Jan 1, 2025
Jul 10, 2025
1. INTRODUCTION
VoiceAIWrapper ("we," "us," or "our") is a white-label Software-as-a-Service (SaaS) platform operated by New XP Technologies Limited, a Hong Kong-based company, under the Supafunnel brand. We provide voice AI agent management and distribution services that enable automation and AI service agencies to package their voice AI projects under their own brand and domain.
This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our services, including our website, platform, and related services (collectively, the "Services"). We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
By using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.
2. INFORMATION WE COLLECT
2.1 Information You Provide Directly
We collect information that you provide directly to us, including:
Account Registration Information: Name, email address, business name, business domain, phone number, and billing address
Integration Information: API keys for voice AI providers (Vapi, Retell AI, ElevenLabs), Stripe account API keys for billing integration
Customer Account Information: Information about your customers' accounts, including names and email addresses
Communications: Messages, feedback, and other communications you send to us
2.2 Voice Call Data
As a voice AI platform, we handle specific types of voice-related data:
Call Metadata: Call duration, timestamps, phone numbers, call status, and analytics data
Call Transcripts: We store links to call transcripts hosted by your voice AI provider, not the actual transcript content
Call Recordings: We store links to voice recordings hosted by your voice AI provider, not the actual audio files
End-User Information: Personal details collected during voice calls, including names, phone numbers, email addresses, and other information shared during conversations
2.3 Automatically Collected Information
We automatically collect certain information when you use our Services:
Usage Data: Information about how you use our Services, including features accessed, time spent, and user interactions
Device Information: IP address, browser type, device type, operating system, and unique device identifiers
Log Data: Server logs, error logs, and system performance data
Cookies and Tracking Technologies: Session cookies, Google Analytics cookies, and similar tracking technologies
3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
3.1 Service Provision
Provide and maintain our voice AI wrapper services
Connect your voice AI provider accounts and display call data
Enable white-label branding and custom domain functionality
Process billing and payment transactions through integrated Stripe accounts
Manage customer accounts and user access controls
3.2 Platform Operations
Monitor and analyze platform performance and usage
Provide technical support and customer service
Detect, prevent, and address technical issues and security threats
Maintain and improve our Services
3.3 Analytics and Insights
Display call analytics and performance metrics from voice AI providers
Generate usage reports and dashboard analytics
Analyze user behavior to improve platform functionality
3.4 Legal and Compliance
Comply with applicable laws and regulations
Respond to legal requests and prevent fraud
Enforce our terms of service and policies
3.5 E-mail Communications
From time to time, we may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our Services, we may receive a notification when you open an email from us or click on a link therein.
If you would like to stop receiving marketing or promotional related communications via email from us, you may opt out of such communications by clicking "unsubscribe" and replying "STOP".
4. DATA SHARING AND DISCLOSURE
4.1 Third-Party Service Providers
We share information with third-party service providers who perform services on our behalf:
Service Provider | Purpose | Data Shared |
|---|---|---|
Amazon Web Services (AWS) | Cloud infrastructure and hosting | All platform data for processing and storage |
Voice AI Providers (complete list is available within our sub-processors list) | Voice AI services integration | API keys and call configuration data |
Stripe | Payment processing | Billing configuration and pricing information |
Google Analytics | Website analytics | Usage data and website interactions |
Make.com / N8N | Internal automation | Account management data |
GitHub | Code repository | Technical logs and development data |
4.2 Legal Requirements
We may disclose your information if required by law or in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
4.3 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.
4.4 No Sale of Personal Information
We do not sell, rent, or trade your personal information to third parties for their direct marketing purposes.
5. DATA CONTROLLER VS. DATA PROCESSOR
5.1 Our Role as Data Processor
For voice call data and end-user interactions, we act as a data processor. We process this data on behalf of our agency clients (data controllers) by:
Displaying call data from voice AI providers on client dashboards
Providing frontend interfaces for call management
Facilitating billing management through integrated Stripe accounts
5.2 Our Role as Data Controller
For agency client account information and platform usage data, we act as a data controller and make decisions about how this data is processed.
