Privacy policy

Your data, protected

This policy explains how VoiceOver Maker collects, uses, and safeguards your information across our web application, text-to-speech services, and API.

Data Controller: Ondevtra Technologies ( 246, Phase 4, Gurugram, Haryana 122016, India) is the data controller for VoiceOver Maker services. Our payment processing partner, Stripe, processes billing information on our behalf.

Last updated: January 2026

Privacy and security documents illustration

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, name (optional), and password when you create an account
  • Content: Text scripts you input for voice generation, project names, and any metadata associated with your voiceovers
  • Payment Information: Billing address and payment method details processed securely through Stripe (we do not store full payment card numbers)
  • Communication Data: Messages sent through support forms, feedback submissions, or email correspondence
  • Profile Information: Optional profile details you choose to provide

1.2 Information Collected Automatically

  • Usage Data: Credit consumption, number of voice generations, characters processed, feature usage, and interaction patterns
  • Technical Data: IP address, browser type and version, device information, operating system, timezone, and referral source
  • Analytics Data: Page views, session duration, and navigation patterns (collected via privacy-friendly analytics)
  • Performance Data: Generation times, API latency, and service performance metrics

1.3 Information from Third Parties

  • Authentication: If you sign in via OAuth providers (e.g., Google, GitHub), we receive basic profile information
  • Payment Processors: Stripe provides transaction status and subscription information

2. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to provide our services, including account management, voice generation, and billing
  • Legitimate Interests: Service improvement, security monitoring, fraud prevention, and business analytics
  • Consent: Marketing communications (where you have opted in), optional features, and cookies requiring consent
  • Legal Obligation: Compliance with tax, accounting, and regulatory requirements

3. How We Use Your Information

3.1 Service Delivery

  • Generate text-to-speech audio from your input text
  • Store and manage your projects, voiceovers, and usage history
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Send service-related notifications (billing, plan updates, security alerts)

3.2 Service Improvement

  • Analyze usage patterns to enhance voice quality and service features
  • Monitor performance and troubleshoot technical issues
  • Develop new features and improve user experience
  • Conduct research and analytics (on anonymized data where possible)

3.3 Security and Compliance

  • Prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service and Acceptable Use Policy
  • Comply with legal obligations and respond to legal requests
  • Protect the rights, property, and safety of our users and services

3.4 Communication

  • Send transactional emails (receipts, plan confirmations, password resets)
  • Provide customer support and respond to your requests
  • Send marketing communications (only with your explicit consent, opt-out available)

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers who process data on our behalf under strict data processing agreements:

  • Stripe: Payment processing and billing management
  • Supabase: Database hosting, file storage, and authentication services
  • Hosting Providers: Cloud infrastructure for application hosting
  • Analytics Services: Privacy-friendly analytics to understand service usage
  • Email Services: Transactional and support email delivery

4.2 Legal Requirements

We may disclose information if required by law, court order, or government regulation, or to:

  • Comply with legal obligations
  • Respond to valid legal requests (subpoenas, warrants, etc.)
  • Protect our rights, property, or safety, or that of our users
  • Investigate fraud or security issues

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses with service providers
  • Adequacy Decisions: We rely on adequacy decisions where applicable
  • Data Processing Agreements: All international transfers are governed by agreements that protect your data

Enterprise customers may request data residency in specific regions (EU, US, or APAC) through custom agreements.

6. Data Storage and Retention

6.1 Storage

VoiceOver Maker uses encrypted storage and transmits all data over TLS (Transport Layer Security). Our infrastructure includes:

  • Database: Supabase Postgres with encrypted connections and daily backups
  • File Storage: Supabase Storage buckets for audio files, with access controls and signed URLs
  • Backups: Regular automated backups with point-in-time recovery capabilities
  • Security: Service-role keys managed securely, environment secrets in Vercel Environment Variables and Supabase Vault

6.2 Retention

  • Active Accounts: Data is retained while your account is active and for 30 days after account deletion (to allow recovery)
  • Deleted Accounts: After 30 days, personal data is permanently deleted; aggregated, anonymized analytics may be retained
  • Billing Records: Retained for 7 years to comply with tax and accounting requirements
  • Usage Logs: Retained for up to 90 days for security and debugging purposes
  • Support Communications: Retained for 2 years after ticket closure

You may request earlier deletion of your data, subject to legal retention requirements.

