Privacy Policy | Voice Clone – Instantly Clone Your Voice with AI Technology

Last updated: 2025-08-10

Introduction

This Privacy Policy explains how VoiceClone ("we," "our," or "us") collects, uses, and protects your personal information when you use our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy regulations.

By using our services, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information You Provide

Account Information: Name, email address, username, and password
Profile Information: Optional profile details you choose to share
Payment Information: Billing address and payment method details (processed securely by our payment processor)
Communication Data: Messages you send to us through contact forms or support channels
Content Data: Text, images, and other content you input into our AI services

Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on our service, and interaction patterns
Device Information: IP address, browser type, operating system, device identifiers
Log Data: Server logs, error reports, and system activity
Analytics Data: Aggregated usage statistics and performance metrics

Information from Third Parties

Payment Processors: Transaction status and payment verification data
AI Service Providers: Processing results and usage metrics (no content stored)
Authentication Providers: Basic profile information if you sign in through third-party services

We process your personal data based on the following legal grounds:

Contract Performance:

Account creation and management
Service delivery and customer support
Payment processing and billing
Security and fraud prevention

Legitimate Interests:

Service improvement and analytics
Security monitoring and threat detection
Marketing communications (with opt-out option)
Legal compliance and dispute resolution

Consent:

Optional analytics cookies
Marketing email subscriptions
Non-essential service features

Legal Obligation:

Tax and accounting records
Compliance with applicable laws
Response to legal requests

How We Use Your Information

Core Service Operations

Account Management: Creating and maintaining your user account
Service Delivery: Providing AI generation, content processing, and platform features
Payment Processing: Handling subscriptions, billing, and transaction management
Customer Support: Responding to inquiries and resolving issues
Security: Protecting against fraud, abuse, and unauthorized access

Service Improvement

Analytics: Understanding usage patterns to improve our services
Performance Monitoring: Ensuring service reliability and optimization
Feature Development: Developing new features based on user needs
Quality Assurance: Testing and maintaining service quality

Communications

Service Updates: Important notifications about your account or our services
Marketing: Promotional emails about new features (with opt-out option)
Support: Responses to your inquiries and support requests

Third-Party Services

We work with trusted third-party service providers to deliver our services:

Payment Processing

Provider: Creem (acts as our Merchant of Record, “MoR”)
Data Shared: Billing information, transaction details
Purpose: Secure payment processing and subscription management
Data Location: We do not assert storage locations for Creem‑processed data. Refer to Creem’s Privacy Policy for current information.
Protection: We do not store full payment card numbers. Creem and its payment processing partners handle card data using industry-standard encryption and security measures.
Controller Role: As MoR, Creem independently processes transaction‑related data (e.g., tax, refunds/chargebacks, and receipts) as an independent controller.
Billing Descriptor: Charges may appear on your statement as "CREEM.IO* STORE".
Customer Portal: View orders and manage subscriptions via Creem’s My Orders (Customer Portal).

AI Services

Providers: Third-party AI services supporting VoiceClone and text-to-speech
Data Shared: Voice samples you upload, text input for TTS, and generated audio as needed to provide the service
Purpose: VoiceClone and text-to-speech generation
Data Retention: Limited to providing the service; see provider policies for details
Protection: Secure API connections and data handling agreements

Voice Samples and Synthetic Voice

By using the Services, you consent to our processing of your voice samples, text inputs, and generated audio solely to provide VoiceClone and text-to-speech features. You may stop using the Services at any time and request deletion of related data as described in this Privacy Policy.

