AVOX LABS PRIVACY POLICY

Last Updated: January 19, 2026

1. INTRODUCTION

Welcome to Avox Labs (“Company,” “we,” “us,” or “our”). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information.

This Privacy Policy explains how we collect, use, share, and protect information when you use our websites, mobile applications, software products, and services (collectively, the “Services”).

By using our Services, you agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, please do not use our Services.

1.1 Who We Are

Avox Labs

Email: avoxlabs@gmail.com
Phone: +254 113 405 742
Locations: Nairobi, Kenya and Dover, Delaware, USA
Website: https://avoxlabs.com

1.2 Scope

This Privacy Policy applies to all our Services and covers:

Personal information we collect
How we use your information
How we share your information
Your privacy rights and choices
Security measures we implement
International data transfers
Compliance with privacy laws

1.3 Updates to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the “Last Updated” date
Notify you via email or through our Services
Obtain your consent where required by law

Your continued use of our Services after changes constitutes acceptance of the updated policy.

2. INFORMATION WE COLLECT

We collect information you provide directly, information collected automatically, and information from third-party sources.

2.1 Information You Provide Directly

Account Information

When you create an account, we collect:

Name and username
Email address
Phone number (optional)
Password (encrypted)
Company or organization name
Job title or role
Profile picture
Billing and payment information

Payment Information

When you make purchases:

Credit/debit card information (processed by payment processors)
Billing address
Transaction history
Tax identification numbers (if applicable)

We use third-party payment processors (including Paystack) and do not directly store your complete payment card information.

User Content

Content you create, upload, or transmit through our Services:

Text, documents, and files
Images, videos, and audio
Code and software projects
Comments, feedback, and communications
AI prompts and inputs
Collaborative work products

Communications

When you contact us:

Support requests and correspondence
Survey responses and feedback
Newsletter subscriptions
Marketing preferences

Professional Information

For business accounts:

Company details and tax information
Team member information
Project and workflow data
Integration preferences

2.2 Information Collected Automatically

Usage Information

Pages visited and features used
Time spent on Services
Click patterns and navigation paths
Search queries and AI interactions
Error logs and diagnostic information
Performance metrics

Device Information

Device type and model
Operating system and version
Browser type and version
Screen resolution
Device identifiers (IMEI, MAC address)
IP address
Mobile network information

Location Information

IP-based location (country, city)
GPS location (if you grant permission)
Time zone

Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar technologies to:

Authenticate users and prevent fraud
Remember preferences and settings
Analyze usage and improve Services
Deliver personalized content
Measure advertising effectiveness

Types of cookies we use:

Essential cookies: Required for Services to function
Functional cookies: Remember your preferences
Analytics cookies: Help us understand usage patterns
Advertising cookies: Deliver relevant advertisements

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

2.3 Information from Third-Party Sources

Social Media and Authentication

If you connect through third-party services (Google, Facebook, LinkedIn):

Profile information (name, email, photo)
Friend lists or connections (if you authorize)
Account details from the provider

Business Partners and Integrations

CRM data from integrated services
Payment verification from payment processors
Analytics data from third-party tools
Marketing data from advertising platforms

Public Sources

Publicly available business information
Professional profiles and credentials
Public social media posts (for business accounts)

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

3.1 Providing and Improving Services

Create and manage your account
Process transactions and send receipts
Provide customer support
Deliver requested features and functionality
Personalize your experience
Develop new products and features
Conduct research and analytics
Test and optimize Services
Ensure Service quality and performance

3.2 Communication

Send transactional emails (account confirmations, receipts, notifications)
Provide customer support responses
Send service updates and announcements
Request feedback and surveys
Send marketing communications (with your consent)
Notify you of changes to Services or policies

You can opt out of marketing communications at any time by clicking “unsubscribe” or contacting us.

3.3 Security and Fraud Prevention

Verify identity and authenticate users
Detect and prevent fraud and abuse
Monitor for security threats
Enforce our Terms of Service
Protect our legal rights and property
Comply with legal obligations

3.4 AI and Machine Learning

Train and improve AI models
Generate personalized recommendations
Automate workflows and processes
Analyze patterns and trends
Provide AI-powered features

Important: We implement privacy-preserving techniques when using data for AI training. Personal identifiers are removed or anonymized where possible.

