At Voicemaker, we prioritize the security, privacy, and confidentiality of your data. We understand that your privacy and confidentiality are important to you, and we share those concerns. We are dedicated to treating the information of our customers, employees, stakeholders, and other interested parties with the highest level of care and confidentiality. This page has been created to address any questions you may have regarding the use, storage, sharing, and deletion of your data.

Key Principles of Data Security:

• Project Confidentiality: Your projects are kept strictly confidential, with access limited solely to you. Voicemaker team members have no access to your projects from the backend, as everything is encrypted at source and only end-user can access it. Even if you request assistance, we handle it securely by asking for relevant screenshots and necessary details from you, without direct access to your files. Any support requests are managed securely, ensuring that your work remains private and protected at all times.
• Data Protection: If you choose to delete your data from Voicemaker, we ensure its permanent removal from our servers. We do not retain any backup or redundancy copies of your data.
• PCI DSS Compliance: We comply with PCI DSS - Payment Card Industry, Data Security Standard.
• ISO/IEC 27001 Certification in Progress: Voicemaker is currently in the process of obtaining certification for ISO/IEC 27001, which focuses on Information security.
• Security Testing: Voicemaker regularly conducts Vulnerability Assessment and Penetration Testing (VAPT) reports & OpenVAS scans to mitigate any cybersecurity vulnerabilities. Enterprise users can request access to our latest VAPT reports by reaching out to our support team.

Our Core Security Practices:

