Privacy Policy | Voice2Evolve®

Last updated: April 27, 2026

This Privacy Policy explains how Voice2Evolve UG (haftungsbeschränkt) ("Voice2Evolve", "we", "us") processes personal data when you visit our website, contact us, or use the Voice2Evolve application.

1. Controller

Voice2Evolve UG (haftungsbeschränkt)
Grabenstraße 26
71254 Ditzingen
Germany

Email (privacy contact): help@voice2evolve.com

2. Website visitors

When you visit our website, we process only limited personal data that is technically necessary to operate and secure the site.

a) Website usage data

We process basic, privacy-friendly usage data, such as:

visited pages,
referrer information,
browser and device type,
country or region (derived from IP address).

This data is collected without cookies, used only in aggregated form, and not used to create user profiles or track you across websites.

b) Technical and security data

To ensure security and compliance, limited technical data may be processed, including IP-derived location, timestamps, and request metadata.

c) Contact data

If you contact us by email, we process your email address, the content of your message, and any information you voluntarily provide.

3. Application users — session data processing

If you use the Voice2Evolve application, we process the following personal data to deliver the service and evaluate its technical quality.

Data processed: voice session transcripts, session analytics and scores, account data (name, email address), and usage metadata.

Purposes and legal bases:

Delivering voice-based AI sessions and post-session analysis — contract performance (Art. 6(1)(b) GDPR)
Internal AI system quality evaluation (system-only; outputs are not user-facing and do not affect your scores) — legitimate interests (Art. 6(1)(f) GDPR)

Key subprocessors:

OpenAI, L.L.C. (US) — AI inference for sessions and analysis. Real-time API voice data is subject to Zero Data Retention (ZDR); internal quality evaluation uses the Batch API with best-effort PII redaction applied before submission. Transfers rely on SCCs.
Supabase Inc. (EU, Stockholm) — primary data storage.
Anthropic PBC (US) — alternative AI inference for quality evaluation only.

Full subprocessor list: https://voice2evolve.com/legal/subprocessors

Retention: Session transcripts are retained for 7–365 days (default: 30 days), configurable by the account holder. Processor-facing retention commitments for customer accounts are set out in the Master Data Processing Agreement (MDPA): https://voice2evolve.com/legal/dpa

Where Voice2Evolve provides the service directly to an end user, this Privacy Policy is the controller-facing processing notice for that use of the application. Where a business customer uses Voice2Evolve for its own users or candidates, Voice2Evolve also acts as a processor for that customer under the MDPA. To exercise your rights (access, rectification, deletion, restriction, objection), contact help@voice2evolve.com.

Sign-in methods (email OTP, Google Sign-In, and Microsoft Azure Sign-In)

You can sign in either by email (OTP/magic code), with Google Sign-In, or with Microsoft Azure Sign-In.

When you use a third-party sign-in provider (for example, Google or Microsoft Azure), Voice2Evolve receives account data provided through provider/Supabase authentication, which may include:

email address and email-verification status,
profile name (for example, name/full_name),
profile image URL (for example, avatar_url/picture),
provider-specific account identifier values (for example, provider_id/sub),
authentication provider metadata (for example, provider = google or provider = azure).

We use this data only to authenticate you, create or maintain your account, secure access to the Service, and operate account-related functionality. The legal basis is contract performance (Art. 6(1)(b) GDPR), and where strictly required for security and abuse prevention, legitimate interests (Art. 6(1)(f) GDPR).

Google and Microsoft act as independent controllers for data processed within their own authentication services under their respective terms and privacy policies.

3a. If you are invited to a session by a recruiter or headhunter

This section applies if you received an invitation to a Voice2Evolve session from a recruitment agency, headhunter, or executive search firm (your "Recruiter") as part of a job application or recruitment process.

Who is the data controller for your session?

When a Recruiter uses Voice2Evolve to organize your session, the Recruiter is the Data Controller for your session data in this context. This means the Recruiter determines the purpose of the session (preparing you for an interview) and bears primary responsibility for ensuring your data rights are respected.