3.5 Analytics and Advertising

Understand how Services are used
Measure advertising effectiveness
Deliver targeted advertisements
Create aggregated statistics
Conduct market research

3.6 Legal and Compliance

Comply with legal obligations
Respond to legal requests and court orders
Enforce our agreements and policies
Protect rights, property, and safety
Resolve disputes

4. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on:

4.1 Contractual Necessity

Processing necessary to perform our contract with you, including:

Providing Services you’ve subscribed to
Processing payments
Managing your account

4.2 Legitimate Interests

Processing necessary for our legitimate interests, such as:

Improving and developing Services
Ensuring security and preventing fraud
Marketing our Services
Managing business operations

We balance our interests against your rights and do not use your data in ways you would not reasonably expect.

4.3 Legal Obligations

Processing required to comply with legal obligations, such as:

Tax and accounting requirements
Responding to legal requests
Regulatory compliance

4.4 Consent

Where required by law, we obtain your explicit consent for:

Marketing communications
Non-essential cookies
Processing sensitive personal data
Certain data sharing practices

You can withdraw consent at any time without affecting the lawfulness of prior processing.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your personal information. We share information only as described below:

5.1 With Your Consent

We share information when you direct us to or consent to sharing.

5.2 Service Providers

We share information with third-party vendors who provide services on our behalf:

Cloud hosting: AWS, Google Cloud, Vercel, Supabase
Payment processing: Paystack, Stripe
Analytics: Google Analytics, Mixpanel
Customer support: Zendesk, Intercom
Email services: SendGrid, Mailchimp
Marketing tools: HubSpot, social media platforms
Content delivery: CDN providers

These providers are contractually obligated to protect your information and use it only for specified purposes.

5.3 Business Transfers

If we are involved in a merger, acquisition, sale, or bankruptcy:

Your information may be transferred to the successor entity
We will notify you before your information is transferred
The new entity will be bound by this Privacy Policy

5.4 Legal Requirements

We disclose information when required by law or to:

Comply with legal processes and government requests
Enforce our Terms of Service
Protect our rights, property, or safety
Protect the rights and safety of users and the public
Detect and prevent fraud or security issues

5.5 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you:

Industry reports and benchmarks
Usage statistics
Research purposes
Public disclosures

5.6 Business Partners

With your consent, we may share information with:

Partners offering co-branded services
Integration partners (when you connect third-party services)
Marketing partners (for joint marketing activities)

5.7 Within Corporate Group

We may share information with:

Parent companies, subsidiaries, and affiliates
For internal operations and consolidated services
Subject to this Privacy Policy

6. DATA RETENTION

6.1 Retention Periods

We retain your information for as long as necessary to:

Provide our Services
Maintain your account
Comply with legal obligations
Resolve disputes
Enforce our agreements

Typical retention periods:

Account data: Retained while your account is active
Transaction records: Retained for 7 years for accounting and tax purposes
Support communications: Retained for 3 years
Analytics data: Aggregated and retained indefinitely
Marketing data: Retained until you opt out
Legal holds: Retained as required by law

6.2 Account Deletion

When you delete your account:

We delete or anonymize your personal information within 90 days
Some information may be retained in backups for up to 180 days
We may retain information required for legal compliance
Aggregated, anonymized data may be retained indefinitely

6.3 Inactive Accounts

Inactive accounts may be:

Suspended after 12 months of inactivity
Deleted after 24 months of inactivity
We will send reminders before deletion

7. YOUR PRIVACY RIGHTS AND CHOICES

Your rights vary depending on your location. We honor all applicable rights under GDPR, CCPA, Kenya Data Protection Act, and other laws.

7.1 General Rights

Access

Request a copy of your personal information
Understand how we use your data

Correction

Update or correct inaccurate information
Complete incomplete information

Deletion (Right to be Forgotten)

Request deletion of your personal information
Subject to legal retention requirements

Portability

Receive your data in a structured, commonly used format
Transfer your data to another service provider

Objection

Object to certain processing of your data
Opt out of marketing communications
Opt out of automated decision-making

Restriction

Restrict processing of your data under certain circumstances
Temporarily limit how we use your information

Withdrawal of Consent

Withdraw consent at any time (where processing is based on consent)
Does not affect lawfulness of prior processing