• Data Classification and Sensitivity Levels: At Voicemaker, we classify every single data as "highly sensitive" to ensure maximum protection across the board. This means that every piece of information entrusted to us—whether personal details, project files, or payment data—receives the highest level of security. End-to-End Encryption: Any data uploaded to Voicemaker is stored in an encrypted MongoDB Atlas database & AWS S3 (data files) while at rest. Any time your data is “in transit,” it is encrypted over HTTPS (256-bit encryption), the industry standard for secure internet transactions. This means that the data you send to and from Voicemaker is secure, even if your network is not secure, such as when you’re on a public Wi-Fi network.
• Project Access Controls: At Voicemaker nor any of our employees will ever have access to your project or work, even from backend. It remains completely your property, and any information related to it is kept confidential. We only know your work when it is shared by you with our support team for resolving any conversion issues or errors. Once the issue is resolved, we delete your work promptly. Our employees do not have the right to store it on their personal systems or access your cloud saved files.
• User Rights and Deletion Policy:Users have full rights to access, correct, and delete their data. Voicemaker enables easy data export and deletion processes to give users control. However, Voicemaker reserves explicit right to delete a user's account if they violate our Terms of Service.
• Data Minimization: We carefully assess the data we need to provide a high-quality, reliable service and to enhance the user experience. This includes data such as project files for text-to-speech conversion, login credentials for account security, and basic contact information for communication. We avoid gathering any information that isn’t directly relevant to our service or that doesn’t contribute to a user benefit.
• User Access Controls and Monitoring:For External Users (Customers): We use Cloudflare's default security tools to monitor user's authentication and protect our systems from malicious requests. This setup helps track customer interactions with their data, ensuring robust security and privacy while safeguarding against unauthorized access and potential threats.
  For Internal Users (Employees): Every Voicemaker employee uses Cloudflare Zero Trust and Cloudflare Warp VPN to securely connect to our backend networks and infrastructure. This ensures that only verified devices can access our backend network, continuously monitors traffic to block unauthorized access, and protects against risks like data leaks and shadow IT. With strict access controls and ongoing monitoring, we make sure that only the right people handle sensitive information, keeping your data safe every step of the way. This framework secures employee access with strict authentication, reducing unauthorized access and potential data leaks. Non-Company Device Use: External devices are required to pass security checks before accessing Voicemaker network and cannot log in without Cloudflare Zero Trust and WARP, ensuring an additional layer of security.
• Secure Payment: We prioritise payment security, which is why we have teamed up with industry-leading payment transfer companies to ensure the utmost protection for our clients' payment information. At present, we proceed your payments using Stripe, PayPal & RazorPay.
• Account Security: We encrypt all login information, including emails, passwords, project data, and files, to ensure secure storage within our database. We strongly encourage users to create strong, unique passwords and avoid sharing or storing their login credentials digitally. Voicemaker only can reset a user’s password upon explicit request, ensuring full control over account access. For added security, we also offer Two-Factor Authentication (2FA), which requires multiple verification steps to access accounts, adding an extra layer of protection.
• AI Model Usage and Data: We respect your data privacy and are committed to ensuring that your data is solely yours. Voicemaker does not use or even knew about any of your data—whether text or audio files—for training or improving our AI models without your explicit consent. Any AI-related data processing is done with full transparency, maintaining strict boundaries around user confidentiality. Furthermore, any data processed and created by our AI is encrypted and handled with the highest security standards, ensuring that only you retain access and ownership rights. This data protection strategy allows us to deliver a powerful AI experience without sacrificing user privacy or confidentiality.
• Secure Data Storage & Backup Policy: We securely store user data and web-data in an end-to-end encrypted MongoDB Atlas database, with regular backups and continuous replication across multiple droplets for added resilience. Audio files are safely stored on AWS S3 with built-in backup options. Our core platform & Voice AI Models operates on Amazon AWS EC2 (us-west-2) and Google Cloud (us-west1-a) servers, with automated hourly backup snapshots. These snapshots are then encrypted and transferred daily to other servers, ensuring secure, off-site backup storage. Isolation: Our systems are built to keep user data isolated, preventing any unauthorized cross-access and ensuring that each user’s data remains strictly separated and protected.
• Incident Response and Data Breach Protocol: We maintain a transparent incident response plan to handle data breaches promptly. In the event of a breach, we promptly assess, contain, and resolve the issue, notifying users of any potential risks and implementing immediate safeguards to protect their data.
• Third-Party Vendor Risk Management: At Voicemaker, we carefully assess the security practices of any third-party vendors we engage to ensure they align with our stringent data protection standards. Each vendor must meet Voicemaker's security and privacy benchmarks before integration. Our core infra and AI models are hosted exclusively on our hosted servers, minimizing reliance on third-party vendors and reducing associated security risks. Fourth-Nth Party Utilization: For certain services, we utilize third-party providers, ensuring each one meets Voicemaker’s security and privacy standards. No unauthorized sharing of personally identifiable information occurs.
• Regular Security Assessments and Audits: We conduct regular security audits and vulnerability assessments using tools like OpenVAS, Qualys, and Detectify, alongside Cloudflare’s Web Application Firewall (WAF) and AWS CloudTrail for continuous monitoring and threat detection, ensuring all system components are up-to-date and resilient against potential vulnerabilities. For kernel updates and system hardening, we utilize tools like Tripwire and OSSEC to monitor for unauthorized changes, alongside automated patch management tools for timely kernel and software updates.
• Compliance with Legal Standards and Regulations: Voicemaker complies with GDPR, CCPA, and other applicable data protection laws, ensuring user privacy and control over their data. We are also in the process of obtaining ISO/IEC 27001 certification, which demonstrates our commitment to comprehensive information security practices and standards.
• Employee Training and Data Protection Policies: At Voicemaker, all employees undergo regular training on data privacy and security best practices to stay informed about the latest developments and threats in cybersecurity. Our Data Protection Officer oversees data handling practices, ensuring compliance with all security policies and coordinating efforts to secure our users. Staff Augmentation: For specialized projects, we utilize staff augmentation while strictly enforcing our security protocols. All third-party personnel are required to adhere to Voicemaker’s rigorous security standards and confidentiality agreements, ensuring that our high standards of data protection extend to every team member.
• Data Protection Officer: Voicemaker has put in place a set of internal policies and procedures regarding data protection, which all employees are required to adhere to. The collaboration between our Data Protection Officer and engineering team ensures that we maintain complete visibility on the user data we possess, its storage location, and authorized access. To ensure compliance with these policies and prompt communication of data protection matters to our CEO, we have appointed a Data Protection Officer. The Officer is responsible for enforcing the policies and overseeing the protection of data.
• Continuous Improvement and Security Updates: Using industry-leading tools, we continuously monitor and update our security practices to address emerging threats and vulnerabilities, ensuring robust protection.
• Privacy by Design and Default: By our core principle - "Encrypt Everything", our privacy standards are embedded into our systems from the ground up, ensuring your data is secure without the need for adjustments, so you can trust that your information is protected. Our commitment is simple: to protect your privacy at every step, with strong encryption and built-in safeguards that respect your data and give you peace of mind.