Voice2Evolve acts as a Data Processor on the Recruiter's behalf. Voice2Evolve processes your live voice audio during the session, transcript, and AI-generated coaching analysis on the Recruiter's instructions, in accordance with Voice2Evolve's Master Data Processing Agreement.

What the Recruiter can see

The Recruiter can see your AI-generated coaching analysis (scores, qualitative feedback, improvement areas, and recommended next steps) through their Voice2Evolve dashboard. The purpose is preparation support and debrief — the Recruiter uses this to discuss your progress with you and decide whether additional preparation sessions would be helpful.

The Recruiter has contractually committed to Voice2Evolve that it will not use your analysis as the sole basis for any employment decision (including whether to put you forward for a role, shortlist you, or reject your application), and that it will not share your analysis with the client employer without your explicit written consent.

Your AI analysis is also yours

You receive your coaching analysis as the primary recipient. There is no asymmetry: you and the Recruiter both see the same coaching report, and it is produced for your benefit. The analysis is a coaching output, not a covert score held by the Recruiter.

Your rights as a data subject

Because the Recruiter is the Data Controller for this context, your primary rights (access, rectification, deletion, objection, portability, and the right to request human review of any decision under GDPR Article 22(3)) should be directed to the Recruiter at the contact they provided in their candidate privacy notice.

Voice2Evolve will technically assist the Recruiter in fulfilling any data subject rights requests that require action on the platform.

Voice2Evolve also continues to process certain data in its own right (for internal quality evaluation under its legitimate interests and for anonymized aggregate analytics) as described in Section 3 above.

If you cannot reach the Recruiter, or for questions about Voice2Evolve's processing as Processor, contact: help@voice2evolve.com

Right to human review

Your coaching analysis is generated by AI. If you believe that any recruitment decision that has affected you was made solely or primarily on the basis of automated AI outputs, you have the right to request a human review of that decision. Direct this request to your Recruiter.

Supervisory authority

You may lodge a complaint with the data protection supervisory authority in the EU Member State (or UK) where you are located. Contact details for EU data protection authorities: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en

4. Purposes and legal bases — website

Purpose	Legal basis (GDPR)
Operating and displaying the website	Legitimate interests (Art. 6(1)(f))
Security and abuse prevention	Legitimate interests (Art. 6(1)(f))
Aggregated website analytics	Legitimate interests (Art. 6(1)(f))
Responding to inquiries	Contract / pre-contractual measures (Art. 6(1)(b))
Optional cookies (if introduced in future)	Consent (Art. 6(1)(a))

5. Processors and service providers (website)

We use carefully selected service providers to operate and secure our website, such as:

hosting and infrastructure providers,
security and content delivery services,
Rybbit — a privacy-friendly, cookieless analytics service used to measure aggregate website usage. Rybbit does not use cookies and does not perform cross-site behavioural profiling.

Payment processing

When you make a purchase in the Voice2Evolve application, payments are processed by Stripe Payments Europe Ltd. Stripe may collect and process the following data for payment processing, card verification, and fraud prevention:

Billing name — used for card verification
Billing address, including ZIP/postal code — used for Address Verification System (AVS) checks
IP address at checkout — forwarded to Stripe for fraud risk scoring
Device identifiers (via Stripe.js cookies __stripe_mid and __stripe_sid) — used for fraud detection

Stripe acts as an independent controller for fraud and risk purposes, and as a processor for payment execution, in accordance with Stripe's privacy policy and its PCI DSS Level 1 compliance obligations. Voice2Evolve does not store full card details.

6. International data transfers

Some service providers may be located outside the EU/EEA.
Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection. Application user transfers are governed in detail by the MDPA.

7. Retention

Website-related personal data is retained only as long as necessary:

aggregated analytics data is retained without direct identifiers,
security and access logs are typically retained for up to 90 days,
contact messages are retained only as long as necessary to handle your inquiry or as required by law.

Application user retention is summarized in Section 3 above. Processor-facing retention commitments for customer accounts are set out in the MDPA (§ 15).

8. Your rights

Depending on your location and applicable law, you may have rights including:

access to your personal data,
rectification of inaccurate data,
deletion of your data,
restriction or objection to processing.