7.2 GDPR Rights (EEA, UK, Switzerland)

If you are in the EEA, UK, or Switzerland, you have additional rights:

Right to lodge a complaint with your supervisory authority
Right not to be subject to automated decision-making
Right to specific information about data processing

EU Representative (if required): [To be appointed if significant EU users]

7.3 CCPA Rights (California Residents)

California residents have the right to:

Know: What personal information we collect, use, and share
Delete: Request deletion of personal information
Opt-out: Opt out of the sale of personal information (we do not sell data)
Non-discrimination: Not receive discriminatory treatment for exercising rights

Categories of personal information we collect:

Identifiers (name, email, IP address)
Commercial information (purchase history)
Internet activity (browsing behavior)
Professional information (job title, company)
Inferences (preferences, behavior patterns)

Business purposes for collection:

Providing and improving Services
Customer support
Marketing and analytics
Security and fraud prevention

California “Do Not Sell” Notice: We do not sell personal information as defined by CCPA.

7.4 Kenya Data Protection Act Rights

Kenyan residents have the right to:

Access personal data held about you
Correct inaccurate or misleading data
Delete personal data in certain circumstances
Object to processing
Restrict processing
Data portability
Lodge a complaint with the Office of the Data Protection Commissioner

7.5 How to Exercise Your Rights

To exercise any of these rights:

Email us: avoxlabs@gmail.com
Use account settings: Access, update, or delete information through your account
Contact our Data Protection Officer: (if appointed)

We will respond to requests:

Within 30 days (or as required by law)
We may require verification of your identity
We may charge a reasonable fee for excessive or repetitive requests
We will explain if we cannot fulfill a request

7.6 Cookie Choices

You can control cookies through:

Browser settings (block, delete, or receive alerts)
Privacy browser extensions
Cookie preference center (on our website)
Opt-out tools like Google Analytics Opt-out Browser Add-on

7.7 Marketing Communications

Opt out of marketing emails:

Click “unsubscribe” in any marketing email
Update preferences in your account settings
Contact us at avoxlabs@gmail.com

Note: You cannot opt out of transactional or service-related communications.

7.8 Mobile Permissions

Control mobile app permissions:

Through device settings
Grant or revoke permissions for location, camera, notifications, etc.

8. DATA SECURITY

8.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

Technical Measures:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Secure authentication (password hashing, 2FA)
Regular security testing and audits
Intrusion detection and prevention systems
Secure development practices
Automated vulnerability scanning

Organizational Measures:

Access controls and least privilege principles
Employee training on data protection
Confidentiality agreements with staff
Incident response procedures
Regular security assessments
Third-party security audits

8.2 Security Standards

We follow industry-standard security practices:

OWASP Top 10 security guidelines
ISO 27001 principles
SOC 2 Type II considerations (for enterprise clients)
Payment Card Industry Data Security Standard (PCI DSS) compliance through payment processors

8.3 Your Responsibilities

You are responsible for:

Maintaining confidentiality of your account credentials
Using strong, unique passwords
Enabling two-factor authentication
Keeping your contact information current
Reporting suspected security breaches immediately

8.4 Limitations

No system is 100% secure. While we implement strong security measures, we cannot guarantee absolute security. You use our Services at your own risk.

8.5 Security Incidents

In the event of a data breach:

We will investigate and assess the incident
We will notify affected users as required by law
We will notify relevant authorities within required timeframes (72 hours for GDPR)
We will take steps to mitigate harm and prevent recurrence

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Transfers

Avox Labs operates in multiple countries (Kenya and USA). Your information may be transferred to and processed in:

Kenya
United States
Other countries where our service providers operate

These countries may have different data protection laws than your country.

9.2 Transfer Mechanisms

We ensure appropriate safeguards for international transfers:

For EEA/UK to US transfers:

Standard Contractual Clauses (SCCs) approved by the European Commission
Additional security measures where needed

For Kenya to other countries:

Compliance with Kenya Data Protection Act transfer requirements
Adequacy determinations or appropriate safeguards

For US to other countries:

Appropriate contractual protections
Security and privacy commitments

9.3 Data Processing Locations

Your data may be processed in:

Primary locations: Kenya, United States
Cloud infrastructure: AWS (multiple regions), Google Cloud, Vercel
Service provider locations: As disclosed in Section 5.2

10. CHILDREN’S PRIVACY

10.1 Age Restrictions

Our Services are not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.

