VoiceFrontSign in

Privacy Policy

Last updated: 18 April 2026

1. Who We Are

VoiceFront (“we”, “us”, “our”) is an AI voice agent platform operated by SSDev (Pty) Ltd. We provide AI-powered telephone and web voice assistants that answer calls, capture leads, and take messages on behalf of our business customers (“Subscribers”).

For the purposes of the Protection of Personal Information Act, 2013 (“POPIA”), VoiceFront acts as an operator (data processor) on behalf of our Subscribers, who are the responsible parties (data controllers) for the personal information of their callers.

2. Information We Collect

Subscriber information

  • Account details: name, email, phone, business name
  • Billing details: processed by Peach Payments (we do not store card numbers)
  • Usage data: call volumes, feature usage, dashboard interactions

Caller information (processed on behalf of Subscribers)

  • Phone number (from caller ID)
  • Voice recordings and transcripts of conversations with the AI agent
  • Information voluntarily provided during calls: name, email, appointment details
  • AI-generated analysis: call summary, sentiment, lead score

3. How We Use Information

  • To provide and improve the VoiceFront service
  • To process calls and generate AI-powered analysis for Subscribers
  • To send transactional notifications (lead alerts, usage reports)
  • To process billing and prevent fraud
  • To comply with legal obligations

4. Lawful Basis for Processing

Under POPIA, we process personal information based on the following justifications:

  • Legitimate interest — providing the AI voice agent service as contracted by the Subscriber
  • Contract — fulfilling our service agreement with Subscribers
  • Legal obligation — complying with tax and financial regulations

The use of an AI voice agent and the recording of calls is disclosed through this privacy notice and the Subscriber's own privacy / terms surfaces. Callers can request a transfer to a human at any point during a call.

5. Data Sharing and Subprocessors

We share personal information only with third-party service providers (“subprocessors”) necessary to deliver the VoiceFront service. Each subprocessor is bound by data processing agreements.

See our subprocessor list for the complete list including jurisdictions and certifications.

6. Cross-Border Transfers

Some of our subprocessors process data outside South Africa, including in the United States and European Union. Where data is transferred outside South Africa, we ensure adequate protection through Data Processing Agreements that include standard contractual clauses, and our subprocessors maintain EU-US Data Privacy Framework and/or UK Extension certifications where applicable.

7. Data Retention

  • Call recordings and transcripts: retained for 90 days, then automatically deleted
  • Call metadata and AI analysis: retained for the duration of the Subscriber's account
  • Lead records: retained for the duration of the Subscriber's account
  • Account data: retained for 30 days after account closure, then deleted
  • Billing records: retained as required by tax law (typically 5 years)

8. Your Rights Under POPIA

If you are a caller whose information has been processed through VoiceFront, you have the right to:

  • Request access to your personal information
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to the processing of your personal information
  • Lodge a complaint with the Information Regulator

To exercise these rights, contact the business you called directly, or email us at privacy@voicefront.studio.

9. Security & Cross-Border Processing

We implement appropriate technical and organisational measures to protect personal information, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

When you use VoiceFront's voice agent, your call audio and transcripts are processed by the following sub-processors, some of which operate outside South Africa (POPIA cross-border disclosure):

  • Voice pipeline orchestration — Pipecat (open-source framework) hosted on Fly.io's Johannesburg region (in-country).
  • Speech-to-text — Deepgram (United States).
  • Language model — OpenAI (United States).
  • Text-to-speech — ElevenLabs (United States / EU).
  • Telephony — Twilio (United States).
  • Application infrastructure — Vercel (United States, edge).
  • Database & knowledge-base storage — Neon Postgres (US East), with vector embeddings generated by OpenAI.

The full subprocessor list with jurisdictions and data-protection certifications (DPF, SCC) is published on our Subprocessors page.

10. Contact

For privacy-related queries: