Privacy Policy

Your privacy is our priority

Last updated: May 30, 2025

This Privacy Policy ("Policy") describes in detail how Vertirix ("Company," "we," "us," or "our") collects, uses, discloses, retains, and protects personal data in connection with your access to and use of our website vertirix.com, mobile applications, products, and services (collectively, the "Services"). It also explains your rights and choices regarding your personal data.

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data—collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, erasure, etc.

Controller: Entity that determines the purposes and means of processing (here, the Company).

Processor: Entity that processes data on Controller's behalf.

Data Subject: An individual whose personal data is processed.

Third Party: Any person or entity other than the Data Subject, Controller, Processor, and persons under direct authority of Controller/Processor who process personal data.

Special Categories of Personal Data: Sensitive data (health, biometrics, racial or ethnic origin, religious beliefs, etc.) requiring heightened safeguards.

Automated Decision-Making/Profiling: Any decision generated solely by automated means, including profiling techniques, with legal or similarly significant effects.

2. Scope & Applicability

This Policy applies to all personal data we collect, whether online or offline, and regardless of format. It encompasses visitors, customers, partners, job applicants, and any other individuals whose data we process.

3. Data Controllers & Representatives

Controller:

Vertirix
Dubai Silicon Oasis, UAE
Email: privacy@vertirix.com

Data Protection Officer (DPO) (EU/UK GDPR):

Name: Vertirix DPO
Email: dpo@vertirix.com

EU Representative:

Warsaw Office, Poland
Email: rep_eu@vertirix.com

4. Categories of Personal Data Collected

Identity & Contact Data

Full name, title, alias, mailing address, telephone number, email address.

Account & Authentication Data

Username, password hashes, security questions/answers, multi-factor authentication data.

Technical & Usage Data

IP address, device identifiers, browser type/version, operating system, referrer URL, clickstreams, crash reports.

Transactional & Financial Data

Payment card details (handled by PCI-compliant partners), billing/shipping address, purchase history, invoices.

Marketing & Communications Data

Newsletter subscriptions, marketing preferences, survey responses, interaction logs.

Voice AI & Service Data

Voice recordings (for training and improving our AI models), call logs, conversation transcripts, usage patterns of our voice agent services.

Special Categories (only with explicit opt-in)

Health or medical data, biometric data, government-issued ID numbers.

Social Media & Public Profiles

When you link or log in via social platforms (LinkedIn, Google), we collect profile info (e.g., name, email, profile picture).

Location Data

Approximate or precise geolocation (only if you enable location services).

5. Lawful Bases for Processing

Consent (Art. 6(1)(a) GDPR): e.g., marketing emails, profiling.

Contract Performance (Art. 6(1)(b) GDPR): e.g., processing orders, account management, voice AI services.

Legal Obligation (Art. 6(1)(c) GDPR): e.g., tax, accounting, regulatory compliance.

Legitimate Interests (Art. 6(1)(f) GDPR): e.g., fraud prevention, network security, service improvement—balanced against your rights.

6. Purposes of Processing

PurposeData CategoriesLawful Basis
Account creation, identity verificationIdentity, AccountContractual necessity
Voice AI service deliveryVoice, Technical, UsageContractual necessity
Order processing, payment & deliveryTransactional, ContactContractual necessity
Customer support, service inquiriesContact, UsageContractual necessity
Website analytics, performance optimizationTechnical & UsageLegitimate interests
Marketing, newsletters, promotionsContact, MarketingConsent / Legitimate interests
AI model training and improvementVoice, Usage, TechnicalLegitimate interests
Fraud detection, security monitoringTechnical & UsageLegitimate interests

7. Cookies & Tracking Technologies

We use the following:

Essential Cookies (strictly necessary)

Performance Cookies (anonymous usage stats; e.g., Google Analytics)

Functionality Cookies (preferences: language, region)

Targeting/Advertising Cookies (personalized ads via third parties)

Web Beacons/Pixel Tags for email open-rate tracking

Managing Cookies: You can adjust settings in our Cookie Consent Manager or via your browser (e.g., Chrome, Safari).

