Privacy Policy

Voltr AI is the data controller for personal data you provide through voltr-ai.com. Contact: admin@voltr-ai.com.

• Chat transcripts, session ID, browser info, and IP address when you use the diagnostic chat at /chat.
• Diagnosis category, pain-point tags, and product recommendations generated by the AI from the chat.
• Name, email, billing address, and payment method when you purchase a product. Collected and stored by Whop and Stripe, not by us directly.
• Email address and associated metadata when we send you a welcome email through Resend.
• Contact data pushed to our GoHighLevel sub-account when a chat completes, so we can segment SMS campaigns by pain-point.

• Contract: to deliver the product you have purchased and to process your payment.
• Legitimate interest: to improve the product, to analyse conversations in aggregate, and to run basic security and rate-limiting on the API.
• Consent: to send marketing SMS or email to people who have opted in. We do not rely on transferred consent from third parties.
• Legal obligation: to comply with tax, accounting, and financial-services reporting where applicable.

• Vercel (hosting, US and EU).
• Supabase (database, EU).
• Anthropic (AI chat, US).
• Whop (payment processing, US).
• Resend (transactional email, US).
• Cloudflare (DNS and edge network, global).
• GoHighLevel (CRM for post-chat contact sync, US).
• Twilio (SMS delivery, once live, US).

Each third-party handles data under its own agreement with us and its own privacy policy. We pass only the minimum data each one needs to do its job.

Some of our processors operate in the United States. We transfer personal data under the UK International Data Transfer Addendum or Standard Contractual Clauses where required.

Chat transcripts are retained for 24 months from the last activity on the session, then deleted. Purchase records are retained for seven years to meet tax and accounting obligations. Marketing contact data is retained until you unsubscribe or we run a consent refresh, whichever is sooner.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request deletion (subject to our retention obligations above).
• Restrict or object to specific processing.
• Data portability: receive your data in a machine-readable format.
• Withdraw consent at any time for any processing that relies on consent.
• Complain to the Information Commissioner’s Office (ICO) if you believe we have mishandled your data.

Email admin@voltr-ai.com to exercise any of these rights. We respond within thirty days.

We use strictly necessary cookies only (Vercel auth + session storage for the chat). We do not run third-party advertising pixels or cross-site tracking. Analytics, when added, will use privacy-respecting tooling (Plausible or Vercel Analytics) that does not identify individual visitors.

API keys are encrypted at rest in Vercel. Database access is restricted to the service-role key held only by our server. Email sending uses authenticated SPF, DKIM, and DMARC-compatible setup. Webhook receivers verify HMAC signatures before processing.

We may update this policy. Material changes will be emailed to active account holders at least fourteen days before taking effect.