Voxcierge®
Home

TRUST & SECURITY

Built for businesses that
can't afford to get it wrong.

Voxcierge handles customer calls on behalf of UK businesses in regulated sectors. This page explains exactly how we protect your data, your customers, and your compliance obligations.

UK-Hosted Infrastructure
GDPR-Ready Workflows
FCA Compliance Mode
PCI-Scoped Payments
Immutable Audit Trails
Ofcom Compliant Outbound

On this page

Infrastructure & HostingData & PrivacyGDPR & UK LawFCA & Regulated SectorsPayment SecurityCall RecordingsSubprocessorsContact

Infrastructure & Hosting

UK data centres— all customer call data, transcripts, and CRM sync records are processed and stored in UK infrastructure.
Railway cloud hosting— production infrastructure runs on Railway with UK-region deployment.
Encrypted in transit— all data transmitted over TLS 1.2 or higher.
Encrypted at rest— database storage encrypted at rest.
No data sold or shared for advertising— ever.
Customer call recordings, transcripts, and contact data never leave UK/EEA-aligned environments without your knowledge. Our Data Processing Agreement (DPA) is available on all plans.

Data & Privacy

Privacy Policy— plain-English document covering all data collected, why, and for how long.
Data Processing Agreement (DPA)— available to all customers. Covers controller/processor responsibilities, subprocessor list, and SCCs for international transfers.
Data retention controls— call recordings, transcripts, and contact data can be configured for automatic deletion per your retention policy.
Right to erasure— contact data and call records can be deleted on request within 30 days.
No third-party advertising trackers— Voxcierge.ai uses Plausible Analytics (cookieless, no personal data).

To request a DPA, raise a data subject access request, or report a concern, contact [email protected].

GDPR & UK Data Protection

Voxcierge operates under UK GDPR and the Data Protection Act 2018. Voxcierge AI Ltd acts as a data processor on behalf of our customers, who are the data controllers for their end-customer data.

UK GDPR compliant workflows— consent capture, call recording notices, and data handling built into the platform.
Lawful basis documentation— the platform supports legitimate interests, consent, and contract performance as lawful bases for processing.
Data subject request handling— customer admin tools for responding to access, rectification, and erasure requests.
Breach notification workflow— real-time alerts and documented incident response process.
Standard Contractual Clauses— in place for all subprocessors based outside the UK/EEA.
ICO registration— Voxcierge AI Ltd is registered with the ICO as a data controller and processor.
Our DPA is pre-signed and available immediately. No legal negotiation required for standard plans. Enterprise customers may request a customised DPA via [email protected].

FCA & Regulated Sector Compliance

Voxcierge includes a dedicated FCA Compliance Mode designed for debt collection agencies, financial services firms, and other FCA-regulated businesses using AI call handling.

Vulnerability detection— Georgia identifies signals of financial difficulty, distress, or vulnerability in real time and escalates to a human agent.
FCA-compliant call scripts— persona system prompts include required disclosures, appropriate language, and escalation triggers.
Immutable call recordings— tamper-evident recordings stored for FCA-required retention periods.
Full audit trail— every call, disposition, transfer, and outcome logged with timestamps and agent IDs.
Consent capture— call recording notices and consent flows built into IVR and Georgia workflows.
Ofcom outbound compliance— zero abandoned call rate maintained on outbound campaigns. Compliant with the Ofcom persistent misuse standard.
FCA Compliance Mode is available on Business and Professional plans. Contact [email protected] to discuss your specific regulatory requirements.
Voxcierge provides tools designed to support FCA and Ofcom-aligned workflows. Customers remain responsible for campaign governance, call scripts, consent management, list quality, TPS/CTPS screening, and compliance with all applicable regulatory obligations. Nothing on this page constitutes legal or regulatory advice.

Payment Security

Georgia can capture card payments over the phone using DTMF (keypad entry) without the call agent — human or AI — ever hearing or storing the card number.

PCI-scoped payment capture— card data is entered via keypad and processed directly by our PCI-compliant payment gateway. Card numbers never enter the Voxcierge platform.
Audio muting during entry— the call is muted during keypad entry so no card digits appear in the transcript or recording.
Tokenisation— payment tokens returned to your system, not raw card data.
No card data stored by Voxcierge— we are outside the primary PCI DSS scope for cardholder data.

Call Recordings & Transcripts

All calls recorded by default— recordings available in your dashboard immediately after the call.
Transcripts generated automatically— full call transcript with speaker labels, sentiment scores, and key moments.
Configurable retention— set your own retention period. Recordings can be auto-deleted after 30, 90, or 365 days.
Customer consent notice— configurable call opening announcement notifying callers that calls are recorded.
Access controls— recordings accessible only to authorised users in your account.
Export available— download recordings and transcripts in bulk via dashboard or API.

Subprocessors

Voxcierge uses the following third-party subprocessors to deliver the service. All transfers outside the UK/EEA are covered by Standard Contractual Clauses.

SubprocessorPurposeLocation
RailwayCloud hosting and infrastructureUK
CloudflareCDN, DDoS protection, Turnstile bot protectionUS (SCCs)
TwilioTelephony, call routing, SMSUS (SCCs)
DeepgramSpeech-to-text transcription during callsUS (SCCs)
CartesiaText-to-speech (Georgia voice)US (SCCs)
AnthropicAI language model (Georgia and Isaac intelligence)US (SCCs)
PipedriveCRM integration (customer data sync)US/EU (SCCs)
Plausible AnalyticsWebsite analytics (no personal data)EU

To request our full DPA including Standard Contractual Clauses for each subprocessor, email [email protected].

Security contact

Got a question or concern?

For data protection enquiries, DPA requests, vulnerability disclosures, or compliance questions, contact our team directly.

Registered details

Voxcierge AI Ltd

First Floor Swan Building
20 Swan Street
Manchester, England
M4 5JW
United Kingdom

ICO registrationZC088452
Data hostingUnited Kingdom

Last reviewed: 27 May 2026 · Privacy Policy · Data Processing Agreement · Terms of Service