Do-Not-Track: Our site does not alter data collection in response to DNT signals, but you may opt out via cookie settings.

8. Third-Party Processors & Data Sharing

We share data with:

  • Cloud & Hosting Providers (e.g., AWS, Microsoft Azure)
  • Payment Processors (Stripe, PayPal)
  • Email Platforms (Mailchimp, SendGrid)
  • Analytics & Advertising Networks (Google Analytics, Meta Ads)
  • Customer Support Tools (Zendesk, Intercom)
  • AI and Voice Processing Partners (OpenAI, Google Cloud AI)
  • Professional Advisors (lawyers, auditors)

All partners are bound by Data Processing Agreements (DPAs) and must implement appropriate security controls.

9. International Data Transfers

If we transfer data outside the EEA/UK, we ensure safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) for intragroup transfers
  • Adequacy decisions where available (e.g., UAE, Japan, Switzerland)

10. Data Retention & Deletion

Data TypeRetention Period
Account & Profile DataUntil account deletion + 5 years
Voice Recordings & AI Training DataUntil service completion + 2 years
Transaction & Billing Records7 years for compliance
Marketing ConsentsUntil you withdraw consent
Analytics Logs (raw)24 months
Support Tickets & Correspondence3 years after case closure

After the retention period, data is securely deleted or anonymized.

11. Data Subject Rights

Under GDPR, CCPA, and other applicable laws, you may:

  • Access: Request copy of your data.
  • Rectify: Correct inaccurate or incomplete data.
  • Erase: Delete data, where no longer needed.
  • Restrict Processing: Temporarily block processing.
  • Object: To processing based on legitimate interests or direct marketing.
  • Portability: Receive data in structured, machine-readable format.
  • Withdraw Consent: For consent-based processing.

To exercise your rights, contact:

Email: privacy@vertirix.com
DPO: dpo@vertirix.com

12. Automated Decision-Making & Profiling

We may use automated tools for:

  • Fraud detection
  • Voice AI optimization
  • Personalization (service recommendations)

Decisions are not based solely on automation with legal or significant effects, except with your explicit opt-in. You may request human review at any time.

13. Security Measures

We adopt a "Defense in Depth" approach:

  • Encryption: TLS 1.2+ in transit; AES-256 at rest.
  • Access Controls: Role-based permissions; multi-factor authentication.
  • Monitoring & Audits: Regular vulnerability scans; third-party penetration tests.
  • Incident Response: Formal plan with notification to regulators and individuals within 72 hours as required.

14. Data Breach Notification

In the event of a confirmed data breach:

  • We will contain and assess the incident.
  • Notify supervisory authorities within 72 hours (GDPR).
  • Inform affected individuals without undue delay if high risk to rights/freedoms.
  • Provide mitigation steps and support.

15. Children's Privacy

Our Services are for users aged 16 and older (or higher if required locally). We do not knowingly collect data from children under the applicable age. If you believe we have collected such data, contact us to request deletion.

16. Links to Other Sites & Embedded Content

Our Services may contain links to third-party sites or embedded content (videos, widgets). This Policy does not apply to those; please review their privacy practices independently.

17. Updates to This Privacy Policy

We may update this Policy for legal, technical, or business reasons. When significant, we will:

  • Post the updated Policy on our site with a new "Last updated" date.
  • Send notices by email or in-app message where feasible.

18. How to Contact Us

General Inquiries & Privacy Requests: privacy@vertirix.com

DPO (EU/UK GDPR): dpo@vertirix.com

Postal Address: Vertirix, Dubai Silicon Oasis, UAE

Phone: +971 50 995 0055

Supervisory Authority Complaints: You may lodge complaints with your local data protection authority.

Thank you for trusting Vertirix with your personal data. We are committed to maintaining its confidentiality, integrity, and availability, and to respecting your privacy rights at every step.