Email Services (Optional)

Provider: Resend
Data Shared: Email addresses and message content
Purpose: Transactional and marketing emails
Data Location: United States and other regions
Protection: Secure transmission and storage

Analytics

Provider: Plausible (Self-hosted)
Data Shared: Anonymized usage statistics; no cookies and no personal tracking
Purpose: Understanding service usage and performance
Data Location: Our controlled infrastructure
Protection: Privacy-focused analytics designed without personal data collection

Behavior Analytics (Session Replay)

Provider: Microsoft Clarity
Data Shared: Page views, clicks, scrolls, device/browser data, and session replay events. We configure masking to prevent capture of sensitive fields and can add custom masking of elements.
Purpose: UX analysis via heatmaps and session recordings to improve usability
Data Retention: Session recordings kept up to 30 days; heatmaps and favorited/labeled sessions retained up to 13 months (per Clarity settings)
Protection: Data masking options (Relaxed/Balanced/Strict) and selective element masking to avoid PII capture

Web Analytics (Google Analytics 4)

Provider: Google Analytics
Consent: For users in the EEA, we implement Google Consent Mode v2 so Google tags adapt to your consent choices; non‑essential tags only load after consent is granted.
IP Addresses: GA4 does not log or store IP addresses.
Data Retention: User‑level retention options of 2 or 14 months (admin‑configurable).
Purpose: Aggregate traffic measurement and product analytics

Search & Webmaster Tools

Provider: Google Search Console
Data Shared: Site ownership/verification data, sitemaps, and aggregated search performance metrics. For privacy, low‑volume or sensitive queries may be omitted from reports.
Purpose: Index coverage monitoring, crawl diagnostics, search performance reporting
Protection: Access‑controlled via Google account permissions
Provider: Bing Webmaster Tools
Data Shared: Site verification artifacts, sitemaps, and aggregated search performance/diagnostics
Purpose: Indexing insights, keyword performance, and crawl diagnostics for Bing
Protection: Access‑controlled via Microsoft account permissions

Infrastructure

Hosting: Vercel — hosting and delivery of our web application. Compliance measures include SOC 2 Type 2 audits and other controls described in Vercel’s security documentation and Data Processing Agreement.
Object Storage: Cloudflare R2 — storage of files needed to deliver the Service (for example, assets or generated content). Data is encrypted in transit and at rest by default. Where appropriate, Cloudflare’s Data Localization features (Regional Services and Customer Metadata Boundary) may be used to keep specified data/metadata within selected regions.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: While your account is active plus 3 years after closure
Payment Records: 7 years after transaction completion (legal requirement)
AI Content: Deleted within 30 days unless explicitly saved by you
Support Communications: 2 years after resolution
Analytics Data: Aggregated data retained indefinitely (anonymized)
Log Files: 90 days for security and troubleshooting purposes
Marketing Data: Until you unsubscribe or withdraw consent

International Data Transfers

As a global service, we may transfer your personal data to countries outside your residence, including:

United States: For core infrastructure, hosting, and some AI processing
European Union/EEA: Regional processing where configured or required by law
Payments (Creem): Transactions are handled by our Merchant of Record, Creem. For Creem’s service locations and processors, see Creem’s Privacy Policy. Where required, transfers rely on safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.
Other Regions: Depending on your location and the services you use, processing may occur in additional jurisdictions in compliance with applicable law

We ensure appropriate safeguards for international transfers through:

Adequacy Decisions: Transfers to countries with adequate protection
Standard Contractual Clauses: EU-approved contract terms
Certification Programs: Providers with recognized privacy certifications
Binding Corporate Rules: For transfers within corporate groups

Your Rights and Choices

Data Subject Rights (GDPR/CCPA)

You have the following rights regarding your personal data:

Right to Access: Request a copy of the personal data we hold about you Right to Rectification: Request correction of inaccurate personal data Right to Erasure: Request deletion of your personal data Right to Restrict Processing: Request limitation of data processing Right to Data Portability: Request your data in a portable format Right to Object: Object to processing based on legitimate interests Right to Withdraw Consent: Withdraw consent for consent-based processing

How to Exercise Your Rights

Email: support@voice-clone.org — Please send all data access, export, modification, or deletion requests to this address. We will process requests within 30 days unless a shorter period is required by applicable law.
Website: /privacy
Response Time: We will respond to all rights requests within 30 days (GDPR) or 45 days (CCPA)

California Residents (CCPA)

California residents have additional rights:

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of the sale of personal information
Right to Non-Discrimination: Equal service regardless of privacy choices

Note: We do not sell personal information to third parties.

