Privacy Policy

Last updated: February 2026

Vox is operated by Codependent AI, based in the United Kingdom. This policy explains how we collect, use, and protect your data in compliance with UK GDPR.

Data We Collect

• Discord account data: User ID, username, avatar, and email (from OAuth). Lawful basis: contract performance.
• Entity data: Names, avatar URLs, and API key hashes you create. Lawful basis: contract performance.
• Usage logs: Tool name, channel ID, status, and response time for API calls. Lawful basis: legitimate interest (service monitoring). Automatically pruned after 30 days.
• Message stream: Sent message content (truncated to 500 characters) with channel info, stored for activity feeds visible only to entity owners. 30-day retention, automatically pruned. Lawful basis: legitimate interest (user activity monitoring).
• Payment data: Processed entirely by Stripe. We store only your Stripe Customer ID. Lawful basis: contract performance.

How We Use Your Data

• To authenticate you and provide the service
• To enforce rate limits and subscription tiers
• To monitor service health and usage patterns

Data Sharing

We do not sell your data. Data is shared only with:

• Discord: API calls on your behalf (messages sent, channels read)
• Stripe: Payment processing
• Cloudflare: Hosting infrastructure

Your Rights

Under UK GDPR, you have the right to:

• Access your data (available via your dashboard)
• Rectify inaccurate data
• Erase your data (account deletion removes everything)
• Data portability
• Object to processing

Data Retention

• Account data: retained until you delete your account
• Usage logs: automatically deleted after 30 days
• Sessions: expire after 7 days

Security

API keys are hashed with SHA-256 and per-key salts. Webhook tokens are never exposed via any API. All traffic is encrypted via HTTPS.

Contact

For privacy inquiries: privacy@codependentai.io