing email | Performance of a contract (Art. 6(1)(b)) | | Answer questions you send us | Email address, message body | Legitimate interests (Art. 6(1)(f)) — responding to you | | Understand which pages of the Site are popular, in aggregate | Aggregate analytics, custom events | Legitimate interests (Art. 6(1)(f)) — operating and improving the Site | | Detect and prevent abuse, fraud, or breach of these terms | Server logs, rate-limit signals | Legitimate interests (Art. 6(1)(f)) — Site security | | Comply with legal obligations (tax, accounting, lawful demands) | Purchase data | Legal obligation (Art. 6(1)(c)) |

We do not engage in solely automated decision-making that produces legal or similarly significant effects on you.

5. How we share information (sub-processors)

We share data only with the vendors needed to operate the Site:

  • Stripe, Inc. (US) — payments, Customer Portal, subscription metadata storage. Stripe acts as a payment processor and (for subscription metadata we attach) a processor on our behalf.
  • Resend, Inc. (US) — transactional email delivery.
  • Vercel, Inc. (US) — Site hosting, Vercel Analytics, Speed Insights.
  • Supabase, Inc. (US) — Postgres database used solely for the anonymised download counter.

Each is bound by its own data-processing terms with us. We do not share data beyond what these vendors need to operate the relevant feature.

We may disclose information if required by law (court order, subpoena), where the disclosure is narrowly scoped to what the legal demand requires. Where legally permitted, we will tell you about the demand before disclosing.

6. Retention

  • License records. We rely on Stripe to retain subscription metadata for as long as your subscription is active and for the retention period Stripe applies after cancellation. We do not store license PDFs ourselves — they are rendered from Stripe metadata on demand and discarded after each download. The PDF you received by email remains on your own systems for as long as you keep it.
  • Transactional email logs. Retained by Resend per their default retention (currently 30 days for delivery logs).
  • Aggregate analytics. Aggregated and not associated with individual users; retained per Vercel's defaults.
  • Inbound enquiries. Retained in our email systems for as long as needed to answer you, then for a reasonable archival period for audit and dispute purposes (typically up to 24 months).
  • Tax / accounting. Retained for the period required by applicable tax law (typically 7 years).

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal-retention obligations).
  • Restrict or object to processing.
  • Port your data to another provider.
  • Withdraw consent at any time, where processing is based on consent (without affecting prior processing).
  • Opt out of “sale” or “sharing” of personal information (California). We do not engage in either; this right is disclosed for completeness.
  • Limit use of sensitive personal information (California). We do not process sensitive personal information beyond what is required to process your purchase.
  • Non-discrimination for exercising any of these rights.

To exercise any of these rights, email vox@rizenhq.com from the address associated with your purchase or enquiry. We will respond within one month, extendable by two further months for complex requests with notice. For California residents, we will verify your identity by matching the email to your purchase record.

You also have the right to lodge a complaint with a supervisory authority — in the EU/EEA, your national data protection authority; in the UK, the Information Commissioner's Office; in California, the California Privacy Protection Agency or the Attorney General.

For purchases, the easiest way to exercise these rights is through Stripe's Customer Portal, which you can access via the Account page.

8. International transfers

The Site is hosted on Vercel infrastructure that may store and process data in the United States, the European Union, or other regions. Stripe, Resend, and Supabase similarly operate globally.

Where personal data is transferred from the EU/EEA, UK or Switzerland to a country that does not have an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and, where applicable, the UK International Data Transfer Addendum) with our sub-processors as the safeguard required by Article 46 of the GDPR. Where a sub-processor is certified under the EU-US Data Privacy Framework, that certification is an additional basis for transfers.

9. Children's privacy

Vox is intended for users aged 18 or over. We do not knowingly collect personal data from children under 16 (EU/UK) or under 13 (US, under COPPA). If you believe a child has given us personal data, contact us at vox@rizenhq.com and we will delete it.

10. Security

We protect data in transit with TLS and rely on our sub-processors for storage encryption. We do not store payment card data; Stripe handles it under PCI DSS. If you believe you have found a security issue with the Site, please write to vox@rizenhq.com before disclosing publicly.

11. Changes

Material changes to this Policy will be summarised at the top of this page. The “Last reviewed” date reflects the most recent revision.

12. Contact

For privacy questions or to exercise any of the rights above, email vox@rizenhq.com.