To exercise your rights, please contact us at:
help@voice2evolve.com

8a. Privacy Officer (Quebec Law 25)

In accordance with Quebec's Act respecting the protection of personal information in the private sector (Law 25), Voice2Evolve has designated a Privacy Officer responsible for overseeing compliance with applicable privacy laws:

Matthias Osmaston
Managing Director — Voice2Evolve UG (haftungsbeschränkt)
Email: help@voice2evolve.com

Quebec residents may contact the Privacy Officer directly with any questions, access requests, or complaints relating to the processing of their personal information.

8b. United States Residents

This section applies to residents of US states with applicable privacy laws, including California (CCPA/CPRA), Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comparable legislation.

Live voice audio and AI processing. Voice sessions involve live audio transmission and AI processing for the purpose of delivering the service (speech recognition, AI-generated responses, transcription, and post-session analysis). Voice2Evolve does not retain raw session audio under the current documented service flow and does not use voice data to identify users biometrically or build voice identification profiles. Voice audio sent to the OpenAI Realtime API is subject to Zero Data Retention at OpenAI.

Categories of personal information collected. In the course of providing the Services, Voice2Evolve collects:

Identifiers (name, email address, IP address)
Usage and device data (pages visited, session metadata, browser type)
Audio and transcript data from voice sessions
Payment data (processed by Stripe; Voice2Evolve does not store card details)
Account data (account preferences, session history)

We do not sell or share your personal information for cross-context behavioral advertising or monetary consideration. We do not sell personal information as defined under the CCPA/CPRA.

Your rights. Depending on your state of residence and applicable thresholds under applicable law, you may have the right to:

Access the personal information we hold about you
Correct inaccurate personal information
Delete your personal information
Portability — receive a copy of your data in a structured, machine-readable format
Opt out of sale or sharing of personal information (not applicable; we do not sell or share)
Limit use of sensitive personal information beyond what is necessary to provide the Services

To exercise any of these rights, contact us at help@voice2evolve.com. We will respond within the timeframe required by applicable law. We do not discriminate against users who exercise their privacy rights.

Voice processing notice for all-party consent states. The following US states require all parties to a recorded communication to consent: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington. By starting a voice session on the Service, you acknowledge that your live voice audio will be transmitted and processed by AI for the session, and you consent to that processing. A session-start notice is displayed before recorded or transmitted session audio begins.

8c. Canadian Residents

This section applies to residents of Canada. Voice2Evolve processes personal information of Canadian residents in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and, for Quebec residents, Quebec's Act respecting the protection of personal information in the private sector (Law 25).

PIPEDA rights. Canadian residents have the right to:

Access personal information Voice2Evolve holds about them and receive an account of its use and disclosure
Correct or annotate personal information that is inaccurate or incomplete
Withdraw consent to the collection, use, or disclosure of their personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect the ability to use the Services.
Challenge compliance — file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca if you believe Voice2Evolve has not complied with PIPEDA

To exercise PIPEDA rights, contact: help@voice2evolve.com

Breach notification. If Voice2Evolve becomes aware of a breach of security safeguards involving personal information of Canadian residents that creates a real risk of significant harm, Voice2Evolve will notify affected individuals and report to the OPC as soon as feasible in accordance with PIPEDA.

Quebec residents — additional rights under Law 25. Quebec residents have additional rights under Law 25, including:

The right to request de-indexing of personal information that is disseminated online without authorization
The right to data portability — to receive personal information held about you in a structured, commonly used technological format

Quebec residents may also file a complaint with the Commission d'accès à l'information du Québec (CAI) at www.cai.quebec.ca.

Language. This Privacy Policy is currently published in English, German, French, Italian, and Spanish. Voice2Evolve will not rely on an unpublished language version for consumer contracting.

Electronic communications. Transactional electronic messages sent by Voice2Evolve to Canadian users (including account notifications, session reports, and invoices) comply with Canada's Anti-Spam Legislation (CASL). Each such message identifies Voice2Evolve as the sender and includes a mechanism to withdraw consent to receive further communications where required.

9. Changes to this policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.
The current version is always available on our website.

10. Contact

For questions about this Privacy Policy or our data practices, contact:

Voice2Evolve UG (haftungsbeschränkt)
Email: help@voice2evolve.com