10.2 Parental Notice

If you believe we have collected information from a child under the applicable age:

Contact us immediately at avoxlabs@gmail.com
We will delete the information promptly
We may require parental consent to continue service

10.3 Teens (13-18)

For users between 13-18 (or 16-18 in EEA):

We recommend parental guidance and supervision
Parents can request access to or deletion of their teen’s information
Teens have the same rights as adults under applicable laws

10.4 Educational Services

If we provide Services to educational institutions:

We comply with FERPA (Family Educational Rights and Privacy Act)
We comply with COPPA (Children’s Online Privacy Protection Act)
Student data is used only for educational purposes
Schools are responsible for obtaining parental consent where required

11. SPECIFIC PRIVACY INFORMATION

11.1 AI and Machine Learning

How AI uses your data:

Training data: We may use aggregated, anonymized data to train AI models
Prompts and inputs: AI prompts may be logged for improvement purposes
Generated content: AI-generated content is treated as User Content
Model improvements: Usage patterns help improve AI accuracy

Privacy protections for AI:

Personal identifiers removed before AI training
Sensitive data excluded from training sets
User inputs processed with privacy-preserving techniques
Option to opt out of AI training (in account settings)

AI model providers:

We may use third-party AI services (OpenAI, Google, Anthropic) subject to their privacy policies.

11.2 User-Generated Content

Public content:

Content you mark as public may be visible to other users
Public content may be indexed by search engines
You control visibility settings for your content

Private content:

Private content is only accessible to you and authorized users
We may access private content for: support requests, legal compliance, security purposes
We do not use private content for marketing without consent

Collaboration features:

Content shared in team workspaces is visible to team members
You control who has access to shared content
We may process shared content to provide collaboration features

11.3 E-Commerce Data

For e-commerce services:

Order information: Billing, shipping, products purchased
Payment data: Processed by payment processors (Paystack, Stripe)
Merchant data: Sales records, inventory, customer lists
Customer data: Collected by merchants, subject to their privacy policies

Merchant responsibilities:

If you operate an e-commerce store on our platform:

You are the data controller for customer data
You must have your own privacy policy
You must comply with applicable privacy laws
We are the data processor acting on your behalf

11.4 API and Integration Data

When you use APIs or integrations:

API logs: We log API requests for security and debugging
Integration data: Synced data is processed according to this policy
Third-party data: Subject to third-party privacy policies
Developer data: API keys, webhooks, and credentials are securely stored

11.5 Analytics and Cookies

Analytics providers we use:

Google Analytics (with IP anonymization)
Mixpanel
Hotjar (with user consent)

Advertising cookies:

We may use advertising cookies to deliver relevant ads
You can opt out of targeted advertising through browser settings or industry opt-out tools

Cookie consent:

For users in regions requiring cookie consent (EEA, UK):

We obtain consent before setting non-essential cookies
You can manage cookie preferences through our cookie banner

11.6 Marketing and Communications

Email marketing:

We use your email for marketing only with consent
You can unsubscribe at any time
We track email opens and clicks to improve campaigns
We comply with CAN-SPAM, CASL, and other anti-spam laws

SMS and push notifications:

We send SMS or push notifications only with your consent
You can opt out through device or account settings
Emergency notifications may be sent regardless of preferences

Social media:

We may collect information from social media platforms
Social media interactions are subject to platform privacy policies
We do not control third-party privacy practices

12. THIRD-PARTY LINKS AND SERVICES

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to third-party services.

Your responsibilities:

Review privacy policies of third-party services
Understand how third parties collect and use your data
Exercise caution when sharing information with third parties

Our role:

We are not responsible for third-party privacy practices
We do not control third-party content or policies
We do not endorse third-party services by linking to them

13. DO NOT TRACK SIGNALS

Some browsers support “Do Not Track” (DNT) signals. We do not currently respond to DNT signals because there is no industry standard for compliance.

We will update this policy if we implement DNT response mechanisms in the future.

14. YOUR CALIFORNIA PRIVACY RIGHTS (SHINE THE LIGHT)

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes without your consent.

15. NEVADA PRIVACY RIGHTS

Nevada residents may opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law. If you have questions, contact us at avoxlabs@gmail.com.