Data Security

We implement comprehensive security measures to protect your personal data:

Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Network Security: Firewalls, intrusion detection, and monitoring
Regular Updates: Security patches and system updates
Secure Development: Security-focused coding practices and reviews

Organizational Safeguards

Staff Training: Regular privacy and security training for employees
Access Limitation: Strict need-to-know access policies
Incident Response: Procedures for handling security incidents
Vendor Management: Security requirements for third-party providers
Regular Audits: Internal and external security assessments

Data Breach Response

In the event of a data breach, we will:

Immediate Response: Contain and assess the breach within 24 hours
Authority Notification: Notify relevant authorities within 72 hours if required
User Notification: Inform affected users without undue delay
Remediation: Take steps to prevent future incidents

Children's Privacy

Our Services are not intended for children. In the United States, we do not knowingly collect personal information from children under 13. In the EEA/UK, if we rely on consent, we do not knowingly collect personal data from children under 16 (or the lower age provided by local law, but never below 13). If you believe a child has provided personal information, please contact support@voice-clone.org and we will delete it promptly.

Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie practices, please see our Cookie Policy.

Essential Cookies

Session management and authentication
Security and fraud prevention
Basic functionality and preferences

Analytics and performance monitoring
Feature enhancement and personalization
Marketing and advertising (if applicable)

EEA/UK Visitors: Optional cookies are disabled by default and will only be set after you provide consent via our cookie banner. You can withdraw consent at any time.

You can manage cookie preferences through your browser settings or our cookie consent banner.

Marketing Communications

Email Marketing

Opt-In: We only send marketing emails with your explicit consent
Opt-Out: Unsubscribe links in all marketing emails
Frequency: Reasonable frequency with option to adjust preferences
Content: Relevant updates about our services and features

Communication Preferences

You can manage your communication preferences:

Account Settings: Update preferences in your user account
Unsubscribe Links: Use links in emails to opt-out
Contact Us: Email support@voice-clone.org for assistance

Subscriptions & Cancellations

You can cancel an active subscription at any time. Cancellation takes effect immediately and you will no longer be charged. To manage subscriptions, update your payment method, or view invoices, use Creem’s Customer Portal (“My Orders”).

Refunds and chargeback handling are managed by our Merchant of Record (Creem). If you believe you were charged in error or need a refund, submit a request via the Customer Portal and/or contact support as directed there.

Automated Decision Making

We may use automated systems for:

Fraud Detection: Automated analysis of payment and usage patterns
Content Moderation: AI-powered content filtering and safety checks
Service Optimization: Automated performance and reliability improvements

You have the right to:

Request Human Review: Ask for human intervention in automated decisions
Explanation: Understand the logic behind automated decisions
Challenge: Contest automated decisions that significantly affect you

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

Notification: We will notify you via email or prominent notice on our website
Effective Date: Changes take effect 30 days after notification
Continued Use: Your continued use constitutes acceptance of the updated policy
Version History: Previous versions available upon request

Contact Information

Data Controller

Email: support@voice-clone.org
EU Representative (GDPR Art. 27): Not appointed at this time; this section will be updated if/when appointed.

Privacy Contact

Email: support@voice-clone.org
Website: /privacy
Response Time: Within 5 business days for general inquiries

Regulatory Complaints

If you believe we have not addressed your privacy concerns adequately, you may file a complaint with:

EU/EEA: Your local data protection authority
UK: Information Commissioner's Office (ICO)
California: California Attorney General's Office
Other Regions: Relevant privacy regulatory authority

Definitions

Personal Data: Any information relating to an identified or identifiable natural person. Processing: Any operation performed on personal data, including collection, use, storage, and deletion. Data Controller: The entity that determines the purposes and means of processing personal data. Data Processor: The entity that processes personal data on behalf of the data controller. Consent: Freely given, specific, informed, and unambiguous indication of agreement to data processing.

Contact Us

If you have any questions about this Privacy Policy, please email support@voice-clone.org.