Privacy Policy

1. Introduction

VoiceRoam ("we," "us," or "our") operates this landing page (the "Site") to build a waitlist for our upcoming self-guided audio tour application. This Privacy Policy explains what personal data we collect, why we collect it, how it is used, and your rights over it.

We are committed to full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and all applicable data protection laws. We handle your data with transparency, minimal collection, and no commercial resale ever.

For all privacy-related matters, contact us at support@voiceroam.com. This policy applies to the Site currently hosted at voiceroam.com and any successor domain.


2. Who Is the Data Controller?

VoiceRoam, operated from India, is the Data Controller responsible for your personal data collected through this Site.

Contact: support@voiceroam.com

Note on EU Representation: We are in the process of appointing an EU-based representative under GDPR Article 27. This section will be updated with their contact details upon appointment, which we commit to complete. In the interim, all data-related enquiries including rights requests and complaints should be directed to the email address above.


3. Data We Collect

We collect two categories of data.

A. Data You Actively Provide

Email address - collected only when you voluntarily submit it to join our beta waitlist. Nothing else is requested or stored from your submission.

B. Technical Infrastructure Data (Collected Automatically via Google Cloud Platform)

This data is collected passively at the server level for every request to ensure site delivery, performance, and security. It is inherent to our hosting infrastructure provided by Google Cloud Platform (GCP). We do not actively access or analyze this data beyond what is required for security and operational monitoring.

IP Address – Used by GCP to route traffic and power Google Cloud Armor (DDoS protection and web application firewall).
Access logs – Date, time, and request path. Retained securely in Google Cloud Logging for a standard period of 30 days.
Approximate geolocation – City and country level only, derived from IP routing; no precise GPS location is ever collected from this infrastructure.
Device/system data – Browser type and version, device category (mobile/desktop), and operating system; used for system compatibility and security diagnostics.

We do not use cookies, analytics tools, tracking pixels, web beacons, or social media scripts of any kind on this Site.


4. Purpose and Use of Your Data

Your email address is used solely for:

We will not:


5. Lawful Basis for Processing (GDPR Article 6)

Processing Activity Lawful Basis Details
Collecting and storing your email for beta/launch notifications Consent - Article 6(1)(a) You freely and actively submit your email for this specific, stated purpose, including any promotional offer presented at the time of signup. Consent can be withdrawn at any time.
Google Cloud Platform (GCP) server-level infrastructure data Legitimate Interest – Article 6(1)(f) Necessary for site security, DDoS protection (via Google Cloud Armor), and delivery. We have assessed that this interest is not overridden by your rights, given the minimal nature of the data and the standard 30-day retention.

6. Third-Party Data Processors

We engage the following third parties. GCP and Brevo operate as Data Processors under signed Data Processing Agreements (DPAs) with us. Unsplash operates as an independent Data Controller.

Google LLC (Google Cloud Platform) - Site Hosting & Infrastructure

Role: Data Processor
Headquarters: Mountain View, CA, USA
Purpose: Site hosting, backend infrastructure, and security firewall (Cloud Armor)
GDPR Safeguards: Certified under the EU-U.S. Data Privacy Framework (DPF); Standard Contractual Clauses (SCCs) in place for all international transfers
DPA: cloud.google.com/terms/data-processing-addendum

Brevo (Sendinblue SAS) - Email Waitlist Management

Role: Data Processor
Headquarters: Paris, France (EU-based)
Purpose: Storing and managing the beta email waitlist
GDPR Safeguards: EU-based processor; fully GDPR-compliant
Privacy Policy: brevo.com/legal/privacypolicy

Unsplash (Unsplash Inc.) - Visual Content Delivery

Role: Independent Data Controller (not a processor acting on our instructions)
Headquarters: Montreal, Canada
Purpose: Images displayed on this Site are loaded from Unsplash's content delivery network. When your browser requests these images, Unsplash receives your IP address and standard request headers.
GDPR Safeguards: Canada is recognised by the European Commission as providing an adequate level of data protection (adequacy decision).
Privacy Policy: unsplash.com/privacy
Note: Unsplash acts as an independent data controller for data collected through their CDN. We do not have a Data Processing Agreement with Unsplash as they process this data under their own privacy policy, not under our instructions.

We engage no other third-party processors. Your data is never sold.


7. International Data Transfers

Your email address is stored by Brevo within the EU and is not subject to international transfer.

Google Cloud Platform's infrastructure may process technical data (IP address, access logs) at edge network locations outside the EEA to reduce latency. All such transfers are protected by:
Standard Contractual Clauses (SCCs) approved by the European Commission
Google's certification under the EU-U.S. Data Privacy Framework (DPF)

No other international transfers occur.


8. Data Retention

Data Retention Period What Happens After
Your email address Up to 12 months from the date of signup, or 30 days after the launch notification email is sent, or until any promotional offer made at the time of signup has been fulfilled — whichever occurs last. Permanently and securely deleted or anonymised. If you wish to remain in contact after launch, a separate opt-in will be offered at that point.
Google Cloud infrastructure logs 30 days (Google Cloud's standard retention) Automatically purged by Google Cloud

You may also request deletion at any time before this period expires - see Section 10.

If VoiceRoam does not launch within 12 months of this policy's effective date, all collected email addresses will be permanently deleted at the 12-month mark regardless of launch status.


9. Your Rights Under GDPR and DPDP Act

If you are in the EEA, UK, or Switzerland, you hold the following rights. To exercise any of them, email us at support@voiceroam.com — we will respond within 30 calendar days, as required under GDPR Article 12(3). We aim to respond sooner where possible.

Right to Lodge a Complaint - You have the right to lodge a complaint with your national data protection supervisory authority at any time. Examples include:

For users located within the territory of India, in accordance with the Digital Personal Data Protection (DPDP) Act, 2023, if you have any questions, concerns, or complaints regarding the processing of your personal data, you can contact our designated Grievance Officer directly at support@voiceroam.com. We will acknowledge your grievance within 24 to 72 hours and aim to fully resolve your concern within 30 days.

We encourage you to contact us first so we can resolve any concern directly.


10. Age Requirement

This Site and all VoiceRoam services are intended exclusively for individuals who are 18 years of age or older. By submitting your email address, you confirm that you meet this age requirement.

We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data has been collected from a minor, we will delete it immediately and without notice. If you believe a minor has submitted their information, please contact us at support@voiceroam.com.


11. Cookies and Tracking

This Site uses no cookies of any kind - not functional, analytical, or marketing. We use no third-party analytics tools (such as Google Analytics), no tracking pixels, and no social media scripts.

The only incidental technical data collected is that described in Section 3(B), processed by Google Cloud Platform's hosting infrastructure for hosting, backend infrastructure, and security purposes.


12. No Sale of Personal Data

We will never sell, rent, licence, or commercially trade your personal data to any third party for marketing, advertising, profiling, or any other commercial purpose. This commitment is absolute and applies to all data collected through this Site.


13. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

No system is completely immune to risk. In the event of a personal data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay, as required under GDPR Article 34.


14. Automated Decision-Making and Profiling

We do not use your personal data for any automated decision-making, profiling, or algorithmic processing as described under GDPR Article 22.


15. Changes to This Policy

We may update this Privacy Policy periodically. The "Last Updated" date at the top of this document will always reflect the most recent revision. If changes are material to how we process your data, we will notify affected waitlist members by email before the changes take effect. We encourage you to review this page periodically.


16. Contact Us

VoiceRoam
Privacy enquiries: support@voiceroam.com

We are committed to addressing all privacy-related requests and concerns within the 30-day period required by GDPR.