16. BIOMETRIC DATA

We do not collect biometric data (fingerprints, facial recognition, voice prints) unless:

You explicitly opt in to biometric features
We obtain your informed consent
We comply with applicable biometric privacy laws (BIPA in Illinois, etc.)

If we implement biometric features, we will:

Clearly disclose the purpose and duration of collection
Obtain written consent where required
Implement strong security measures
Provide opt-out mechanisms

17. EMPLOYEE AND JOB APPLICANT PRIVACY

If you are an employee or job applicant:

Information we collect:

Resume, CV, and application materials
Employment history and references
Background check results (with consent)
Performance and compensation data
Time and attendance records

How we use this information:

Recruitment and hiring
Employee management and payroll
Performance evaluation
Legal compliance

Your rights: Employees have rights under applicable employment laws and this Privacy Policy. Contact HR or avoxlabs@gmail.com for information.

18. SENSITIVE PERSONAL INFORMATION

We limit collection of sensitive personal information, which may include:

Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Health data
Biometric data
Sexual orientation

When we collect sensitive data:

We obtain explicit consent where required
We implement additional security measures
We limit access to authorized personnel
We process only for specified, legitimate purposes

Special category data (GDPR): For EEA users, we process special category data only with:

Explicit consent
Legal obligations
Vital interests
Legitimate activities with appropriate safeguards

19. AUTOMATED DECISION-MAKING AND PROFILING

We may use automated decision-making and profiling for:

Fraud detection and prevention
Personalized content recommendations
Pricing optimization
Risk assessment

Your rights:

Under GDPR and other laws, you have the right to:

Not be subject to fully automated decisions with significant effects
Request human review of automated decisions
Express your point of view
Contest automated decisions

Safeguards:

We implement safeguards for automated decisions:

Human oversight for significant decisions
Transparency about automated processing
Ability to appeal automated decisions
Regular testing for bias and accuracy

20. RESEARCH AND DEVELOPMENT

We may use anonymized or aggregated data for:

Developing new features and products
Academic and scientific research
Industry benchmarks and reports
Product improvements

Anonymized data cannot reasonably identify you and is not considered personal information.

21. BUSINESS ANALYTICS

We analyze usage patterns to:

Understand product usage
Identify trends and insights
Improve business operations
Optimize marketing strategies

Analytics are typically based on aggregated, non-personally identifiable data.

22. DATA PROTECTION OFFICER

For significant data processing operations, we may appoint a Data Protection Officer (DPO):

DPO Contact (if appointed):

Email: dpo@avoxlabs.com
The DPO oversees data protection compliance
You can contact the DPO with privacy questions or concerns

23. COMPLAINTS AND DISPUTES

If you have privacy concerns:

23.1 Contact Us First

Email us at avoxlabs@gmail.com. We will investigate and respond within 30 days.

23.2 Supervisory Authorities

You can lodge complaints with:

For EEA/UK users:

Your local data protection authority
List of EU Data Protection Authorities

For Kenya users:

Office of the Data Protection Commissioner (Kenya)
Website: www.odpc.go.ke
Email: dpo@odpc.go.ke

For California users:

California Attorney General’s Office
Website: oag.ca.gov/privacy

24. ACCESSIBILITY

We are committed to making our privacy practices accessible. If you need this Privacy Policy in an alternative format, contact us at avoxlabs@gmail.com.

25. QUESTIONS AND CONTACT

For privacy questions, concerns, or requests:

Avox Labs
Privacy Team
Email: avoxlabs@gmail.com
Phone: +254 113 405 742
Address:

Nairobi, Kenya
Dover, Delaware, USA

Website: https://avoxlabs.com

We will respond to privacy inquiries within 30 days (or as required by applicable law).

26. SUMMARY OF KEY POINTS

This section provides a summary only. Please read the full Privacy Policy for complete details.

What we collect: Account information, usage data, payment information, user content, device information
How we use it: To provide Services, improve products, communicate with you, ensure security, comply with laws
How we share it: With service providers, for legal compliance, with your consent (we do not sell your data)
Your rights: Access, correct, delete, port, object, restrict processing
Security: Industry-standard technical and organizational measures
International transfers: Data may be processed in Kenya, USA, and service provider locations
Retention: As long as necessary for Services and legal compliance
Contact: avoxlabs@gmail.com

By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: January 19, 2026