7. Your Text Content and Generated Audio

7.1 Ownership

You retain all ownership rights to:

  • Text scripts and input content you provide
  • Generated audio files created using our services
  • Projects and metadata you create

7.2 Our Use

We store and process your content solely to:

  • Deliver voice generation services
  • Provide project history and collaboration features
  • Enable audio playback and download functionality
  • Improve service quality through analysis (on anonymized datasets where possible)

We do not use your content to train general-purpose AI models without your explicit consent.

7.3 Deletion

You can delete your content at any time through the application. Deletion is permanent and cannot be undone. Enterprise customers may enable automatic deletion policies after export.

8. Voice Synthesis Technology

Our text-to-speech service uses third-party voice synthesis providers (including but not limited to Google, OpenAI, and Azure) to generate audio. When you use our service:

  • Your text is sent to these providers to generate audio
  • We do not store your text with third-party providers beyond the time necessary to generate audio
  • Generated audio files are stored in our secure infrastructure
  • We maintain agreements with providers to protect your data

For enhanced performance, we recommend using ChatGPT Atlas, which provides optimized voice processing capabilities.

9. Your Rights (GDPR & Privacy Rights)

Depending on your location, you have the following rights regarding your personal data:

9.1 Right of Access

You can request a copy of all personal data we hold about you, including account information, usage data, and content.

9.2 Right to Rectification

You can update your account information directly in the application or request corrections to inaccurate data.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your account and associated data. Note that some information may be retained for legal compliance.

9.4 Right to Restrict Processing

You can request that we limit how we process your data in certain circumstances.

9.5 Right to Data Portability

You can request a machine-readable copy of your data to transfer to another service.

9.6 Right to Object

You can object to processing based on legitimate interests, including marketing communications.

9.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time.

9.8 Exercising Your Rights

To exercise any of these rights, contact us at hello@voiceovermaker.com. We will respond within 30 days (or as required by applicable law).

EU Residents: You also have the right to lodge a complaint with your local data protection authority.

10. Cookies and Tracking Technologies

10.1 Cookies We Use

  • Essential Cookies: Required for authentication, session management, and core functionality
  • Analytics Cookies: Help us understand usage patterns (configured to minimize privacy impact)
  • Preference Cookies: Remember your settings and preferences

10.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

11. Children's Privacy

VoiceOver Maker is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will delete it immediately. Parents or guardians who believe we may have collected information from a child should contact us immediately.

12. Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption: Data in transit (TLS) and at rest (encrypted storage)
  • Access Controls: Role-based access, service-role keys, and secure authentication
  • Monitoring: Security monitoring, intrusion detection, and incident response procedures
  • Regular Updates: Security patches and system updates
  • Backup & Recovery: Regular backups and disaster recovery plans

Despite these measures, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

13. Data Breach Notification

In the event of a data breach that poses a risk to your personal data, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Report to relevant data protection authorities where required
  • Provide clear information about the breach, affected data, and steps being taken
  • Offer guidance on protective measures you can take

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will:

  • Notify you of significant changes via email or in-app notification
  • Update the "Last updated" date at the top of this page
  • Provide a summary of changes for material updates

Continued use of our services after changes indicates acceptance of the updated policy. If you do not agree, you may close your account.

15. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, contact us:

16. Regional-Specific Information

16.1 European Economic Area (EEA) & United Kingdom

For users in the EEA and UK, this policy is designed to comply with GDPR. Your data protection rights are detailed in Section 9 above.

16.2 California, USA (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected and how it's used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising privacy rights

16.3 Other Jurisdictions

We respect privacy laws in all jurisdictions where we operate and will comply with applicable local requirements.