Infrastructure Security:

• DDoS protection: We use "Cloudflare" to enhance the security, speed, and reliability of Voicemaker’s main platform and its API, providing features such as DDoS protection, SSL encryption, email protection, Argo Smart Routing and various built-in tools.
• Web Application Firewall (WAF): We use Cloudflare’s WAF to protect our web applications from security threats such as cross-site scripting (XSS), SQL injection, and DDoS attacks. This advanced firewall adds a crucial layer of defense, ensuring a secure and seamless experience for our users.
• Zero Trust: As previously mentioned, we rely on Cloudflare Zero Trust to secure access to all backend networks. This system rigorously authenticates every employee login, reducing the risk of unauthorized access and potential data leaks.
• Uptime and Monitoring: We use AWS CloudWatch to monitor CPU, RAM, and disk usage, with automated alerts triggered when resource thresholds are reached. By tracking system health and performance through data logs, we ensure optimal service levels are maintained. For real-time system uptime, visit our status page.
• Data Storage: As previously mentioned, all data, including Voicemaker’s AI models, is securely stored on Amazon AWS (us-west-2) and Google Cloud (us-west1-a) servers. These secure environments ensure robust data protection and reliable performance.
• Physical Security: At Voicemaker, once an employee’s device connects to the network, we rely on leading cloud providers like Amazon AWS and Google Cloud to ensure robust physical security for our platform and your data. These world-class data centers adhere to strict physical security protocols, undergo regular security audits, and comply with certifications such as ISO 27001, SOC 2, and PCI-DSS, confirming that they meet high standards for physical and information security.

Organizational Policies:

• Employee Training and Awareness: All employees undergo regular training on data privacy and security best practices, including awareness of phishing and other cybersecurity threats.
• Employee Performance and Security: Voicemaker maintains a documented employee performance and security process, reviewed regularly by management to ensure consistent adherence to security policies.
• Physical Security Program: Once an employee’s device connects to the network, we rely on leading cloud providers. With data center's physical security program, approved by management, ensures that access to physical infrastructure is restricted and maintained with strict security controls.
• Information Security in New Systems: All new systems and upgrades undergo strict security assessments to meet information security requirements before deployment.
• Password Policy: Our password policy mandates confidentiality and complex passwords to reduce unauthorized access risks and complemented by two-factor authentication (2FA) for enhanced security.
• Cybersecurity Incident Management Program: Voicemaker has a Cybersecurity Incident Management Program in place, managed by a designated team responsible for overseeing and addressing security incidents.
• Methodology for System Event Review: Our security team routinely reviews system events for potential incidents, with alerts for malware infections or suspicious activity to ensure prompt response.
• Fraud Prevention Policies: Policies and procedures are in place to detect and prevent fraud, both internal and external, ensuring the integrity of user data.
• Endpoint Security Standards: Voicemaker enforces endpoint security standards to prevent cybercriminal access, deploying secure configurations across all systems.
• Mobile and Non-Company Device Use: Non-company managed devices require stringent security checks before accessing the Voicemaker network, ensuring a secure working environment.

Information Usage and Sharing

Project Information:

Voicemaker securely stores your Project Information, including uploaded files, text converted to speech, audio files, and other project metadata, with full encryption on our servers.

We don't use your Project Information for anything other than providing the service we offer — e.g. we don’t sell it; we don’t use it for marketing; we don’t use it for advertising. Except, we use it for our end-to-end encrypted AI model training which helps improve our voice models to a new level, with ensuring that all data is fully anonymized to protect your privacy.

Your Project Information is confidential even from us. We cannot access your projects from the backend, as everything is encrypted at the source, ensuring that only the end-user can access it. Even if you request assistance, we handle it securely by asking for relevant screenshots and necessary details from you, without accessing your files directly. All support requests are managed with care, ensuring your work stays private and protected at all times.