5.3 White-Label Responsibility
When clients use our white-label services, they are responsible for:
Compliance with privacy laws for their end-users
Providing appropriate privacy notices to their customers
Obtaining necessary consents for voice data processing
Configuring voice AI provider settings to handle sensitive data appropriately (inclusive of, but not limited to: healthcare, legal, regulatory data, etc.)
6. DATA SECURITY
6.1 Security Measures
We implement appropriate technical and organizational measures to protect your personal information:
Encryption: Data in transit is encrypted using HTTPS/TLS protocols
Access Controls: Restricted access to personal information limited to authorized personnel
Infrastructure Security: Secure cloud infrastructure hosted on AWS with industry-standard security measures
Monitoring: Continuous monitoring for security threats and unauthorized access attempts
Incident Response: Established procedures for detecting and responding to security incidents
6.2 Voice Data Security
We do not store actual voice recordings or transcripts on our servers. We only maintain links to this data hosted by voice AI providers, reducing security risks associated with sensitive voice data.
6.3 Data Breach Notification
In the event of a data breach, we will notify affected users and relevant authorities in accordance with applicable laws, including GDPR requirements for notification within 72 hours.
7. DATA RETENTION
7.1 Retention Periods
Account Data: Retained for the duration of your account and immediately deleted upon account cancellation
Log Data: Retained for 7 days in CloudWatch logs
Backup Data: Retained for 7 days for disaster recovery purposes
Voice Data Links: Retained according to your voice AI provider's retention policies
7.2 Data Deletion
Upon account cancellation or deletion request, we will delete your personal information within 24 hours. Some information may be retained longer if required by law or for legitimate business purposes.
8. INTERNATIONAL DATA TRANSFERS
Our servers are located in the United States through AWS infrastructure. When you use our Services, your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for international transfers, including:
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequate security measures for data protection
Compliance with applicable data transfer regulations
9. YOUR RIGHTS AND CHOICES
9.1 GDPR Rights (For EU Residents)
If you are located in the European Union, you have the following rights:
Access: Request access to your personal information
Rectification: Request correction of inaccurate personal information
Erasure: Request deletion of your personal information
Portability: Request a copy of your personal information in a portable format
Restriction: Request restriction of processing under certain circumstances
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent where processing is based on consent
9.2 CCPA Rights (For California Residents)
If you are a California resident, you have the following rights:
Know: Request information about the categories and specific pieces of personal information we collect
Delete: Request deletion of your personal information
Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
Non-Discrimination: Not receive discriminatory treatment for exercising your rights
9.3 Exercising Your Rights
To exercise any of these rights, please contact us using the information provided in Section 12. We will respond to your request within the timeframes required by applicable law.
10. COOKIES AND TRACKING TECHNOLOGIES
10.1 Cookies We Use
Session Cookies: Essential for platform functionality and user authentication
Google Analytics Cookies: To understand website usage and improve our Services
Future Marketing Cookies: We may implement Facebook Pixel and other marketing cookies in the future
10.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Services.
11. CHILDREN'S PRIVACY
Our Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
For voice calls involving minors, our agency clients are responsible for ensuring appropriate consents and protections are in place according to applicable laws.
12. CONTACT INFORMATION
Data Protection Officer: SP Parasar
Email: sp@newxp.co
Company: New XP Technologies Limited
Service: VoiceAIWrapper
For privacy-related inquiries, data subject requests, or concerns about this Privacy Policy, please contact us at the above information. We will respond to your inquiry within 30 days.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:
Posting the updated Privacy Policy on our website
Sending an email notification to registered users
Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.
14. GOVERNING LAW
This Privacy Policy shall be governed by and construed in accordance with applicable data protection laws, including GDPR for EU residents and CCPA for California residents. For users outside these jurisdictions, the laws of Hong Kong shall apply.
15. DATA PROCESSING AGREEMENT
For agency clients who use our white-label services, a separate Data Processing Agreement (DPA) is available that outlines the specific terms and conditions for processing personal data on behalf of our clients. This DPA includes Standard Contractual Clauses (SCCs) for international data transfers and additional security and compliance requirements.