Personal Information (Name, Email, Password, Billing Details)

• Name - To personalize your experience with Voicemaker, we use your name. Instead of addressing you as "User," we address you by your actual name, such as "Hi, Johnny." When collaborating on a project with others on Voicemaker, your collaborators will also see your name when you leave a comment or share a project, making teamwork smoother and more personal.
• Email - Your email address serves as your primary identifier in Voicemaker and also serves as our main point of contact for us to communicate with you.
• Password - Upon logging in, we utilize your password to verify and validate your account.
• Billing details - When you sign up for a paid account, we collect billing details, including your credit card information and billing address, to process payments. We do not have access to your credit/debit card numbers or CVCs, as these are securely handled by our payment gateways, such as Stripe, PayPal, and Razorpay.

Third-Party Services:

• Freshdesk - To provide customer support. Information shared: name and email address.
  Freshdesk is the customer support platform we use to answer customer questions and manage support tickets. We share your email with Freshdesk to manage our customer service interactions with you.
• Amazon SES - To send emails, Information shared: name and email address.
  We use Amazon SES to send marketing and transactional emails (e.g. register, forgot password emails).
• Stripe - To process subscription payments. Information shared: name, email address, and billing information.
  Stripe is our payments processor. Stripe uses your billing details to process your payments and your email address to send payment receipts and to contact you if your payment method stops working.
• PayPal - To transfer and process payments from PayPal. Information shared: name, email.
• Razorpay - To transfer and process payments through UPI & Banks for Indian users. Information shared: name, email.
• Google Analytics - Information shared: name, email address, and cookies.
  Helps us to analyze the visitors and their behavior on the site. This helps us to improve the service for users on various devices and from various regions.

Ps. Every third-party vendor's data handling practices align with Voicemaker's policies and legal requirements.

Your Rights:

• Right to access

  To access your account, simply click on the circle with your initials located in the top right corner of the Voicemaker platform. If you require a more detailed report, you may submit a Subject Access Request to [email protected].

• Right to be forgotten

  When a Project is deleted from Voicemaker, we ensure its permanent removal from all our servers (including backup servers) within 30 days. Similarly, if you choose to delete your user account, all data linked to your account will be permanently erased.

• Right to be informed

  We have created this page to provide you with a comprehensive understanding of all the personal information we hold about you and how we use it. You have the right to access this information, and if you have any further queries, please feel free to contact us at [email protected].

• Right to equal services and price

  Voicemaker will not increase the price or decrease the quality of the service for any customer who exercises their rights under these regulations.

• Right to withdraw consent

  You have rights to withdraw your consent for Voicemaker to process your data. In the section above, we have explained the various levels of consent available and how you can provide or withdraw consent. For instance, you may choose to unsubscribe from certain emails or share your transcript data to enhance our transcription accuracy. However, if you wish to withdraw your consent entirely, you can simply delete your Voicemaker account.

• Right to portability

  You have the right to obtain all of the personal data Voicemaker has on you in a structured and commonly used format. We will gladly prepare this for you at your request. To initiate this request, send us an email at [email protected].

• Right to correction

  Most of your personal data can be modified from your Voicemaker account page. To access your account, click on the circle with your initials in the top right corner of Voicemaker. If you would like us to make any modifications for you, just send us a request at [email protected].

• Right to object

  Voicemaker solely utilizes your personal data to deliver our service. If you believe that we are not adhering to this policy, please send us an email at [email protected] outlining the problem, and we will initiate an investigation.

• Right to stop automated decision-making

  Our system doesn't do any automatic profiling to make decisions. If, for any reason, you suspect that we are using automatic decision-making and wish for us to cease, please contact us at [email protected] detailing the problem, and we will launch an investigation.

• Right to stop processing and right to stop third-party transfer

  To halt the processing of your personal data or any third-party transfers by Voicemaker, all you need to do is delete your Voicemaker account. By taking this action, all of your data will be permanently removed.

Consent and Changes:

By using our website, you acknowledge and give your consent to our Data Protection and Security Policy, agreeing to its terms. It is important to note that we may periodically update our Security measures, and any changes will be communicated through the posting of new information on this security page. As a precautionary measure, we advise you to regularly review this Security information for any updates. Changes to the Security will take effect upon being posted on this page.

Contact Us:

If you have any queries or remarks concerning how Voicemaker safeguards your data or our compliance with any of the regulations outlined above, please feel free to email our Data Protection Officer at [email protected].